Application Security News and Articles


AI vs. you: Who’s better at permission decisions?

A single tap on a permission prompt can decide how far an app reaches into a user’s personal data. Most of these calls happen during installation. The number of prompts keeps climbing, and that growing pressure often pushes people into rushed ...

The quantum clock is ticking and businesses are still stuck in prep mode

Quantum computing is still years away from breaking current encryption, but many security teams are already worried about what happens when that moment arrives. A new report from the Trusted Computing Group (TCG) shows that most businesses say ...

Salt Security identifies external misuse and abuse of MCP servers by AI agents

Salt Security announced it is extending its API behavioral threat protection to detect and block malicious intent targeting Model Context Protocol (MCP) servers deployed within the AWS ecosystem. Building on the recent launch of Salt’s MCP ...

Bitwarden Access Intelligence helps enterprises take action on risky credentials

Bitwarden announced Bitwarden Access Intelligence for Enterprise plans. Access Intelligence provides visibility into weak, reused, or exposed credentials across critical applications, with guided remediation workflows for consistent credential ...

JPMorganChase to Invest in AI, Tech to Foster Growth, Innovation, Resiliency 

JPMorganChase’s $1.5T Security & Resiliency Initiative targets AI, cybersecurity, quantum and critical industries. Learn what this investment means for national and enterprise resilience. The post JPMorganChase to Invest in AI, Tech to ...

Niobium Raises $23 Million for FHE Hardware Acceleration

The startup will invest the funds in accelerating development of its second-generation fully homomorphic encryption (FHE) platforms. The post Niobium Raises $23 Million for FHE Hardware Acceleration appeared first on SecurityWeek.

Critical King Addons Vulnerability Exploited to Hack WordPress Sites

A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.

Massive gambling network doubles as hidden C2 and anonymity infrastructure, researchers say

A sprawling network that’s seemingly maintained to serve (illegal) online gambling opportunities and deliver malware to Indonesian citizens is likely also being used to provide threat actors command and control (C2) and anonymity services. ...

Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft Claims

Arizona is the latest state to sue Temu and its parent company PDD Holdings over allegations that the Chinese online retailer is stealing customers’ data. The post Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft ...

ServiceNow to Acquire Identity Security Firm Veza in Reported $1 Billion Deal 

Veza Security was recently valued at more than $800 million after raising $108 million in Series D funding. The post ServiceNow to Acquire Identity Security Firm Veza in Reported $1 Billion Deal  appeared first on SecurityWeek.

How to Manage Cloud Provider Risk and SLA Gaps 

Cloud SLAs often fall short of enterprise needs. Learn how CISOs can assess, mitigate and manage SLA gaps using risk frameworks, compensating controls and multi-provider strategies. The post How to Manage Cloud Provider Risk and SLA Gaps  ...

Penn and Phoenix Universities Disclose Data Breach After Oracle Hack

The University of Pennsylvania and the University of Phoenix confirm that they are victims of the recent Oracle EBS hacking campaign. The post Penn and Phoenix Universities Disclose Data Breach After Oracle Hack appeared first on SecurityWeek.

re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities 

AWS and cybersecurity vendors have made several announcements at the cloud giant’s re:Invent 2025 event.  The post re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities  appeared first on SecurityWeek.

Microsoft Silently Mitigated Exploited LNK Vulnerability

Windows now displays in the properties tab of LNK files critical information that could reveal malicious code. The post Microsoft Silently Mitigated Exploited LNK Vulnerability appeared first on SecurityWeek.

Using Claude AI to Catch Code Vulnerabilities Before You Commit

A Practical Guide for Application Security EngineersContinue reading on Medium »

HTB AI Range benchmarks the safety and limits of autonomous security agents

Hack The Box (HTB) unveiled HTB AI Range, a controlled AI cyber range built to test and benchmark the safety, limits, and capabilities of autonomous AI security agents. HTB AI Range replicates live, high stakes cyber battlegrounds tailored for ...

Chrome 143 Patches High-Severity Vulnerabilities

Chrome 143 stable was released with patches for 13 vulnerabilities, including a high-severity flaw in the V8 JavaScript engine. The post Chrome 143 Patches High-Severity Vulnerabilities appeared first on SecurityWeek.

Wasabi Covert Copy strengthens cloud storage security

Wasabi has expanded its cyber resilient cloud storage capabilities with Covert Copy, a patent pending, ransomware-resistant storage solution that allows users to create a locked, hidden copy of storage buckets to ensure critical data remains ...

BlackFog releases ADX Vision to block data loss from unapproved AI use

BlackFog announced the availability of its newest solution, ADX Vision. Designed to secure every endpoint and every LLM interaction, ADX Vision gives organizations the visibility and control needed to manage AI securely. Operating directly on the ...

Morphisec enhances Anti-Ransomware Suite to block evasive attacks across key blind spots

Morphisec announced an expansion of its Anti-Ransomware Assurance Suite, adding new capabilities that include Network Share Ransomware Protection for Windows and Linux, Identity Risk Visibility, and enhancements to its existing EDR Tampering ...