Some good souls are selling Ransomware as a service. It has own logo, support, bug tracker, and a clean website.
The webpage of the open-source video transcoder application Handbrake was compromised and served malware for the Mac users.
Comparison of the "http81 IoT botnet" against the Mirai source code. The C&C code is different, but they took some parts of the published source code.
IBM shipped malware infected USB flash drives to the customers.
Shodan can now find malware C&C servers.
Deep insight into use-after-free vulnerability and many possibilities how to exploit it. https://scarybeastsecurity.blogspot.ch/2017/05/ode-to-use-after-free-one-vulnerable.html
Critical remotely exploitable vulnerability found in the Microsofts' Malware Protection service.
The criminals are stealing 2FA tokens by abusing widespread telecommunications network equipment.
Guido Vranken found a vulnerability (CVE-2017-8779) that allows an attacker to allocate any amount of bytes (up to 4 gigabytes per attack) on a remote RPCBIND host, and the memory is never freed unless the process crashes or the administrator halts or restarts the RPCBIND service.
Good summary of an iCloud Keychain Secrets vulnerability (CVE-2017–2448). From the blog:
"This allows an adversary to craft an OTR message which can negotiate a key successfully while bypassing the actual signature verification...Considering that OTR uses ephemeral keys for encryption, this flaw implies that a syncing identity key is no longer required for an adversary with Man In The Middle capabilities to negotiate an OTR session to receive secrets."
Researchers developed the cheapest way so far to hack a passive keyless entry system, as found on some cars. No cryptography broken.
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
Linux Malware Detect (LMD) is a malware scanner for Linux designed around the threats faced in shared hosted environments.