A crowdfunding effort to buy a subscription to the ShadowBrokers’ Monthly Dump Service of stolen exploits and data was shut down citing legal and ethical concerns.

More than 1,000 mobile apps are leaking personal information via unsecured backend platforms such as MongoDB, MySQL and others.

The ShadowBrokers announced details on how to subscribe to its Monthly Dump Service, which is available for 100 Zcash.

Microsoft quietly patched a critical vulnerability found by Google’s Project Zero team in the Malware Protection Engine.

Phishing sites are deploying freely available TLS certificates in order to dupe victims into thinking they’re visiting a safe site.

Mike Mimoso and Chris Brook recap the news of the week, including the EternalRocks worm, the latest on WannaCry, a subtitle hack, and a Twitter flaw.

Rep. Tom Graves has revised a draft of the Active Cyber Defense Certainty Act with new provisions that include mandatory notification and permission to recovery or destroy stolen data on the attacker’s computer.

Researchers warn two features, not flaws, in Android can be used together to open devices up to attack.

Attackers can remotely execute code on targeted systems via specially crafted subtitle files for videos.

The Terror exploit kit has matured into a greater threat and carefully crafts attacks based on a user’s browser environment.