Five vulnerabilities in the ManageEngine Applications Manager, and one in the Event Log Analyzer, were disclosed by Digital Defense, Inc.

The scanner actually exploits vulnerabilities in order to avoid false positives.

When federal agencies have for the first time to include mobile devices and apps in their information security reporting for FY2018 starting this October, they may be in for a nasty surprise, if the experience of the Department of Homeland Security is anything to go by.

Postponing the publication of the new draft highlights the controversy swirling around this latest effort to revise the ubiquitous Top 10 list, which is being led by new authors after an earlier version got panned.