LastPass has reportedly fixed one of three bugs in the password manager discovered by Google research Tavis Ormandy in the last week.

A critical vulnerability in Moodle, an open source system deployed across hundreds of thousands of universities, could expose the server to compromise.

A severe vulnerability has been disclosed in libpurple, the library used in the development of a number of popular instant messaging clients, including Adium for the macOS platform.

Mozilla patched a zero day uncovered at Pwn2Own in Firefox in 22 hours on Friday.

Cisco said an unpatched critical vulnerability exposed by WikiLeaks’ Vault 7 release of CIA documents could give an attacker full control of the targeted switches and routers.

Hackers pulled off a VM escape and took down Adobe Flash, Microsoft Windows and Edge, Apple Safari and macOS, and Mozilla Firefox at Pwn2Own 2017.

Researchers at SEC Consult disclosed a command injection vulnerability in Ubiquiti Networks gear for ISPs after a private disclosure to the vendor in November went unresolved.

Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft’s silence around February’s Patch Tuesday, and a nasty SAP bug.

GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console.

Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is secure.