15 year-old flaw in a default python module introduces supply chain vulnerability to over 350,000 open source projects and the applications that use them, including SDKs, AI/ML, security, management, and developer tools.
The breach of Optus, the second-largest telecoms company in Australia, created a leak of about 10 million records of personal information. The government says that it is time for new privacy rules.
UK ICO has reached a provisional finding that TikTok failed to protect children's privacy from 2018 to 2020. If this finding holds up, TikTok could be on the hook for a £27 million fine.
Optus disclosed a cyber attack that compromised the personal data of up to 10 million Australians with a threat actor initially demanding $1 million and several sources suggesting human error as the cause.
DevSecOps Overwhelmed by Backlogs, Significant Time and Money Being Lost to Vulnerability Management
The State of Vulnerability Management in DevSecOps" study included over 16,500 IT leaders and experts. 66% of these firms say they have a backlog of more than 100,000 vulnerabilities.
At least one major credit card fraud gang has switched focus to building out fake dating and customer support websites since 2019, tricking payment processors into granting them access, and running charges against stolen credit cards.
An Indonesia data protection law that has been in development since 2016 includes some of the harshest penalties yet seen in national data privacy regulations, along with a right to compensation for data breaches.
Hackers gained access to sensitive personal information of American Airlines’ customers and employees in a data breach linked to a phishing campaign that led to the unauthorized access of employee mailboxes.
LockBit ransomware will undoubtedly be copied and used by other threat actors in the near term, putting the group's business at risk. But the leak of the ransomware builder also gives security researchers valuable insights.
2K Games accounts used for online games may have received unexpected messages from the helpdesk system claiming to be a response to a request. The messages look authentic, but conclude with a link to RedLine malware.
