WikiLeaks has published a large set of hacking tools belonging to the CIA. Right now the dump only contains documentation, no actual malware or exploits. Their original announcement can be found here.
A look at the impact of the 'CloudBleed' vulnerability.
HackerOne, the bug bounty platform, now offers its service free to open-source projects. To be eligible the project must be older than three months, active, and covered by an Open Source Initiative (OSI) license .
Interesting new malware was discovered that uses DNS as a command & control system. It will establish itself through a number of steps and fetch Powershell scripts written in DNS TXT records, while never actually writing a file to disk, making it hard to detect.
Great story of how 50 Google employees banded together to patch all open-source projects on Github that were still vulnerable to the "Mad Gadget vulnerability", a remote code execution bug that recently hit the San Francisco Metro system. Over 2600 projects received a pull request to fix the issue.
The Department of Homeland Security has awarded $200,000 to five startups with promising IoT security technology. They will be guided through further steps to build out their PoC's to a full product.
The US Defence Department has launched code.mil, a website that will be used to host unclassified code written by the department, and which will be free to use for personal or public projects.
Apple seems to be nudging users more explicitly to adopt 2fa in the latest iOS version, which is currently in beta.
Struts 2, a Java web application framework, has a critical remote code execution vulnerability that is being exploited in the wild. Patching is advised.
Howard Schmidt, who was the top cybersecurity advisor for both Bush and Obama, has passed away. Reading about what he did and what kind of person he was, he will clearly be missed.