VMware fixed two bugs in its VMware Workstation late Thursday night, including an insecure library loading vulnerability and a NULL pointer dereference vulnerability.

Mike Mimoso and Chris Brook discuss WannaCry, Microsoft’s response, the killswitches, a potential link with Lazarus Group, and what the future holds for the ShadowBrokers.

The PATCH Act proposes the formation of a review board that would formalize and make transparent the processes by which the government determines whether it will use or disclose a zero-day vulnerability.

Google announces big changes for Android security including new features, a rebranding of old services and an updated UI, all streamlined under a new service called Google Play Protect.

WordPress fixed six vulnerabilities with version 4.7.5 and announced a bug bounty program with HackerOne this week.

The Senate’s use of the end-to-end encrypted messaging app Signal is a good first step in protecting U.S. democratic institutions, but much more needs to be protected.

Companies such as Siemens and Bayer are planning to release patches for medical devices hit by the ransomware WannaCry over the past several days.

Researchers claim that APT3, widely believed to be a China-based threat actor, is directly connected to the Chinese Ministry of State Security (MSS).

Researchers urge Windows admins to apply MS17-010 before the next attack using the EternalBlue NSA exploit deploys a worse payload than WannaCry ransomware.

DocuSign warns of a breach and subsequent theft of email addresses that are part of a phishing campaign that employs malicious macro-laced Word documents.