The flaw opened a hole in IBM’s serverless Cloud Functions platform, potentially exposing confidential customer data.

Cisco fixed two high severity vulnerabilities in two products this week that could have let an attacker trigger a denial of service condition or bypass local authentication.

IBM fixed a cross-site scripting vulnerability in its Worklight and MobileFirst products that could have let an attacker steal sensitive information.

Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attacks to remotely gain control over devices or crash them.

The good news is the cost of a data breach is down double-digits, the bad news the size and scope of breaches is creeping up.

The news of the week is discussed, including the Gmail/Google Docs phishing attack, the Intel AMT vulnerability, IBM’s malware-laden USB drives, and drone security.

USB drives shipped with some IBM’s Storwize storage products are infected with malware, and the tech giant advises customers destroy the devices.

The author behind the banking Trojan NukeBot released source code for the malware earlier this month in an apparent effort to regain the trust of the cybercrime community.

Cisco said an unpatched critical vulnerability exposed by WikiLeaks’ Vault 7 release of CIA documents could give an attacker full control of the targeted switches and routers.

IBM introduced on Wednesday a new Cyber Range attack simulator during the opening of its global security headquarters in Cambridge, Mass.