The Tor Project is launching a public bug bounty program to encourage security researchers to responsibly report issues they find in the software.

Phishing sites are deploying freely available TLS certificates in order to dupe victims into thinking they’re visiting a safe site.

Yesterday’s Patch Tuesday release also included an update to Microsoft’s Internet Explorer and Edge browsers officially ending support for the SHA-1 hash function.

Mike Mimoso and Chris Brook discuss the news of the week, including last Friday’s ShadowBrokers dump – how Microsoft learned of the vulnerabilities, how they were patched by Oracle, along with Microsoft ditching passwords, and a new car dongle hack.

Google fixed a vulnerability that could’ve let an attacker carry out phishing attacks with Unicode domains in Chrome but Mozilla is holding off – for now.

University researchers created a browser-based JavaScript that leverages a phone’s smart device sensor data to steal PINs.

Mozilla patched a zero day uncovered at Pwn2Own in Firefox in 22 hours on Friday.

Mike Mimoso and Chris Brook discuss the news of the week including a rash of new IP camera backdoors, James Comey’s talk at Boston College, hacking back vs. active defense, and the DOJ dropping one of its Playpen cases.

The latest version of Firefox expands non-secure HTTP warnings, enables SHA-1 deprecation by default, and removes support for NPAPI.

Prosecutors with the U.S. Department of Justice dropped their case against a suspect who visited the dark web site child pornography site Playpen.