During a penetration test, you aim to collect information on a target organization's security posture without directly interacting with their systems. Which of the following sources would most effectively offer insights into the organization's past security incidents and data breaches for passive reconnaissance?
Verification of the organization's SSL certificate details
Analysis of news articles and breach report databases
Checking the response headers from the organization's web server for server types and technologies
Manual inspection of the organization's website links