Mike Mimoso and Tom Spring discuss this week’s security news, including a discussion on recent hijacking of popular Chrome extensions and Adobe’s decision to end-of-life Flash Player.

Cisco patched two high-severity vulnerabilities in its Cisco Application Policy Infrastructure Controller (APIC) that could allow an attacker to elevate privileges on the host machine.

A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities.

IBM researchers have demonstrated a filesystem-level version of the Rowhammer attack against MLC NAND flash memory.

The impending demise of Adobe Flash will create legacy challenges similar to Windows XP as companies begin to wean themselves off the vulnerable code base.

Patches are available—and should be applied—that address a critical vulnerability in Windows Search that some are calling the next WannaCry. Others aren’t so ready to do that.

LockState’s CEO says he is “deeply sorry” about an erroneous wireless update that bricked hundreds of smart locks.

A report on the state of SCADA and ICS security points out that critical infrastructure operators are caught between hackers and a lack of vendor and executive support.

One of Tuesday’s Flash Player patches was a do-over after the researcher who privately reported the problem earlier this year discovered the original patch incompletely resolved the issue.

Juniper warned Thursday of a high-risk bug in the GD graphics library used in several versions of its Junos OS.