Patches are available—and should be applied—that address a critical vulnerability in Windows Search that some are calling the next WannaCry. Others aren’t so ready to do that.

LockState’s CEO says he is “deeply sorry” about an erroneous wireless update that bricked hundreds of smart locks.

A phishing site seeking Apple credentials and victim payment card information is encrypted with AES, researchers at Ring 0 Labs said.

Researchers believe attacks against wi-fi systems in hotels across Europe and the Middle East track back to Russian-speaking hackers known as APT28.

A report on the state of SCADA and ICS security points out that critical infrastructure operators are caught between hackers and a lack of vendor and executive support.

A spyware family called SonicSpy was found on three apps available on the Google Play store as well as on more than 1,000 apps available on third-party app stores.

Mike Mimoso and Chris Brook discuss the news of the week including the return of the Mamba ransomware, APT trends, a mystery company’s 250K bug bounty, and a high schooler’s $10K bug bounty from Google.

Ukranian police arrested a suspect alleged to have distributed the NotPetya/ExPetr malware that ultimately infected 400 computers.

One of Tuesday’s Flash Player patches was a do-over after the researcher who privately reported the problem earlier this year discovered the original patch incompletely resolved the issue.

Juniper warned Thursday of a high-risk bug in the GD graphics library used in several versions of its Junos OS.