New report indicates that Twitter may have great value as a vulnerability management tool. Twitter mentions are twice as good as CVSS when it comes to measuring an organization's potential exploitability.
Manila Bulletin, the largest English-language newspaper in the Philippines, says that a serious data breach of the country's Commission on Elections (Comelec) occurred. Comelec called it "fake news" and claimed that it never happened.
A 19-year-old "security specialist" has found a vulnerability in third party software used by certain Tesla vehicles, which allows the remote control of certain functions such as the engine and the security system.
Extensive campaign involving the Pegasus spyware in El Salvador targeted at least 35 journalists and political activists from June 2020 to November 2021, with most of the country's major media outlets affected.
Law enforcement agencies have identified at least 150 investment fraud websites operated by fake broker-dealers who stole a minimum of $50 million from at least 70 victims.
Threat group commits financial theft by hiding inside the victims’ networks for months while studying their financial systems and injecting fraudulent transactions into regular activity.
CISA stresses that "significant" Log4j breaches have not yet been found in the networks of federal agencies or critical infrastructure, but that it is not yet possible to assess whether the vulnerability is present across all of these disparate systems.
Lapsus$ cybercrime gang claimed responsibility for the Impresa group ransomware attack by defacing the media company’s website and tweeting from its verified Twitter account.
Thousands of companies using popular NPM libraries have just learned that the hidden price of free software is that the open source developer may withdraw their consent at any time.
FlexBooker, a commonly used appointment scheduling and calendar service, is apologizing to its customers after 3.7 million records appeared on a dark web hacker forum following a DDoS attack.
