The recently-patched flaw could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft’s April Patch Tuesday release includes fixes for 66 bugs, 24 of which are rated critical.

A malware campaign utilizing bogus “HoeflerText” popup warnings is back in full swing targeting Google Chrome and Firefox browsers with Locky ransomware attacks and the NetSupport Manager RAT.

Researchers warn a retooled ‘Jimmy’ Nukebot no longer steals bankcard data, rather focuses on avoiding detection as it downloads malicious modules.

FireEye said threat actors are using the NSA’s EternalBlue exploit of the same Microsoft SMBv1 vulnerability as WannaCry to spread Nitol and Gh0st RAT.

Researchers claim that APT3, widely believed to be a China-based threat actor, is directly connected to the Chinese Ministry of State Security (MSS).

Microsoft Patch Tuesday fixes 45 vulnerabilities, one being an active zero-day bug used to spread the Dridex banking Trojan.

As part of Patch Tuesday Adobe patched a zero-day vulnerability in Flash Player the company claims is being used in targeted attacks against Internet Explorer users on Windows.

Microsoft released 10 security bulletins on Patch Tuesday that included patches for five zero day vulnerabilities under attack that had not been publicly disclosed until today.

The news of the week is discussed, including Schneier’s DDoS article, a patched IE/Edge zero day, a new OS X malware detection method, and Google’s Project Zero prize.