More than half of enterprises are exposing themselves to unnecessary risk by running out-of-date versions of Flash.

Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week’s Samba vulnerability, and the OneLogin breach.

More than 1,000 mobile apps are leaking personal information via unsecured backend platforms such as MongoDB, MySQL and others.

A breach at OneLogin appears to have compromised customer data, including the ability to decrypt encrypted data.

Ecommerce sites using the Yopify plugin were leaking customers’ names, locations and purchases.

Mike Mimoso and Chris Brook recap the news of the week, including the EternalRocks worm, the latest on WannaCry, a subtitle hack, and a Twitter flaw.

Phishing sites are deploying freely available TLS certificates in order to dupe victims into thinking they’re visiting a safe site.

The market for automated credential stuffing tools is growing fast, because of a record number of breaches.

Researchers warn two features, not flaws, in Android can be used together to open devices up to attack.

Apple revealed this week that it received at least one National Security Letter from the U.S. government for user data during the last six months of 2016