The plaintiffs say the company knew about the problem with "access tokens" for years and chose to protect its own employees before fixing the problem for users.

The industry has some very particular challenges to work out before establishing a coordinated vulnerability disclosure program. But the big companies are changing their thinking.

The plan is for DEF CON to host the servers for the vulnerability reporting, acting as a bridge between hackers and the government.

It's not great that a lone engineer was able to pull data from 106 million people. But this was far from Equifax 2.0.

Anne Neuberger, who is leading the intelligence agency's task force on Russian election interference, will become the NSA's first director for cybersecurity.

Lenovo servers had a conspicuous security problem, but specialists at hardware-security company Eclypsium found that the story was much bigger.