Microsoft fixed a bug in Skype last month that could have allowed an attacker to execute code on the system it was running on, phish Skype credentials and crash the application.

Mike Mimoso and Chris Brook discuss the news of the week, including last Friday’s ShadowBrokers dump – how Microsoft learned of the vulnerabilities, how they were patched by Oracle, along with Microsoft ditching passwords, and a new car dongle hack.

A white hat hacker is believed responsible for the Hajime IoT botnet because its main objective appears to be to secure IoT devices vulnerable to the notorious Mirai malware.

Google fixed a vulnerability that could’ve let an attacker carry out phishing attacks with Unicode domains in Chrome but Mozilla is holding off – for now.

Researchers say more than 100,000 Linksys routers in use today could be vulnerable to 10 flaws found in 20 separate router models made by the company.

Endpoints are still encountering exploits for the LNK vulnerability, one of the principal infection mechanisms used by the Stuxnet worm.

Drupal released a point update for its core engine to patch a critical access bypass vulnerability.

Two vulnerabilities were identified in Bosch’s Drivelog Connect OBD-II dongle and smartphone app that allowed researchers to shut off the engine of a vehicle.

Oracle released a record 299 patches, including a fix for a Solaris vulnerability disclosed by the ShadowBrokers, and another for the recently disclosed Apache Struts 2 flaw.

Microsoft eased some anxiety over the latest ShadowBrokers dump of Windows zero days with news most of the vulnerabilities had already been patched.