Mike Mimoso and Chris Brook recap the news of the week, including the EternalRocks worm, the latest on WannaCry, a subtitle hack, and a Twitter flaw.

Pacemakers and pacemaker programmers lack authentication and are plagued with thousands of software vulnerabilities across leading manufacturers.

Mark Dowd discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers.

The Samba Team has patched a severe bug that leaves computers vulnerable to wormable exploit.

Twitter fixed a flaw in its Twitter Ads service could have allowed an attacker to tweet as any user.

Researchers warn two features, not flaws, in Android can be used together to open devices up to attack.

The market for automated credential stuffing tools is growing fast, because of a record number of breaches.

Researcher Chris Evans reported a new bug and showed how also used a previously known flaw in ImageMagick to leak Yahoo server data and steal images and authentication secrets.

Android O, due in the third quarter, figures to elevate the security of the mobile OS with new features focused on improved third-party patching, a new permission model and hardening of existing features.

Attackers can remotely execute code on targeted systems via specially crafted subtitle files for videos.