Researchers urge Windows admins to apply MS17-010 before the next attack using the EternalBlue NSA exploit deploys a worse payload than WannaCry ransomware.

Experts have confirmed there are similarities between code used by the ransomware WannaCry and the Lazarus APT.

Yesterday’s Patch Tuesday release also included an update to Microsoft’s Internet Explorer and Edge browsers officially ending support for the SHA-1 hash function.

Google said Tuesday that its OSS-Fuzz project has unearthed over 1,000 bugs, a quarter of them potential security vulnerabilities.

Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich found a remotely exploitable Windows vulnerability that Ormandy called he worst in recent memory.

The news of the week is discussed, including the Gmail/Google Docs phishing attack, the Intel AMT vulnerability, IBM’s malware-laden USB drives, and drone security.

Google has removed offending accounts involved in a widespread phishing attack today impersonating Google Docs.

Starting with Chrome 62, Google will start marking any HTTP page where users may enter data, and any HTTP page visited in incognito mode

Google asked for MLAT reform, and released its biannual Transparency Report revealing it received a record number of government requests for user data.

Google fixed a vulnerability that could’ve let an attacker carry out phishing attacks with Unicode domains in Chrome but Mozilla is holding off – for now.