Application Security News and Articles
When flights get delayed, passengers want answers fast: rebooking, hotel vouchers, refund options. Human agents can’t scale to meet this surge, but AI agents can. The challenge? Identity.
The post Airline Disruption Recovery — How Agentic ...
Retail is moving fast into agentic AI. Imagine a shopping concierge agent that compares prices, applies loyalty discounts, and completes a purchase for you — all in seconds. This sounds like a dream for customers, but for retailers, it’s a ...
In financial services, every transaction is built on trust. When an AI agent acts on behalf of a customer — checking credit scores, verifying KYC documents, or submitting a loan application — identity is the control plane. Without it, the ...
Creator, Author and Presenter: Nate Lee
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events ...
In my first article on Bedrock AgentCore Code Interpreters, I demonstrated that custom code interpreters can be coerced into performing AWS control plane actions by non-agentic identities. This presented a novel path to privilege escalation, ...
The best software developers I've had the privilege to work with live by the principle that they have ultimate responsibility for the code we introduce. They take ownership of what they write, review, and ship. They ask questions when they don't ...
Security researchers interested in participating in the 2026 Apple Security Research Device program can apply until October 31.
The post Apple Seeks Researchers for 2026 iPhone Security Program appeared first on SecurityWeek.
Creator, Author and Presenter: Parker Shelton
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s ...
Bringing a new product to market is hard—especially for small companies with limited sales resources. While large players can rely on global sales teams, most startups and scale-ups need to be smarter in how they approach their go-to-market ...
Kasada’s Q2 2025 Threat Report breaks down the top bot attack trends: from AI scraping bots hammering infrastructure, to scalper bots flipping hype-driven inventory, to stolen travel accounts surging in underground value. Learn how adversaries ...
Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.
The post Why the Principle of Least Privilege Is Critical for Non-Human Identities appeared ...
Scientists at NYU developed a ransomware prototype that uses LLMs to autonomously to plan, adapt, and execute ransomware attacks. ESET researchers, not knowing about the NYU project, apparently detected the ransomware, saying it appeared to be a ...
Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability ...
About CyberFlex CyberFlex is an Outpost24 solution that combines the strengths of its Pen-testing-as-a-Service (PTaaS) and External Attack Surface Management (EASM) solutions. Customers benefit from continuous coverage of their entire attack ...
LinkedIn is rolling out new verification rules to make it easier to confirm that people and companies are who they claim to be. The company will now require workplace verification when someone adds or updates a leadership or recruiter role on ...
Compromised credentials are now the leading cause of cloud breaches, making identity your most critical attack surface. A new IDC white paper explores why this shift is happening and where traditional defenses fall short. Read on to learn how ...
An AI supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution.
The post AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products appeared first on SecurityWeek.
Hello readers!Continue reading on Medium »
Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly ...
Marat Tyukov, Mikhail Gavrilov, and Pavel Akulov targeted US critical infrastructure and over 500 energy companies in 135 countries.
The post US Offers $10 Million for Three Russian Energy Firm Hackers appeared first on SecurityWeek.