Application Security News and Articles
Software and AI supply chain transparency firm Manifest has raised $15 million in a Series A funding round led by Ensemble VC.
The post Manifest Raises $15 Million for SBOM Management Platform appeared first on SecurityWeek.
Noteworthy stories that might have slipped under the radar: former Disney employee sent to prison for hacking, MITRE releases ATT&CK v17, DDoS botnet powered by 1.3 million devices.
The post In Other News: Prison for Disney Hacker, MITRE ...
Multiple South Korean organizations across industries have been targeted in a recent Lazarus campaign dubbed Operation SyncHole.
The post South Korean Companies Targeted by Lazarus via Watering Hole Attacks, Zero-Days appeared first on SecurityWeek.
From ransomware attacks disrupting school systems to phishing scams targeting student credentials, educational institutions are prime targets for cybercriminals. Cybersecurity education is critical to protecting individual students and the vast, ...
Hundreds of companies are showcasing their products and services next week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 – Pre-Event Announcements Summary (Part 2) appeared first on SecurityWeek.
If a company as big as Bybit can lose over a billion, it points to a much deeper issue and that should alarm anyone in crypto.
The post Who’s to Blame for Bybit? appeared first on Security Boulevard.
A zero-day vulnerability in SAP NetWeaver potentially affects more than 10,000 internet-facing applications.
The post SAP Zero-Day Possibly Exploited by Initial Access Broker appeared first on SecurityWeek.
Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). Two of the flaws – CVE-2025-25184 and CVE-2025-27111 – could ...
A new attack technique named Policy Puppetry can break the protections of major gen-AI models to produce harmful outputs.
The post All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack appeared first on ...
Discover how implementing Escape x Wiz integration helped the DoubleVerify AppSec team achieve full API visibility and accelerate targeted remediation.
The post How DoubleVerify Achieved Full API Visibility and Security with Wiz and Escape ...
The world that feeds us is digital, and web applications are the backbone of many organizations. Be it e-commerce, healthcare, BFSI, or any other industry, web apps store and process sensitive data on a daily basis. As the saying goes, ‘With ...
Company Overview Aurascape is a cybersecurity startup founded in 2023 and headquartered in Santa Clara, California, USA. The company was co-founded by senior security experts and engineers from world-class technology companies such as Palo Alto ...
Microsoft has announced the retirement of Entra Permissions Management (formerly CloudKnox), with sales ending June 30, 2025. EPM offered valuable visibility into cloud permissions, helping teams identify overprivileged identities across AWS, ...
As cloud environments become more complex, ensuring robust security for your cloud infrastructure is no longer an option, but a necessity.
The post Cloud Infrastructure Security: Threats, Challenges & How to Protect Your Data appeared ...
Detectify announced new Asset Classification and Scan Recommendations capabilities. This innovation directly addresses a critical challenge for security teams: knowing what else, beyond their core applications, requires in-depth testing. The new ...
Rubrik announced its upcoming solution, Identity Resilience, designed to secure the entire identity landscape alongside data. Identity Resilience aims to protect the most common entry points for attackers – human and non-human identities (NHIs) ...
BreachLock AEV automates multistep, threat-intelligence-led attack scenarios—helping security teams uncover real exposures and prioritize what matters most. Going beyond just showing security teams their risk, BreachLock Adversarial Exposure ...
Dashlane unveiled a new approach to addressing human risk in response to the rise of AI-driven phishing attacks and shadow IT in corporate environments. Built on innovation that pushes beyond vault-based password management, Dashlane Omnix is ...
As cloud app adoption continues to rise, and the modern workplace continues to evolve, LastPass will introduce a new approach to democratize access management. Built with the needs of small-to-mid-sized businesses in mind, Secure Access ...
Introduction As generative artificial intelligence (GenAI) and large language models (LLM) rapidly penetrate corporate operations, data leakage and privacy risks have become major challenges faced by enterprises. Knostic, a startup founded in ...
