An Android app that falsely claimed to be a tool for keeping smartphones up-to-date with the latest version of the OS was found surreptitiously tracking the physical location of it users using spyware called SMSVova.

Microsoft fixed a bug in Skype last month that could have allowed an attacker to execute code on the system it was running on, phish Skype credentials and crash the application.

Mike Mimoso and Chris Brook discuss the news of the week, including last Friday’s ShadowBrokers dump – how Microsoft learned of the vulnerabilities, how they were patched by Oracle, along with Microsoft ditching passwords, and a new car dongle hack.

Google asked for MLAT reform, and released its biannual Transparency Report revealing it received a record number of government requests for user data.

A white hat hacker is believed responsible for the Hajime IoT botnet because its main objective appears to be to secure IoT devices vulnerable to the notorious Mirai malware.

Google fixed a vulnerability that could’ve let an attacker carry out phishing attacks with Unicode domains in Chrome but Mozilla is holding off – for now.

Researchers say more than 100,000 Linksys routers in use today could be vulnerable to 10 flaws found in 20 separate router models made by the company.

Endpoints are still encountering exploits for the LNK vulnerability, one of the principal infection mechanisms used by the Stuxnet worm.

Drupal released a point update for its core engine to patch a critical access bypass vulnerability.

Microsoft announced this week its giving users a new way to sign into their accounts without long and complicated passwords.