Google today disclosed the existence of a Windows zero-day vulnerability under attack. The flaw was reported to Microsoft 10 days ago; Microsoft says the disclosure puts users at risk.
Google updated its Transparency Report, reporting a record number of government requests for data, and that it received at least one National Security Letter during the second half of 2015.
Mozilla has proposed banning new SHA-1 certificates from Chinese Certificate Authority WoSign for one year after it accused the CA of back-dating the deprecated certs.
The news of the week is discussed, including Schneier’s DDoS article, a patched IE/Edge zero day, a new OS X malware detection method, and Google’s Project Zero prize.