Application Security News and Articles
Network infrastructure serves as the backbone of every organization’s IT ecosystem. Ensuring the security, efficiency, and reliability of network devices such as routers, switches, and firewalls is essential to maintaining...
The post Guide to ...
The Channel Partners Conference & Expo, co-located with the MSP Summit, took place from March 24-27, 2025, at The Venetian Resort & Expo in Las Vegas. Recognized as the world’s largest channel event, it brought together over 7,800 ...
Authors/Presenters: Karl Holmqvist, Beau Woods
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites ...
In today’s evolving digital landscape, cyber threats are becoming increasingly sophisticated, targeting organizations of all sizes. Traditional security measures struggle to keep up with the sheer volume and complexity of modern cyberattacks. ...
Modern software is largely assembled from open source components, constituting up to 90% of today's codebases. Managing the security and compliance risks associated with this external code is no longer optional — it's a core part of software ...
Analysis found that 99% of healthcare organizations are vulnerable to publicly available exploits.
The post Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware appeared first on SecurityWeek.
Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers.
The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek.
Palo Alto, USA, 28th March 2025, CyberNewsWire
The post SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk appeared first on Security Boulevard.
Noteworthy stories that might have slipped under the radar: Key members of Hellcat ransomware group identified, controversy around CrushFTP flaw CVE, NYU website hacked and defaced.
The post In Other News: Hellcat Hackers Unmasked, CrushFTP Bug ...
Rather than simply exposing buried truths of the assassination, the final tranche of JFK files also exposed the personal information, including social security numbers, of a parade of people associated with the decades-long investigation, many of ...
OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access. By tightly integrating with identity ...
HTTPS certificate issuance now requires Multi-Perspective Issuance Corroboration and linting to improve validation.
The post New Issuance Requirements Improve HTTPS Certificate Validation appeared first on SecurityWeek.
This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea is that AIs can act as trusted third parties:
Abstract: We often interact with ...
The Shift from Compliance-Driven GRC to Dynamic Cyber Risk Management
The world of cybersecurity has undergone a dramatic transformation, moving beyond simple checklists and technical jargon. The focus has shifted from siloed governance, risk, ...
Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s ...
A threat actor tracked as Morphing Meerkat abuses DNS mail exchange (MX) records to deliver spoofed login pages.
The post Morphing Meerkat Phishing Kits Target Over 100 Brands appeared first on SecurityWeek.
The Grandoreiro banking trojan has reemerged in new campaigns targeting users in Latin America and Europe.
The post Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe appeared first on SecurityWeek.
Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day.
The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on ...
Overview Recently, NSFOCUS CERT detected that the Babuk2 group has been frequently publishing sensitive data of several well-known organizations on its dark web site. The data is from multiple sectors, including government, finance, internet, ...
Overview Recently, NSFOCUS CERT detected that Vite issued a security announcement and fixed the arbitrary file reading vulnerability of Vite (CVE-2025-30208). Since the Vite development server does not strictly verify the path when processing URL ...
