Google announced Monday that it will distrust certificates issued by WoSign and StartCom when in it ships Chrome 56 in January 2017.

Google today disclosed the existence of a Windows zero-day vulnerability under attack. The flaw was reported to Microsoft 10 days ago; Microsoft says the disclosure puts users at risk.

In a move to bolster security for the Chrome browser, Google sets a date for making Certificate Transparency mandatory for website owners.

Google updated its Transparency Report, reporting a record number of government requests for data, and that it received at least one National Security Letter during the second half of 2015.

Open Whisper Systems announced that it has added the disappearing messages feature to the Signal encrypted messaging app.

Mozilla has proposed banning new SHA-1 certificates from Chinese Certificate Authority WoSign for one year after it accused the CA of back-dating the deprecated certs.

Google released CSP Evaluator and CSP Mitigator to aid developers in building better Content Security Policy protections for web applications.

The massive Yahoo breach, this week’s Security of Things Forum, Mamba ransomware, and Google Allo are discussed.

Google released its smart messaging app called Allo, but a decision to log chats indefinitely has privacy advocates worried.

The news of the week is discussed, including Schneier’s DDoS article, a patched IE/Edge zero day, a new OS X malware detection method, and Google’s Project Zero prize.