mask.of.sanity writes: Up to a quarter of all websites on the internet could have been breached through a since-patched vulnerability that allowed WordPress' core update server to be compromised.
The shuttered remote code execution flaw was found in a php webhook within api.wordpress.org that allows developers to supply a hashing algorithm of their choice to verify code updates are legitimate.
mask.of.sanity writes: The Nexus 6P appears to have been hacked with attackers at the Mobile Pwn2Own contest installing malware without user interaction in less than five minutes. The hack attempt is one of many targeting the Nexus 6P, iPhone 6S, and Samsung Galaxy 7. Exploits can earn up to US$125,000 and are provided to phone vendors to develop fixes.
mask.of.sanity writes: A penetration tester is hacking business email scammers compromising their Microsoft accounts and sending the criminal's information to police. The scammers, or whalers, are responsible for causing billions of dollars of damage by tricking business into wiring funds to bank accounts.
mask.of.sanity writes: On June 7, Angler, possibly history's most advanced financially-driven exploit kit went silent and nobody knew why. Now Kaspersky's lead intelligence researcher has revealed it was the progeny of some 50 arrested hackers known as the Lurk group. The report is the culmination of some six years of research and bookends the mysterious demise of one of the biggest threats to end users on the internet.