EFI is the system firmware that loads before your operating system boots or hypervisor starts. If it's compromised then your entire computing platform is under threat. Duo Security has conducted an analysis looking at how Apple manages updates to EFI and how those updates relate to fixing vulnerabilities. The results of their work reveal some interesting issues>

It's the second week of the month and that means it's Patch Tuesday time, the monthly delivery of fixes for Microsoft's quiver of software arrows. This month, they have targeted a bunch of issues rated as "critical".

Classic decluttering advice - the kind of stuff you've been reading on Lifehacker for years - starts with getting rid of what you don't use or need. But are you applying the same principle to your systems? A demonstration of an old vulnerability in SMB 1at DEFCON highlights this, with a Windows Server rendered useless by a Raspberry Pi and a few lines of code. Beneath the surface of your apps, lie dangerous vulnerabilities.

If you think you can track down bugs and vulnerabilities in Windows you might be able to turn that skill into cold, hard cash. Microsoft has launched the Windows Bounty Program and is offering between USD$500 and USD$250,000 if you report through their Coordinated Vulnerability Disclosure policy.

One of the bold claims made by Microsoft is that Windows 10 S will be impervious to all known forms of ransomware. This is because only apps that have been curated and distributed through the Windows Store can be run. However, it seems that Microsoft's claim forgot one little thing - macros. But we can learn from this.

Wordfence is one of the first plug-ins I install when I set up a Wordpress site. And their blog is a great source of information on current vulnerabilities and exploits. They have posted a list of 22 Abandoned WordPress Plugins with Vulnerabilities. And while the list is interesting, some of the other data they have unearthed is a cause of concern.

Fancy yourself as a crack investigator and bug squasher? Microsoft is offering up to US$100,000 for researchers and investigators who can track down vulnerabilities in a number of different products.

AirDroid, the popular Android desktop manager, has some pretty nasty security vulnerabilities according to a recent report. Unless you use it on a network you fully trust, you should probably disable or uninstall it until this is patched.

Glitches in games can range from the ridiculous to the beautiful. But how about educational? A new YouTube channel, called "Retro Game Mechanics Explained", is all about breaking down -- and learning from -- games (and their bugs in particular).