Moving CVEs past one-nation control
A near-miss episode of attempted defunding spotlights a need for a better way
A near-miss episode of attempted defunding spotlights a need for a better way
Related
Prioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworks
In the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSS
Will AI Code Generators Overcome Their Insecurities This Year?
In just two years, LLMs have become standard for developers — and non-developers — to generate code, but companies still need to improve security processes to reduce software vulnerabilities.
Tesla Gear Gets Hacked Multiple Times in Pwn2Own Contests
The first team to successfully hack the electric vehicle maker’s charger won $50,000 for their ingenuity.
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a…
Cloudflare CDN Bug Outs User Locations on Signal, Discord
Attackers can use a zero- or one-click flaw to send a malicious image to targets — an image that can deanonymize a user within seconds, posing a threat to journalists, activists, hackers, and others whose locations are sensitive.
TikTok’s Teen Data Use Probed by UK Regulators
Investigators at the ICO are looking into how (or if) TikTok, as well as Reddit and Imgur, are enforcing UK privacy protections for 13- to 17-year-old users.