Security Bulletin

Concerns are real that the Chinese could infiltrate U.S. LiDAR technology to spy on American citizens and companies – the government needs to act now.

Hype won't solve operational security problems. Here are 10 important points to consider when evaluating API security solutions.

As stringent new SEC reporting rules take effect, CISOs need to assess internal processes and understand their responsibilities. But there's a bright side.

Mortgage borrowers and loan applicants had Social Security numbers, bank account numbers and contact info leaked.

Although the unauthenticated Java deserialization flaw has been known since 2015, GWT apps remain vulnerable to malicious server-side code execution, new research says.

Crimeware-as-a-service (CaaS) gang flies past CAPTCHAs, creating fraudulent accounts to sell to the likes of Scattered Spider; Microsoft mounts a counterattack.

U.S. Venture Partners leads the round, CrowdStrike co-founder participating.

The new four-day SEC reporting rule goes into effect today – and industry pros are fairly supportive of a last-ditch accommodation that does not require companies to file the technical details of a breach right away.

Zoom's Vulnerability Impact Scoring System calculates the impact of a vulnerability to assign a cash payout for bugs, leading hackers to prioritize more severe flaws. Can it do the same for companies?

More advanced email and SMS phishing attacks have been launched by the Storm-0539 threat operation to achieve gift card fraud and theft against organizations in the retail industry amid the holiday shopping season, The Hacker News reports.