Application Security News and Articles


40 open-source tools redefining how security teams secure the stack

Open source security software has become a key way for teams to get flexibility, transparency, and capability without licensing costs. The free tools in this roundup address problems security teams deal with, from managing large environments to ...

LLM vulnerability patching skills remain limited

Security teams are wondering whether LLMs can help speed up patching. A new study tests that idea and shows where the tools hold up and where they fall short. The researchers tested LLMs from OpenAI, Meta, DeepSeek, and Mistral to see how well ...

Password habits are changing, and the data shows how far we’ve come

In this Help Net Security video, Andréanne Bergeron, Security Researcher at Flare, explains how changes in user habits, policy shifts, and new tools have shaped password security over nearly twenty years. She walks through research based on ...

Product showcase: Tuta – secure, encrypted, private email

Tuta, formerly known as Tutanota, is built for anyone who wants email that stays private. Instead of treating encryption like a bonus feature, the service encrypts almost everything by default. That means your messages are locked down from the ...

Teamwork is failing in slow motion and security feels it

Security leaders often track threats in code, networks, and policies. But a quieter risk is taking shape in the everyday work of teams. Collaboration is getting harder even as AI use spreads across the enterprise. That tension creates openings ...

How does Agentic AI empower cybersecurity teams?

Can Agentic AI Revolutionize Cybersecurity Practices? Where digital threats consistently challenge organizations, how can cybersecurity teams leverage innovations to bolster their defenses? Enter the concept of Agentic AI—a technology that ...

What makes smart secrets management essential?

How Are Non-Human Identities Revolutionizing Cybersecurity? Have you ever considered the pivotal role that Non-Human Identities (NHIs) play in cyber defense frameworks? When businesses increasingly shift operations to the cloud, safeguarding ...

Microsoft Patch Tuesday 2025 Year in Review

Microsoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft's 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE ...

SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks In Split Learning

Session 5C: Federated Learning 1 Authors, Creators & Presenters: Phillip Rieger (Technical University of Darmstadt), Alessandro Pegoraro (Technical University of Darmstadt), Kavita Kumari (Technical University of Darmstadt), Tigist Abera ...

Response to CISA Advisory (AA25-343A): Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure

AttackIQ has issued recommendations in response to the Cybersecurity Advisory (CSA) released by the Cybersecurity and Infrastructure Security Agency (CISA) on December 9, 2025, which details the ongoing targeting of critical infrastructure by ...

NIST Plans to Build Threat and Mitigation Taxonomy for AI Agents

The U.S. National Institute of Standards and Technology (NIST) is building a taxonomy of attack and mitigations for securing artificial intelligence (AI) agents. Speaking at the AI Summit New York conference, Apostol Vassilev, a research team ...

Preparing for Cisco Vulnerability Management (formerly Kenna) End-of-Life: How Tenable Can Help

Cisco Vulnerability Management (formerly Kenna) has long been a valuable partner for security teams. With its end-of-life now underway, Tenable One offers a clear path forward, delivering end-to-end unified exposure management for the future of ...

Randall Munroe’s XKCD ‘Beam Dump’

via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Beam Dump’ appeared first on Security Boulevard.

Ring-fencing AI Workloads for NIST and ISO Compliance 

AI is transforming enterprise productivity and reshaping the threat model at the same time. Unlike human users, agentic AI and autonomous agents operate at machine speed and inherit broad network permissions and embedded credentials. This creates ...

When Vendors Become the Vulnerability: What the Marquis Software Breach Signals for Financial Institutions

In December 2025, a ransomware attack on Marquis Software Solutions, a data analytics and marketing vendor serving the financial sector, compromised sensitive customer information held by multiple banks and credit unions, according to ...

NDSS 2025 – Passive Inference Attacks On Split Learning Via Adversarial Regularization

Session 5C: Federated Learning 1 Authors, Creators & Presenters: Xiaochen Zhu (National University of Singapore & Massachusetts Institute of Technology), Xinjian Luo (National University of Singapore & Mohamed bin Zayed University of ...

Israeli Cybersecurity Funding Hits $4.4 Billion Record High

Over the past decade, overall funding in Israeli cybersecurity companies has increased by more than 500%, according to YL Ventures.  The post Israeli Cybersecurity Funding Hits $4.4 Billion Record High appeared first on SecurityWeek.

Gartner’s AI Browser Ban: Rearranging Deck Chairs on the Titanic

The cybersecurity world loves a simple solution to a complex problem, and Gartner delivered exactly that with its recent advisory: “Block all AI browsers for the foreseeable future.” The esteemed analyst firm warns that agentic ...

Virtual Event Today: Cyber AI & Automation Summit

Join to access sessions aimed at educating, inspiring, and provoking new ways of thinking about the hype and promise surrounding AI-powered enterprise security solutions and the threats posed by adversarial use of AI. The post Virtual Event ...

US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups

Victoria Dubranova faces over 25 years in prison for links to Russia-backed CARR and NoName hacktivist groups. The post US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups appeared first on SecurityWeek.