Application Security News and Articles


From Chatbot to Code Threat: OWASP’s Agentic AI Top 10 and the Specialized Risks of Coding Agents

  The post From Chatbot to Code Threat: OWASP’s Agentic AI Top 10 and the Specialized Risks of Coding Agents appeared first on Security Boulevard.

Rethinking Security as Access Control Moves to the Edge

The convergence of physical and digital security is driving a shift toward software-driven, open-architecture edge computing. Access control has typically been treated as a physical domain problem — managing who can open which doors, using ...

Hacks Up, Budgets Down: OT Oversight Must Be An IT Priority

OT oversight is an expensive industrial paradox. It’s hard to believe that an area can be simultaneously underappreciated, underfunded, and under increasing attack. And yet, with ransomware hackers knowing that downtime equals disaster and ...

Identity Management in the Fragmented Digital Ecosystem: Challenges and Frameworks

Modern internet users navigate an increasingly fragmented digital ecosystem dominated by countless applications, services, brands and platforms. Engaging with online offerings often requires selecting and remembering passwords or taking other ...

Attackers Worldwide are Zeroing In on React2Shell Vulnerability

Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat researchers see everything from probes and backdoors ...

AIs Exploiting Smart Contracts

I have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature. Here’s some interesting research on training AIs to automatically exploit smart contracts: AI models are increasingly good at ...

Guided redaction in Tonic Textual: Human-precision, streamlined by AI

Guided Redaction blends AI automation with human judgment to help teams finalize sensitive document redactions faster, more accurately, and with full auditability. The post Guided redaction in Tonic Textual: Human-precision, streamlined by AI ...

An Inside Look at the Israeli Cyber Scene

Alan breaks down why Israeli cybersecurity isn’t just booming—it’s entering a full-blown renaissance, with record funding, world-class talent, and breakout companies redefining the global cyber landscape. The post An Inside Look at the ...

AI for Tier 1 SOC: NIST-Aligned Incident Response

The post AI for Tier 1 SOC: NIST-Aligned Incident Response appeared first on AI Security Automation. The post AI for Tier 1 SOC: NIST-Aligned Incident Response appeared first on Security Boulevard.

NDSS 2025 – RAIFLE: Reconstruction Attacks On Interaction-Based Federated Learning

Session 5C: Federated Learning 1 Authors, Creators & Presenters: Dzung Pham (University of Massachusetts Amherst), Shreyas Kulkarni (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst) PAPER RAIFLE: ...

Looking Back at a Year of Mounting Risk but New Opportunities

It’s been another 12 months of high drama and escalating threats. For cybersecurity leaders managing risk in some of the world’s largest and most complex IT environments, the pressure from regulators, threat actors and the business continues ...

Virtual Event Today: Cyber AI & Automation Summit Day 2

Day two of the Cyber AI & Automation Summit kicks off at 11AM ET. If you weren't able to attend yesterday, all Day One sessions are already available on-demand. The post Virtual Event Today: Cyber AI & Automation Summit Day 2 appeared ...

Report Surfaces Multiple Novel Social Engineering Tactics and Techniques

HP’s latest threat report reveals rising use of sophisticated social engineering, SVG-based attacks, fake software updates, and AI-enhanced malware as cybercriminals escalate tactics to evade detection. The post Report Surfaces Multiple Novel ...

2026 API and AI Security Predictions: What Experts Expect in the Year Ahead

This is a predictions blog. We know, we know; everyone does them, and they can get a bit same-y. Chances are, you’re already bored with reading them. So, we’ve decided to do things a little bit differently this year.  Instead of bombarding ...

Former Accenture Employee Charged Over Cybersecurity Fraud

Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements. The post Former Accenture Employee Charged Over Cybersecurity Fraud appeared first on SecurityWeek.

The intelligent approach to achieve MISRA C++:2023 compliance

SonarQube provides an intelligent, high-precision, and integrated solution for development teams to achieve full, friction-free compliance with the MISRA C++:2023 coding standard for C++17 safety-critical applications. The post The intelligent ...

SonarQube Server 2025.6 is here: Vibe, then verify faster than ever

This release delivers deeper integrations, dramatically faster analysis, and unmatched support for the latest, most popular languages, helping your team embrace the “vibe, then verify” philosophy. The post SonarQube Server 2025.6 is here: ...

MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations

Eleven companies took part in the evaluations and several have boasted 100% detection and coverage rates. The post MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations appeared first on SecurityWeek.

Pierce County Library Data Breach Impacts 340,000

In April 2025, hackers stole personal information belonging to patrons and employees and their family members. The post Pierce County Library Data Breach Impacts 340,000 appeared first on SecurityWeek.

Beyond Cargo Audit: Securing Your Rust Crates in Container Images

Container image scanning has come a long way over the years, but it still comes with its own set of, often unique, challenges. One of these being the difficulty in analyzing images for vulnerabilities when they contain a Rust payload. If you’re ...