Developers with GitLab fixed a critical vulnerability in the open source repository manager that could have allowed the theft of application files, tokens, or secrets.

Cisco Systems has issued two critical advisories addressing flaws in its 900 Series Routers and its Cisco Prime Home server.

Wix websites are vulnerable to reflective DOM cross-site scripting attack that could give attackers control of user’s websites.

Schneider Electric has recommended a number of mitigations to ward off two critical vulnerabilities in its Magelis HMI products.

Critical vulnerabilities in MySQL and database servers MariaDB and PerconaDB can lead to arbitrary code execution, root privilege escalation, and server compromise.

Vulnerabilities in WeMo home automation devices can be used to attack the Android apps used to manage devices remotely.

Cisco Talos identified the Sundown exploit kit as an up-and-coming contender that may soon rival RIG in terms of size and volume.

Microsoft said Russian APT group Sofacy, which has ties to the country’s military intelligence operations, has been using Windows kernel and Adobe Flash zero day vulnerabilities in targeted attacks.

Google announced Monday that it will distrust certificates issued by WoSign and StartCom when in it ships Chrome 56 in January 2017.

IoT devices are being infected by new DDoS malware called Linux/IRCTelnet that borrows heavily from Aidra, Bashlite and Mirai.