Application Security News and Articles
The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges.
The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek.
Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution.
The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek.
Backslash Security announced the launch of its end-to-end solution for the secure use of Model Context Protocol (MCP) servers across software development environments. As organizations increasingly adopt AI-native coding agents and integrated ...
Dozens of vulnerabilities have been patched by the industrial giants across their products.
The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider appeared first on SecurityWeek.
BigID announced Activity Explorer, a new capability that delivers auditability and granular activity investigation to strengthen insider risk detection and response. With Activity Explorer, organizations can review, search, and analyze activity ...
Apptega revealed its Policy Manager module, expanding the company’s platform to automate the creation, review, and oversight of custom business policies. With this enhancement, Apptega enables partners and in-house security and compliance teams ...
Protecto launched Protecto Vault, a SaaS platform designed specifically for AI agent builders. Featuring a pay-as-you-go model, Vault removes the primary barrier to AI adoption: enterprise refusal to share sensitive data due to security, PII ...
Skyhigh Security announced the launch of its risk-focused data visibility and compliance dashboard as part of Skyhigh DSPM’s Data Explorer. In April 2025, Data Security Posture Management (DSPM) was integrated into Skyhigh Security’s SSE ...
The PCIe flaws, found by Intel employees, can be exploited for information disclosure, escalation of privilege, or DoS.
The post Intel, AMD Processors Affected by PCIe Vulnerabilities appeared first on SecurityWeek.
In this Help Net Security interview, Stefan Braun, CISO at Henkel, discusses how smart manufacturing environments introduce new cybersecurity risks. He explains where single points of failure hide, how attackers exploit legacy systems, and why ...
Cybersecurity leaders spend much of their time watching how threats and tools change. A new study asks a different question, how has the research community itself changed over the past two decades. Researchers from the University of Southampton ...
UTMStack is an open-source unified threat management platform that brings SIEM and XDR features into one system. The project focuses on real time correlation of log data, threat intelligence, and malware activity patterns gathered from different ...
LLMs are moving deeper into enterprise products and workflows, and that shift is creating new pressure on security leaders. A new guide from DryRun Security outlines how these systems change long standing assumptions about data handling, ...
A SOX audit can reveal uncomfortable truths about how a company handles access to financial systems. Even organizations that invest in strong infrastructure often discover that everyday password habits weaken the controls they thought were solid. ...
Britain and its allies face escalating “hybrid threats … designed to weaken critical national infrastructure, undermine our interests and interfere in our democracies.”
The post UK Sanctions Russian and Chinese Firms Suspected of Being ...
The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs.
The post Adobe Patches Nearly 140 Vulnerabilities appeared first on SecurityWeek.
Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges.
The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek.
Promotions across Microsoft’s security organization reinforce the company’s shift toward AI-driven defense and tighter operational oversight under Global CISO Igor Tsyganskiy.
The post Microsoft Names New Operating CISOs in Strategic Move to ...
Noma Security today revealed it has discovered a vulnerability in the enterprise edition of Google Gemini that can be used to inject a malicious prompt that instructs an artificial intelligence (AI) application or agent to exfiltrate data. Dubbed ...
The AI-powered platform autonomously conducts security design reviews and proactively identifies design flaws across development work.
The post Prime Security Raises $20 Million to Build Agentic Security Architect appeared first on SecurityWeek.
