Trivially exploitable vulnerabilities in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service have been discovered.

Abbott Laboratories releases software fixes for pacemakers that could allow an attacker to wirelessly access the devices and steal personal data, drain the battery and disrupt normal life-sustaining operations.

Automattic has patched a reflected cross-site scripting vulnerability in the WooCommerce WordPress plugin.

A previously undocumented kill switch for a remote management feature baked into many Intel chips can be switched off.

For a second time this month, a Locky ransomware variant called IKARUSdilapidated is part of a calculated phishing attack targeting office workers with fake scanned image attachments.

Siemens fixed a session hijacking vulnerability in its LOGO! logic module Wednesday but says a second issue, one that could help facilitate a man-in-the-middle attack, has no fix currently.

Researchers warn a retooled ‘Jimmy’ Nukebot no longer steals bankcard data, rather focuses on avoiding detection as it downloads malicious modules.

Drone manufacturer DJI announced Monday it was launching a bug bounty program to reward researchers who find vulnerabilities in its drones.

A list of device IPs and credentials has gone viral since Thursday, kicking off an effort by researchers to notify the owners of these connected devices before they’re hacked.

The news of the week is discussed, including the AWS S3 leaks, Zerodium’s bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities.