NSS Labs’ announced today that their penetration-testing site, Exploithub, will be offering bounties to researchers for developing exploits for12 high-value vulnerabilities.

The U.S.’s Computer Emergency Response Team (CERT) issued a warning to critical infrastructure firms on Wednesday about a serious security hole in products from Massachusetts firm Iconics that could leave critical systems vulnerable to remote attacks.

Users of free music streaming service, Spotify are reporting that they have been the victims of drive-by malware attacks according to a report from Netcraft.

Exploits for scores of vulnerabilities in supervisory control and data acquisition software (SCADA) were made public on Monday, according to a report by The Register.

Attacks
that use search engine optimization to push malicious pages into the top rankings on search engine results are on the rise in 2011, but new research from zScaler suggests that efforts to identify and block the pages are paying meager dividends.

The specter of Stuxnet reared its head again this week, with news of a critical hole in some Chinese SCADA software, while, elsewhere, botnets reloaded following a holiday break, and patches from Microsoft, Google and RIM made headlines. Read on for the full week in review.

The researcher who discovered a hole in a prominent SCADA software package used in China claims that holes in the country’s SCADA systems aren’t uncommon, and blames a lack of transparency for the vulnerabilities.