The data and endpoint security landscape is always changing, and news happens fast. Each week we recap some of the top security news stories to help you stay informed. Here’s what happened this week.

A new release of Crysis malware contains a host of dangerous new features including the ability to exfiltrate critical files and user information, gain admin rights to the infected device, and then assume control as an admin user.

Known as one of the world’s largest botnets, Necurs went offline this week leading to a significant drop in traffic for two popular malware campaigns.

Wendy’s Co. reported new information about the data breach that occurred at its franchisee-owned restaurants earlier this year, stating that more locations may have in affected than previously reported.

Malware called QRAT, or Qarallax RAT, is being distributed through Skype in order to steal the personal information of Swiss nationals. Reports say that while Skype has been employed as a means to distribute adware in the past, it’s use in phishing campaigns is new.

New pending data breach legislation in New York will include protected health information (PHI) under its definition of personal information. This would effectively mean that the scope of information covered under current notification laws for HIPAA-covered entities would be expanded to include PHI, if the bill passes.

Older vulnerabilities and known exploits are providing easy access points for ransomware attacks on companies in the manufacturing sector, according to this new study. In only seven months, a total of 8.63 million attack attempts were recorded globally.

The February cyberattack on Canadian firm VerticalScope, which operates a network of thousands of websites and forums, has now allegedly resulted in the breach of more than 45 million records.