"It is now apparent that a major threat exists because of the posting by cyber criminals of Hacking Team proprietary software on the internet the night of July 6," reads a statement on the Hacking Team website.

"Before the attack, Hacking Team could control who had access to the technology which was sold exclusively to governments and government agencies. Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so. We believe this is an extremely dangerous situation."

It's the worst-case scenario of the Hacking Team hack: the as-yet-unpatched Flash vulnerability revealed in the trove of source code leaked from the surveillance-ware company is being exploited in the wild

Malwarebytes, which had already warned the exploit would be weaponised quickly, notes: “This is one of the fastest documented case of an immediate weaponisation in the wild, possibly thanks to the detailed instructions left by Hacking Team.”

The FBI is one of the clients who bought hacking software from the private Italian spying agency Hacking Team, which was itself the victim of a recent hack.

The FBI is not in good company here. According to several spreadsheets within the hacked archive, which contain a list of Hacking Team’s customers, many of the other governments who bought the same software are repressive regimes, such as Sudan and Bahrain.

The researcher says blanket whitelisting of googleapis.com means he was able to create a script that could pass default NoScript configurations and be executed within user browsers.

"Just by visiting the file JavaScript will execute, even if NoScript with default configuration is installed."

That venture was cut short when he found the whitelisted zendcdn.net was available for purchase at just US$10, so he snapped it up and used it to point at his JavaScript payload.

A popular video blogger has hit out at cosmetics brand Lush after he lost control of a YouTube address he had been using since 2005.

Google said it was "sympathetic" to Mr Lush's situation and that the decision was made by an algorithm.

Google said its algorithm decided which address Lush Cosmetics was given, based on data from YouTube, Google+, its search engine and other sources.

Adobe today released an out-of-band patch for a Flash Player zero-day vulnerability being used in targeted attacks by an APT gang known for its storehouse of exploits targeting unpatched browser-based vulnerabilities.

“Any time one of these groups is using a zero day and casting such a wide net, it’s pretty significant, especially since the activity started in early June and a patch was not released until today,” Oppenheim said. “That’s a big window, and possibly tons of victims affected.”

The law behind this baffling proclamation states it is intended to protect children from coming to harm via "advertising or teleshopping." It was written in 2002, and was no less stupid in its belief that it could somehow force online retailers to take certain items off the "shelves" for two-thirds of the day. It's only receiving attention now because the Youth Protection Authority trying to hammer it into place over bits of the internet.

And no one will be saved, Youth Protection Authority or no. But the YPA gets to say it tried, and I guess that's all that matters. It will just have to live with the mocking laughter.

“We’re doing about three billion searches a year,” Weinberg said, “so we’re already pretty mainstream.”

Browsers Firefox and Safari also made DuckDuckGo available last year.

However, there are well-known ways of providing the advantages of JavaScript without those perceived downsides: bytecode runtimes like Java and .NET. Unlike script files, the bytecode represents a low-level, fairly compact representation of a program.

WebAssembly, or wasm for short, is intended to be a portable bytecode that will be efficient for browsers to download and load, providing a more efficient target for compilers than plain JavaScript or even asm.js.

The project is funded by the Internet Security Research Group (ISRG), a new Californian public-benefit group backed by leading tech firms including Mozilla, The Electronic Frontier Foundation (EFF) and Cisco.

Website operators are generally hesitant to use SSL/TLS certificates due to their cost. An extended validation (EV) SSL certificates can cost up to $1,000 (approx. £640). It is also a complication for operators to set up encryption for larger web services.