Microsoft quietly patched a critical vulnerability found by Google’s Project Zero team in the Malware Protection Engine.

Mark Dowd discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers.

Pacemakers and pacemaker programmers lack authentication and are plagued with thousands of software vulnerabilities across leading manufacturers.

Mike Mimoso and Chris Brook recap the news of the week, including the EternalRocks worm, the latest on WannaCry, a subtitle hack, and a Twitter flaw.

Phishing sites are deploying freely available TLS certificates in order to dupe victims into thinking they’re visiting a safe site.

A recently released extension for Chrome, developed by the public key crypto database Keybase, brought end-to-end encrypted messaging to several apps this week.

Rep. Tom Graves has revised a draft of the Active Cyber Defense Certainty Act with new provisions that include mandatory notification and permission to recovery or destroy stolen data on the attacker’s computer.

A linguistics analysis of the 28 ransom notes included with WannaCry indicate that native Chinese and English speakers wrote the original note, Flashpoint said.

The Samba Team has patched a severe bug that leaves computers vulnerable to wormable exploit.

The market for automated credential stuffing tools is growing fast, because of a record number of breaches.