Application Security News and Articles


Secrets in Code — Don’t Let Your API Keys Become Attack Vectors

Ever pushed .env or API keys to GitHub by mistake? You’re not alone — and attackers are watching.Continue reading on Medium »

Secrets in Code — Don’t Let Your API Keys Become Attack Vectors

Ever pushed .env or API keys to GitHub by mistake? You’re not alone — and attackers are watching.Continue reading on Medium »

The 47-Day SSL Certificate Era: What It Means for Site Owners and IT Teams

The move to 47-day SSL certificates is a major step toward a more secure, automated internet. While it introduces new challenges, especially for organizations relying on manual processes, it ultimately pushes the ecosystem toward greater ...

Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App

Content warning: Domestic abuse, stalking, controlling behavior, Schadenfreude, irony. The post Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App appeared first on Security Boulevard.

GitHub Actions: SAST / DAST scan

Bu məqalədə GitHub Actions vasitəsilə Snyk SAST skan və OWASP ZAP Baseline DAST scan-ın aparılmasından bəhs edilir.Continue reading on Medium »

Validation is an Increasingly Critical Element of Cloud Security  

Cloud security isn’t just about having the right solutions in place — it’s about determining whether they are functioning correctly. The post Validation is an Increasingly Critical Element of Cloud Security   appeared first on Security ...

In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed

Noteworthy stories that might have slipped under the radar: drug cartel hires hacker to identify FBI informants, prison time for Russian ransomware developer, ransomware negotiator investigated.  The post In Other News: Hacker Helps Kill ...

Mastering Real-Time Cloud Data Governance Amid Evolving Threats and Regulations

Real-time data governance provides security and privacy teams with immediate visibility into what is happening, allowing them to stop a problem before it becomes a crisis. The post Mastering Real-Time Cloud Data Governance Amid Evolving Threats ...

The Role Culture and Trust Play in Countering Deepfakes

Empowering employees with critical thinking and transparency to combat synthetic media impersonations and fortify organizational defenses.  The post The Role Culture and Trust Play in Countering Deepfakes appeared first on Security Boulevard.

NTLM relay attacks are back from the dead

NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved problem, it is not – and, in fact, it may be getting worse. Anecdotally, they are used in ...

New hires, new targets: Why attackers love your onboarding process

In this Help Net Security video, Ozan Ucar, CEO of Keepnet Labs, highlights a critical cybersecurity blind spot: the vulnerability of new hires during onboarding. He explains how attackers now use AI-powered, multi-channel phishing tactics to ...

Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future

While Africa hosts some of the fastest-growing digital economies globally, it also faces persistent challenges in cybersecurity preparedness. Many organizations and individuals remain unaware of the risks they face online. Phishing schemes and ...

Exposed and unaware? Smart buildings need smarter risk controls

75% of organizations have building management systems (BMS) affected by known exploited vulnerabilities (KEVs), according to Claroty. The post Exposed and unaware? Smart buildings need smarter risk controls appeared first on Help Net Security.

Internet outages are costing companies millions every month

To ensure resilience across the internet stack, organizations need to protect and manage four key areas: reachability, availability, reliability, and performance, according to Catchpoint. The negative economic impact of incidents 51% report ...

New infosec products of the week: July 4, 2025

Here’s a look at the most interesting products from the past week, featuring releases from DigitalOcean, Scamnetic, StealthCores, and Tracer AI. Scamnetic KnowScam 2.0 helps consumers detect every type of scam KnowScam 2.0 now comes with major ...

Security Pros Say Hunters International RaaS Operators are ‘Changing Jerseys’

The notorious Hunters International RaaS group that racked up hundreds of victims over two years says it's shutting down and offering decryption software to victims, but security pros say this happens regularly in the cybercriminal world and that ...

Google open-sources privacy tech for age verification

Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which raises privacy and security concerns. In response, Google has ...

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code

Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew out information that may benefit them, such as ...

Analysis Surfaces Increased Usage of LLMs to Craft BEC Attacks

A Barracuda Networks analysis of unsolicited and malicious emails sent between February 2022 to April 2025 indicates 14% of the business email compromise (BEC) attacks identified were similarly created using a large language model (LLM). The post ...

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins

A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts. The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.