Application Security News and Articles
Google is suing the operators behind BadBox 2.0, accusing multiple Chinese threat groups of playing different roles in the operation of the massive botnet that rolled up more than 10 million devices to run large-scale ad fraud and other malicious ...
All Your UAVs Are Belong to UKR: Ukrainian Cyber Alliance and Black Owl team up to hack manufacturer of Russian military drones, sources say.
The post Ukraine Pwns Russian Drone Maker — Gaskar is ‘Paralyzed’ appeared first on Security ...
Most security teams subscribe to more threat‑intel feeds than they can digest, yet attackers keep winning. Cyware’s Jawahar Sivasankaran explains why: Outside the Fortune 500 and federal agencies, many organizations still treat ...
Noteworthy stories that might have slipped under the radar: powerful US law firm hacked by China, Symantec product flaw, $10,000 Meta AI hack, cryptocurrency thieves bypassing FIDO keys.
The post In Other News: Law Firm Hacked by China, ...
Uma abordagem prática para desenvolvedores sobre Insecure Direct Object ReferenceContinue reading on Medium »
Zimperium, a provider of mobile security software, this week published a report that notes more than 5 million unsecured public Wi-Fi networks have been detected globally since the beginning of 2025
The post Summer Vacation Alert Surfaces More ...
AI-native email security firm StrongestLayer has emerged from stealth mode with $5.2 million in seed funding.
The post Email Protection Startup StrongestLayer Emerges From Stealth Mode appeared first on SecurityWeek.
Cambodian police and military arrested more than 1,000 people in a crackdown on cyberscam operations that have proliferated in recent years in Southeast Asia and now are spreading globally, ensnaring hundreds of thousands of people in human ...
We must pay attention to what holds everything together - the glue. That’s where the real MCP vulnerabilities are hiding.
The post Critical MCP Vulnerabilities are Slipping Through the Cracks appeared first on Security Boulevard.
Dozens of FortiWeb instances have been hacked after PoC targeting a recent critical vulnerability was shared publicly.
The post Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication appeared first on SecurityWeek.
Radiology Associates of Richmond has disclosed a data breach impacting protected health and personal information.
The post 1.4 Million Affected by Data Breach at Virginia Radiology Practice appeared first on SecurityWeek.
With generative AI enabling fraud-as-a-service at scale, legacy defenses are crumbling. The next wave of cybercrime is faster, smarter, and terrifyingly synthetic.
The post Fraud: A Growth Industry Powered by Gen-AI appeared first on SecurityWeek.
The CitrixBleed 2 vulnerability in NetScaler may expose organizations to compromise even if patches have been applied.
The post CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable appeared first on SecurityWeek.
Google has filed a lawsuit against the Badbox 2.0 botnet operators, after identifying over 10 million infected Android devices.
The post Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet appeared first on SecurityWeek.
Wiz researchers discovered NVIDIAScape, an Nvidia Container Toolkit flaw that can be exploited for full control of the host machine.
The post Critical Nvidia Toolkit Flaw Exposes AI Cloud Services to Hacking appeared first on SecurityWeek.
Anne Arundel Dermatology said hackers had access to its systems for three months and may have stolen personal and health information.
The post Anne Arundel Dermatology Data Breach Impacts 1.9 Million People appeared first on SecurityWeek.
A settlement has been reached in the class action brought by investors against Meta over the Cambridge Analytica incident, but details have not been shared.
The post Settlement Reached in Investors’ Lawsuit Against Meta CEO Mark Zuckerberg and ...
Strata Identity introduced a new product, Identity Orchestration for AI Agents. Built on Strata’s Maverics vendor-agnostic identity fabric and hybrid air-gap architecture, it provides identity guardrails and observability for AI agents without ...
In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an eleventh-hour reprieve saved the day. While CVEs do not encompass the ...
In this Help Net Security interview, Galal Ibrahim Maghola, former Head of Cybersecurity at G42 Company, discusses strategic approaches to implementing DevSecOps at scale. Drawing on experience in regulated industries such as finance, telecom, ...