Another busy week. This week we catch-up with another busy week. We look at Firefox's changing certificate policies, the danger of grabbing a second-hand domain, the Fortnite mess on Android, another patch-it-now Apache Struts RCE, a frightening jump in Mirai Botnet capability, an unpatched Windows 0-day privilege elevation, malware with a tricky new C&C channel, A/V companies are predictably unhappy with Chrome, Tavis found more serious problems in GhostScript, a breakthrough in contactless RSA key extraction, a worrisome flaw that has always been present in OpenSSH, and problems with never-dying Hayes AT commands in Android devices.