The results of two audits of the open source software OpenVPN were shared late last week. One found two legitimate vulnerabilities, the other said the service is cryptographically “solid.”

The news of the week is discussed, including this week’s Microsoft Malware Protection Engine bug, Handbrake OS X malware, the HP keylogger, Trump’s Cybersecurity EO, and more.

Vanilla Forums software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.

Microsoft gets a lukewarm response with its new Microsoft Security Guides that replaced Security Bulletins.

Researchers say an audio driver that comes installed on some HP-manufactured computers can record users keystrokes and store them in a world-readable plaintext file.

ASUS updated the firmware in March of a number of its RT routers to address vulnerabilities found within the device’s native web interface.

Google said a permissions flaw that puts Android users at heightened risk of malware, ransomware and adware attacks will not be fixed until the release of its next mobile OS, Android O.

Cisco released an update that patches a vulnerability in the CMP processing code running in its IOS and IOS XE software in more than 300 of its switches.

Google said Tuesday that its OSS-Fuzz project has unearthed over 1,000 bugs, a quarter of them potential security vulnerabilities.

Adobe fixed eight vulnerabilities, seven critical, in Flash Player and Adobe Experience Manager (AEM) Forms product as part of its regularly scheduled updates Tuesday morning.