Open MongoDB databases are being targeted by criminals who are deleting the contents and asking for a ransom.

Google patched a critical hole in its problematic Android Mediaserver component that could have allowed an attacker to use email, web browsing, and MMS processing of media files to remotely execute code.

Confidential documents and data belonging to Box.com users were accessible via search engine queries. Box.com has “fixed” the issue.

Critical remote code execution vulnerabilities in PHPMailer and SwiftMailer, libraries used to send emails via PHP, were patched this week.

Ransomware, insecure connected devices, bug bounties and governments buying bugs: All four ceased to be novelties in 2016; they’re all new normals for cybersecurity.

A new Android Trojan, Switcher, uses victims’ devices to infect WiFi routers and funnel users of the network to malicious sites.

A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack.

A bug bounty hunter earned $5,000 for a Facebook hack that allowed him to bypass security protection and access any Facebook user’s true email address.

Cisco is warning customers of a privilege escalation flaw in Cisco CloudCenter Orchestrator systems that could allow an attacker to gain root privileges on affected systems.

German industrial giant Siemens has provided a firmware update addressing software vulnerabilities that are found in a popular line of its Desigo PX industrial control hardware.