Application Security News and Articles
GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.
The post Security Lessons For All From GitHub’s Hardened Package ...
Unknown attackers claiming affiliation with the Cl0p extortion gang are hitting business and IT executives at various companies with emails claiming that they have exfiltrated sensitive data from the firms’ Oracle E-Business Suite (EBS). ...
Some security teams are taking a do-it-yourself approach to exposure management, according to a recent study conducted by Enterprise Strategy Group, now part of Omdia, in partnership with Tenable. But are they really ready for the hidden costs ...
Get details on how AI is introducing new risk to software.
The post The Risks of AI-Generated Software Development appeared first on Security Boulevard.
The Canadian airline fell victim to a cyberattack in June and has completed the analysis of stolen information.
The post 1.2 Million Impacted by WestJet Data Breach appeared first on SecurityWeek.
The hackers stole names, contact details, Social Security numbers, and driver’s license numbers in an August 19 ransomware attack.
The post 766,000 Impacted by Data Breach at Dealership Software Provider Motility appeared first on SecurityWeek.
The attack uses a passive interposer to control the SGX enclave and extract the DCAP attestation key, breaking the mechanism.
The post WireTap Attack Breaks Intel SGX Security appeared first on SecurityWeek.
For this Cybersecurity Awareness Month, we thought it important to draw attention to some of the most common and dangerous API vulnerabilities. This week, we’re starting with Broken Object Level Authorization (BOLA). BOLA vulnerabilities ...
The attackers are claiming to be affiliated with the notorious Cl0p ransomware group and links have been found to FIN11.
The post Cybercriminals Claim Theft of Data From Oracle E-Business Suite Customers appeared first on SecurityWeek.
The company plans to triple its engineering and go‑to‑market teams and to accelerate its agentic AI platform.
The post Zania Raises $18 Million for AI-Powered GRC Platform appeared first on SecurityWeek.
Nisos
Insider Threat Intelligence Solutions | Trend Analysis Report
Identifying potential insider threats requires vigilance and proactive monitoring of key behavioral, technical, and organizational indicators...
The post Insider Threat ...
ESET researchers have found two Android spyware campaigns aimed at people looking for secure messaging apps such as Signal and ToTok. The attackers spread the spyware through fake websites and social engineering. Researchers identified two ...
Santa Clara, Calif. Oct 2, 2025 – Recently, NSFOCUS held the AI New Product Launch in Beijing, comprehensively showcasing the company’s latest technological achievements and practical experience in AI security. With large language model ...
In July, hackers stole files containing names, addresses, dates of birth, and Social Security numbers from a cloud-based CRM.
The post 1.5 Million Impacted by Allianz Life Data Breach appeared first on SecurityWeek.
In this Help Net Security interview, Robert Sullivan, CIO & CISO at Agero, shares his perspective on automotive cybersecurity. He discusses strategies for developing mature security programs, meeting regulatory requirements, and addressing ...
Checkov is an open-source tool designed to help teams secure their cloud infrastructure and code. At its core, it’s a static code analysis tool for infrastructure as code (IaC), but it also goes a step further by providing software composition ...
LLMs and agentic systems already shine at everyday productivity, including transcribing and summarizing meetings, extracting action items, prioritizing critical emails, and even planning travel. But in the SOC (where mistakes have real cost), ...
A new study from the Karlsruhe Institute of Technology shows how geopolitical tensions shape cyberattacks on power grids, fuel systems, and other critical infrastructure. How the research was done Researchers reviewed major cyber threat databases ...
When an incident hits, every second matters. Yet too often, security teams find themselves stalled by manual firewall changes, policy approvals, and coordination across fragmented teams. The result? Prolonged exposure,...
The post Reducing Mean ...
A new security posture report on the biotech sector shows how quickly attackers could reach sensitive health data with only basic reconnaissance. Researchers needed less than two hours per company to uncover exposed genomic records, unprotected ...
