Application Security News and Articles


The 2025 WAF Wave from the Other Side

Forrester just published its 2025 Web application Firewall Wave. As a former industry analyst, and as a contributor on the vendor side for Imperva (cough, a leader in the report, cough), let me share some reactions on the shape of this report. ...

How Contrast ADR Speeds up SOC Incident Response Time| SOC Challenges From Alert Fatigue to Application-Layer Visibility | Contrast Security

Just because you work in a security operations center (SOC) doesn’t mean you have to waste your time chasing  dragons. And by “dragons,” we mean the traditional SOC’s difficulty identifying cyberattacks that originate in the black box of ...

BSidesLV24 – IATC – Security Trek: The Next Generation

Author/Presenter: Ira Victor Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and ...

Juniper Routers, Network Devices Targeted with Custom Backdoors

Backdoored Juniper networking devices are at the center of two major cybersecurity stories that highlight the ongoing vulnerability and active targeting of network infrastructure by cyber adversaries. J-Magic and TINYSHELL The first story broke ...

Splunk Patches Dozens of Vulnerabilities

Splunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App. The post Splunk Patches Dozens of Vulnerabilities appeared first on SecurityWeek.

What’s New in CodeSonar 9.0

CodeSonar 9.0 is an exciting upgrade, with increased analysis performance, improved DISA STIG reporting, and Android 15 support. We recommend customers update to this version of CodeSonar as soon as possible to get access to these benefits. ...

Randall Munroe’s XKCD ‘Square Units’

via the comic humor & dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Square Units’ appeared first on Security Boulevard.

Russian Espionage Group Using Ransomware in Attacks

Russian-speaking espionage group RedCurl has been deploying ransomware on victims’ networks in a recent campaign. The post Russian Espionage Group Using Ransomware in Attacks appeared first on SecurityWeek.

How to manage and protect your biometric data

Biometric data refers to unique physical or behavioral characteristics that are used to verify a person’s identity. Revoking or changing biometric data is more complicated than changing passwords. Unlike passwords, biometric identifiers like ...

CVE-2025-29927: Next.js Middleware Authorization Bypass Flaw

IntroductionOn March 21, 2025, a critical vulnerability, CVE-2025-29927, was publicly disclosed with a CVSS score of 9.1, signifying high severity. Discovered by security researcher Rachid Allam, the flaw enables attackers to bypass authorization ...

UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach 

The UK ICO has fined Advanced Computer Software Group £3 million ($3.8 million) over a 2022 data breach resulting from a ransomware attack. The post UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach  appeared first on ...

Deleting DNA Data From 23andMe

​23andMe, the prominent consumer genetic testing company, filed for Chapter 11 bankruptcy on March 23, 2025, due to declining demand for its services and a significant data breach affecting millions of users. Co-founder Anne Wojcicki resigned ...

The Essential Role of Supply Chain Security in ASPM

Threat actors are continuously evolving their tactics to exploit vulnerabilities and gain unauthorized access. That increasingly involves attacks targeting the software supply chain. The post The Essential Role of Supply Chain Security in ASPM ...

AI Can Now Reverse Engineer Malware – 3 Tools For Your Arsenal

Three powerful AI tools enable analysts to automate complex binary analysis. See how security teams can reverse engineer without additional headcount. The post AI Can Now Reverse Engineer Malware – 3 Tools For Your Arsenal appeared first on ...

BSidesLV24 – IATC – Living With the Enemy – How To Protect Yourself (And Energy Systems)

Author/Presenter: Emma Stewart Ph.D. Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & ...

UK NCSC offers security guidance for domain and DNS registrars

The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services. “DNS registrars have an important role to help counter domain abuses throughout their ...

A closer look at The Ultimate Cybersecurity Careers Guide

In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her latest book, The Ultimate Cybersecurity Careers Guide. She shares insights on how aspiring professionals can ...

The Importance of Allyship For Women in Cyber

Interview with Taylor Pyle, a Cybersecurity Engineer at Viasat on her experience with both cyber and mentorship. The post The Importance of Allyship For Women in Cyber appeared first on SecurityWeek.

Legit’s prevention dashboard helps security teams proactively stop vulnerabilities

Legit Security launched a new Legit AppSec risk prevention dashboard. The new dashboard helps reduce the time, costs, and effort of fixing vulnerabilities by preventing issues in the first place. Legit’s prevention dashboard allows ...

G2 Names INE 2025 Cybersecurity Training Leader

Cary, North Carolina, 27th March 2025, CyberNewsWire The post G2 Names INE 2025 Cybersecurity Training Leader appeared first on Security Boulevard.