Application Security News and Articles


Airline Disruption Recovery — How Agentic Identity Keeps Travel on Track

When flights get delayed, passengers want answers fast: rebooking, hotel vouchers, refund options. Human agents can’t scale to meet this surge, but AI agents can. The challenge? Identity. The post Airline Disruption Recovery — How Agentic ...

RetailThe AI Shopping Concierge — How Retailers Can Safely Orchestrate Identity Across Agentic Workflows

Retail is moving fast into agentic AI. Imagine a shopping concierge agent that compares prices, applies loyalty discounts, and completes a purchase for you — all in seconds. This sounds like a dream for customers, but for retailers, it’s a ...

How Financial Services Can Use Agentic Identity to Stop Fraud and Streamline Loan Approvals

In financial services, every transaction is built on trust. When an AI agent acts on behalf of a customer — checking credit scores, verifying KYC documents, or submitting a loan application — identity is the control plane. Without it, the ...

BSidesSF 2025: The Power Of Persuasion: Better Security Through… Manipulation?

Creator, Author and Presenter: Nate Lee Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events ...

Sandboxed to Compromised: New Research Exposes Credential Exfiltration Paths in AWS Code Interpreters

In my first article on Bedrock AgentCore Code Interpreters, I demonstrated that custom code interpreters can be coerced into performing AWS control plane actions by non-agentic identities. This presented a novel path to privilege escalation, ...

The Developer’s Hippocratic Oath in the Age of AI

The best software developers I've had the privilege to work with live by the principle that they have ultimate responsibility for the code we introduce. They take ownership of what they write, review, and ship. They ask questions when they don't ...

Apple Seeks Researchers for 2026 iPhone Security Program

Security researchers interested in participating in the 2026 Apple Security Research Device program can apply until October 31. The post Apple Seeks Researchers for 2026 iPhone Security Program appeared first on SecurityWeek.

BSidesSF 2025: BSidesSF 2025 – Light In The Labyrinth: Breach Path Analysis For Anyone

Creator, Author and Presenter: Parker Shelton Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s ...

Go-to-Market Strategies for Small Security Companies

Bringing a new product to market is hard—especially for small companies with limited sales resources. While large players can rely on global sales teams, most startups and scale-ups need to be smarter in how they approach their go-to-market ...

Q2 2025 Bot Attack Trends: AI Scraping, Scalper Bots, and Travel Fraud

Kasada’s Q2 2025 Threat Report breaks down the top bot attack trends: from AI scraping bots hammering infrastructure, to scalper bots flipping hype-driven inventory, to stolen travel accounts surging in underground value. Learn how adversaries ...

Why the Principle of Least Privilege Is Critical for Non-Human Identities

Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security. The post Why the Principle of Least Privilege Is Critical for Non-Human Identities appeared ...

NYU Scientists Develop, ESET Detects First AI-Powered Ransomware

Scientists at NYU developed a ransomware prototype that uses LLMs to autonomously to plan, adapt, and execute ransomware attacks. ESET researchers, not knowing about the NYU project, apparently detected the ransomware, saying it appeared to be a ...

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)

Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability ...

CyberFlex: Flexible Pen testing as a Service with EASM

About CyberFlex CyberFlex is an Outpost24 solution that combines the strengths of its Pen-testing-as-a-Service (PTaaS) and External Attack Surface Management (EASM) solutions. Customers benefit from continuous coverage of their entire attack ...

LinkedIn expands company verification, mandates workplace checks for certain roles

LinkedIn is rolling out new verification rules to make it easier to confirm that people and companies are who they claim to be. The company will now require workplace verification when someone adds or updates a leadership or recruiter role on ...

Identity-First Security: Mitigating the Cloud’s Greatest Risk Vector

Compromised credentials are now the leading cause of cloud breaches, making identity your most critical attack surface. A new IDC white paper explores why this shift is happening and where traditional defenses fall short. Read on to learn how ...

AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products

An AI supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution. The post AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products appeared first on SecurityWeek.

macOS vulnerability allowed Keychain and iOS app decryption without a password

Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly ...

US Offers $10 Million for Three Russian Energy Firm Hackers

Marat Tyukov, Mikhail Gavrilov, and Pavel Akulov targeted US critical infrastructure and over 500 energy companies in 135 countries. The post US Offers $10 Million for Three Russian Energy Firm Hackers appeared first on SecurityWeek.