Yahoo calls a bombshell email surveillance story “misleading” as legal, civil liberties and security experts demand answers.

In Cigital’s seventh annual Building Security in Maturity Model report, cloud, agile software development and IoT factor into maturing secure software movement.

A Linux admin and open source developer has come up with a 48-character attack that crashes Linux servers, but experts argue the security implications of the bug.

Apple said over the weekend it would soon distrust certificates issued by WoSign’s Free SSL Certificate G2 intermediate CA on macOS.

The Firefox browser will now deny TLS connections to servers using weak Diffie-Hellman keys.

The latest on the Yahoo breach, Germany’s problem with WhatsApp-Facebook, Facebook’s osquery tool for Windows, and Zerodium’s $1.5M iOS bounty are all discussed.

Experts challenge Yahoo’s assertion that state-sponsored hackers were behind a 2014 breach that resulted in 500 million lost records.

Cisco released a patch for a critical flaw that allowed a remote attacker to gain control of one of its email security appliances.

Microsoft announced a cloud-based fuzz testing service called Project Springfield that identifies software bugs in applications that could turn into vulnerabilities.

A number of Democratic Congressional leaders wrote Yahoo CEO Marissa Mayer a letter seeking answers about the breach of 500 million customer records.