Application Security News and Articles
ShadyPanda spent seven years uploading trusted Chrome and Edge extensions, later weaponizing them for tracking, hijacking, and remote code execution. Learn how the campaign unfolded.
The post ShadyPanda Takes its Time to Weaponize Legitimate ...
The startup will invest in expanding its engineering and research teams, deepening product integrations, and scaling go-to-market efforts.
The post Lumia Security Raises $18 Million for AI Security and Governance appeared first on SecurityWeek.
Cloudflare recently mitigated a new record-breaking Aisuru attack that peaked at 14.1 Bpps.
The post Aisuru Botnet Powers Record DDoS Attack Peaking at 29 Tbps appeared first on SecurityWeek.
The BBB warns of a rising ghost-tap scam exploiting tap-to-pay cards and mobile wallets. How attackers use NFC proximity tricks.
The post Ghost-Tap Scam Makes Payments Scarier appeared first on Security Boulevard.
CrowdStrike deepens its AWS partnership with automated Falcon SIEM configuration, AI security capabilities, EventBridge integrations and new MSSP-focused advancements.
The post CrowdStrike Extends Scope of AWS Cybersecurity Alliance appeared ...
Helmet Security has built an end-to-end platform that secures the infrastructure for agentic AI communication.
The post Helmet Security Emerges From Stealth Mode With $9 Million in Funding appeared first on SecurityWeek.
When it comes to securing your software and infrastructure, picking the right tool can be tricky. Wiz, SonarQube, and Qualys are three…Continue reading on Medium »
Check Point announced its new Check Point Quantum Firewall Software, R82.10, introducing 20 new capabilities designed to help enterprises safely adopt AI, protect distributed environments, and simplify zero trust across hybrid networks. “As ...
AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182.
The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek.
Cybersecurity teams are starting to think about how large language model agents might interact at scale. A new paper from Cisco Research argues that the current network stack is not prepared for this shift. The work proposes two extra layers on ...
In this Help Net Security video, Lane Sullivan SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, and divestitures. Sullivan talks about the types of risk an acquiring ...
Large amounts of personal information about medical professionals are available on people search sites. A new analysis by Incogni’s researchers shows how much data about doctors appears online and how easily it can be found. The findings should ...
Here’s a look at the most interesting products from the past week, featuring releases from BlackFog, Datadog, Forward Edge-AI, SandboxAQ, and Upwind. BlackFog releases ADX Vision to block data loss from unapproved AI use BlackFog announced the ...
The Ministry of Communications on had asked smartphone makers to install the government’s “Sanchar Saathi” app within 90 days and to prevent users from disabling it.
The post India Rolls Back Order to Preinstall Cybersecurity App on ...
Significant cybersecurity M&A deals announced by Arctic Wolf, Bugcrowd, Huntress, Palo Alto Networks, and Zscaler.
The post Cybersecurity M&A Roundup: 30 Deals Announced in November 2025 appeared first on SecurityWeek.
Security and developer teams are scrambling to address a highly critical security flaw in frameworks tied to the popular React JavaScript library. Not only is the vulnerability, which also is in the Next.js framework, easy to exploit, but React ...
Established in 2024 by Cybereason co-founders Lior Div and Yonatan Striem-Amit, the company has raised a total of $166 million in funding.
The post Agentic Security Firm 7AI Raises $130 Million appeared first on SecurityWeek.
Hackers stole the names, addresses, Social Security numbers, and financial and medical information of 9,542 people.
The post Inotiv Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
A malicious Rust crate (package) named evm-units, aimed at stealing cryptocurrency from unsuspecting developers, has been pulled from the official public package registry for the Rust programming language, but not before having been downloaded ...
SpecterOps and Tines announced a strategic partnership that brings native BloodHound integration to Tines, enabling customers to operationalize Attack Path Management through automated, AI-assisted workflows. This partnership combines ...
