Experts at InfoArmor said the stolen database of 1 billion Yahoo accounts has been sold multiple times for at least $300,000 each time.

A trove of data belonging to Ameriprise Financial was found earlier this month and included Social Security number, decryption keys and confidential internal company documents.

A hacker offered to sell an unpatched system vulnerability in the U.S. Election Assistance Commission website on the Dark Web for “thousands” of dollars.

A remote code execution bug in Ubuntu Desktop was patched; the vulnerability affected all default installations of Quantal version 12.10 and later.

Nagios Core has been updated to take care of two critical vulnerabilities that can be pinned together to attack servers hosting the open source IT infrastructure monitoring software.

The insecurity of WordPress plugins has been well documented, especially over the last year, but in the grand scheme of things, it’s not as bad as it seems, experts claim.

Mike Mimoso and Chris Brook discuss the news of the week including Yahoo’s latest breach announcement, a DDoS-for-hire crackdown, hackers seeking help with Mirai, and some new Adobe patches.

An exploit kit called DNSChanger is attacking routers, not browsers, through a malvertising campaign.

Microsoft followed Google’s lead and said it will soon block Flash Player by default in the Edge browser.

Results of a NTIA survey published today show that researchers prefer open communication with vendors over financial compensation when it comes to vulnerability disclosure.