Application Security News and Articles
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006.
Key takeaways:
CVE-2025-40602 is a local privilege escalation vulnerability in the appliance ...
Session 6B: Confidential Computing 1
Authors, Creators & Presenters: Caihua Li (Yale University), Seung-seob Lee (Yale University), Lin Zhong (Yale University)
PAPER
Blindfold: Confidential Memory Management by Untrusted Operating ...
A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates ...
DataDome details how it aligns with CISA’s Secure by Design Pledge, outlining strong authentication, secure defaults, supply chain security, logging, and transparency.
The post DataDome’s Commitment to the CISA Secure by Design Pledge ...
Learn why running AI agents on every SOC alert can spike cloud costs. See how bounded workflows make agentic triage reliable and predictable.
The post The Hidden Cost of “AI on Every Alert” (And How to Fix It) appeared first on D3 ...
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
Permalink
The post Randall Munroe’s XKCD ‘Geologic Core Sample’ appeared first on Security Boulevard.
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. ...
Session 6B: Confidential Computing 1
Authors, Creators & Presenters: Caihua Li (Yale University), Seung-seob Lee (Yale University), Lin Zhong (Yale University)
PAPER
Blindfold: Confidential Memory Management by Untrusted Operating ...
28 apps secured. 37 orgs monitored. 14,600 issues resolved. See how a global airline strengthened SaaS security with AppOmni.
The post Inside the Global Airline that Eliminated 14,600 SaaS Security Issues with AppOmni appeared first on ...
Setelah bermenit-menit bahkan berlalu menjadi jam, menatap sebuah layar kotak bercahaya di depan indra penglihatan ku. Ragaku membeku…Continue reading on Medium »
For years, artificial intelligence sat at the edges of cybersecurity conversations. It appeared in product roadmaps, marketing claims, and isolated detection use cases, but rarely altered the fundamental dynamics between attackers and defenders. ...
A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait ...
A Chrome browser extension with 6 million users, as well as seven other Chrome and Edge extensions, for months have been silently collecting data from every AI chatbot conversion, packaging it, and then selling it to third parties like ...
Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf ...
The Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must ...
The trucking industry group has released its 2026 Transportation Industry Cybersecurity Trends Report.
The post NMFTA Warns of Surge and Sophistication of Cyber-Enabled Cargo Theft appeared first on SecurityWeek.
As holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.”
But for security teams, it was something more specific – the year APIs, AI agents, and MCP servers collided ...
A first-person journey from undetected fraud to defending trust—how life events, neurodiversity, and hard-won insight shaped a former fraudster into a fraud fighter.
The post Hacker Conversations: Alex Hall, One-time Fraudster appeared first on ...
The malware provides full device control and real-time surveillance capabilities like those of advanced spyware.
The post New $150 Cellik RAT Grants Android Control, Trojanizes Google Play Apps appeared first on SecurityWeek.
Introduction Let’s be honest — passwords are a pain. They’re either too simple and easy to guess, or so complicated […]
The post How Passkeys Work (Explained Simply) appeared first on Security Boulevard.
