Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties.

Two German researchers are calling into question the security afforded by AMD’s Secure Encrypted Virtualization feature debuting in the chip maker’s upcoming Zen server chips.

Matthew D. Green, PhD, a well-known cryptographer and researcher at Johns Hopkins University, will carry out an audit of OpenVPN.

A D.C. think tank recommends regulations that mandate IoT security by design before attacks infiltrate critical infrastructure, financial and health care organizations.

A local, race condition vulnerability in the af_packet implementation in Linux was patched this week. The bug allows a local attacker to execute code or crash a server.

Locus Energy has patched 100,000 of its residential and commercial power meters that were vulnerable to command injection attacks and code execution.

Researchers have observed an uptick in attacks using the banking malware Floki Bot against U.S., Canadian and Brazilian banks and insurance firms.

The BSD libc library was updated recently to address a buffer overflow vulnerability that could have allowed an attacker to execute arbitrary code.

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.

A hacking group is luring participants to use a DDoS platform where they can compete with peers to earn redeemable points exchangeable for hacking tools and click-fraud software.