Kudos to Stack Overflow, for promptly notifying users as soon as it identified a breach and posting an update with more details as it learns them.
Many organizations are unaware of the intrusion in their networks until the FBI comes calling. An Inspector General audit found that poor record keeping means some organizations don't hear from the FBI, or hear too late to do anything about it.
Parts of the government is still spinning back up after spending 35 days offline as part of the recent partial government shutdown. For security teams with long to-do lists, that's a lot of time they need to regain.
It hasn’t even been a year since the Equifax breach was made public, and Apache has fixed yet another another critical vulnerability in the Struts web application framework. Does your incident response plan include assessing the risk exposure and deploying defenses on top of patch management?