Application Security News and Articles
Every time cyber defenders and companies discover new ways to block intrusions, attackers change their tactics and find a way around the defenses. “Living off the Land” (LOTL) is a prime example: since many detection tools became good ...
AI systems are now deeply embedded in business operations, and this introduces new security risks that traditional controls are not built to handle. The newly released A2AS framework is designed to protect AI agents at runtime and prevent ...
Biometric technologies were originally designed to improve security and streamline authentication, but they’re often misused in ways most people don’t notice. Like any system, biometrics has weaknesses that attackers can exploit. Biometric ...
In this Help Net Security video, William Dixon, Senior Executive at Intel 471, examines the future of third-party cyber risk and why it is a growing concern for organizations worldwide. As businesses become more interconnected, the digital ...
Cyber threats are shifting in 2025, and while large companies are still targets, attackers are turning their attention to smaller and mid-sized firms. According to Allianz’s Cyber Security Resilience 2025 report, hardened defenses at major ...
Orphaned secrets, including forgotten API keys, tokens, and credentials, create serious security risks. Learn how they happen, why they matter, and how secret management platforms like Doppler prevent them.
The post What happens when you forget ...
The post 10 File Threats That Slip Past Traditional Security—and How to Stop Them appeared first on Votiro.
The post 10 File Threats That Slip Past Traditional Security—and How to Stop Them appeared first on Security Boulevard.
The CISA law, which for 10 years has facilitated the wide sharing of threat information among private entities and the federal government that is a cornerstone of cybersecurity and national security, is likely to expire tonight if it's not ...
What is a Firewall Migration (and Why It Happens) A firewall migration is the process of moving rules, policies, and configurations from one firewall to another, whether that’s switching vendors,...
The post Firewall Migration Checklist: ...
Are Your Machine Identities As Secure as They Should Be? Machine identities—or Non-Human Identities (NHIs)—are akin to digital citizens journeying across the interconnected landscape of an organization’s network. But how secure are these ...
When the latest PCI DSS 4.0 requirements came into full effect in March 2025, organizations processing cardholder data faced new obligations to protect payment pages from client-side risks. Requirements such as 6.4.3 (script inventory, ...
Creator, Author and Presenter: Daniele Romanini, Resolve
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.
Permalink
The post USENIX 2025: PEPR ...
Learn how to transform sensitive data into a safe AI asset for fine-tuning LLMs. This guide walks through a notebook-based workflow in Amazon SageMaker.
The post Turn sensitive data into safe AI assets with Tonic Textual in Amazon SageMaker ...
Sep 30, 2025 - Lina Romero - In 2025, AI is everywhere, and so are AI vulnerabilities. OWASP’s Top Ten Risks for LLMs provides developers and security researchers with a comprehensive resource for breaking down the most common risks to AI ...
The Cold Hard Truth: Patches Are Not Enough In recent weeks, the cybersecurity world has seen urgent warnings from CISA and major vendors about the active exploitation of critical vulnerabilities. Specifically, zero-day exploits targeting Cisco ...
This online event is expected to attract more than 2,500 attendee registrations from around the world.
The post Call for Presentations Open for 2025 CISO Forum Virtual Summit appeared first on SecurityWeek.
Creator, Author and Presenter: Alex Kulesza
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.
Permalink
The post USENIX 2025: PEPR ’25 ...
Researchers found more methods for tricking an AI assistant into aiding sensitive data theft.
The post Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results appeared first on SecurityWeek.
The cooperative agreement between the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the not-for-profit Center for Internet Security is ending today, the agency has announced on Monday, and CISA will take it upon itself to offer ...
Sep 30, 2025 - Lina Romero - In 2025’s fast-moving cyber landscape, attacks are everywhere and AI and APIs are the biggest targets. We’ve spoken before about hackers exploiting Docker Swarm to launch cryptomining attacks, but now attackers ...
