Netgear has confirmed a critical vulnerability in its Nighthawk routers that expose devices to command injection attacks. A public exploit is available.

German industrial firm ThyssenKrupp said it’s working with authorities to investigate a data breach of unspecified amount of internal data.

Mike Mimoso and Chris Brook discuss the news of the week, including the latest Linux bug, Sony closing backdoors in cameras, and Google’s new open source fuzzer.

Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties.

Two German researchers are calling into question the security afforded by AMD’s Secure Encrypted Virtualization feature debuting in the chip maker’s upcoming Zen server chips.

A local, race condition vulnerability in the af_packet implementation in Linux was patched this week. The bug allows a local attacker to execute code or crash a server.

Locus Energy has patched 100,000 of its residential and commercial power meters that were vulnerable to command injection attacks and code execution.

The BSD libc library was updated recently to address a buffer overflow vulnerability that could have allowed an attacker to execute arbitrary code.

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.

An Adobe Flash Player vulnerability used by the Sofacy APT gang was also found in seven of the top exploit kits, according to an analysis by Recorded Future.