Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.

A spam campaign has started spreading Sage ransomware, while a ransomware service known as Satan allows users to customize distribution.

Researchers from the University College London have found a Twitter botnet of 350,000 bots that has been dormant since shortly after the accounts were registered.

Mozilla released its first Internet Health Report, examining the dangers of over-sharing eroding privacy, and the security of connected devices.

A coalition of researchers and cryptographers are urging the Guardian to retract a story it published last week which suggested the encrypted messaging app WhatsApp contained a backdoor.

Insecure Hadoop and CouchDB installations are the latest attack targets of cybercriminals who are hijacking and deleting stolen data.

The U.S. Army released the results of its Hack the Army bug bounty, and said that close to $100,000 was paid out, and 118 unique and actionable vulnerabilities were reported.

Mike Mimoso, Tom Spring, and Chris Brook discuss security-wise what they hope will and won’t change under a Trump presidency, then discuss the news of the week, including SHA-1 deprecation, Carbanak’s return, and the WhatsApp “backdoor” debacle.

Carbanak has moved away from its exclusive focus on financial services, branching out to attacks against hospitality and retail.

Encrypted email service ProtonMail announced early Thursday that it had added its own Tor hidden service.