Researchers at SEC Consult disclosed a command injection vulnerability in Ubiquiti Networks gear for ISPs after a private disclosure to the vendor in November went unresolved.

Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft’s silence around February’s Patch Tuesday, and a nasty SAP bug.

GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console.

Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is secure.

Two recent fileless malware campaigns targeting financial institutions, government agencies and other enterprises have been linked to the same attack group.

On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux.

Intel and Microsoft announced bug bounties, paying $30,000 and $15,000 respectively for critical vulnerabilities.

WhatsApp and Telegram patched vulnerabilities in the last week that could have let an attacker take over a user’s account.

The Department of Justice indicted four individuals, including two Russian FSB officers, for their roles in the Yahoo breach.

JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key.