Application Security News and Articles
Overview Recently, NSFOCUS CERT detected that Gogs issued a security bulletin and fixed the Gogs remote command execution vulnerability (CVE-2024-56731); Due to the incomplete CVE-2024-39931 fix, an authenticated attacker can delete files in the ...
Bitdefender announced Bitdefender GravityZone External Attack Surface Management (EASM), a new solution that gives businesses, managed service providers (MSPs) and their customers comprehensive visibility into their internet-facing assets and ...
AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted ...
Citrix has released patches for a critical vulnerability in NetScaler ADC and NetScaler Gateway exploited as a zero-day.
The post Critical Citrix NetScaler Flaw Exploited as Zero-Day appeared first on SecurityWeek.
Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, extensible, and usable for developers working outside the IDE. The tool, simply ...
Trend Micro launched Scam Radar, a new feature within the Trend Micro ScamCheck app. Scam Radar offers real-time protection by identifying scam tactics utilized by cybercriminals as they happen, alerting users early and empowering them to take ...
In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber ...
Creative Commons introduced CC Signals, a new framework that helps data and content owners communicate how they want their work used by AI systems. The idea is to build a shared understanding of what’s acceptable, and to encourage more fair and ...
In today’s fast-paced software development landscape, Continuous Integration and Continuous Delivery (CI/CD) pipelines are the engine of…Continue reading on Medium »
Threat actors have learned an old business trick: find what works, and repeat it. Across countless cyberattacks, Bitdefender has observed adversaries consistently applying the same steps—the same techniques, the same security bypass ...
Axiad launched Axiad Confirm, a new, automated identity verification solution. Axiad Confirm, integrated within the Axiad Conductor credential management system (CMS), ensures secure identity verification before issuing robust credentials like ...
Embed Security unveiled its agentic security platform that autonomously triages and investigates alerts, empowering detection and response teams to focus on what matters most. “Over the last 90 days of using Embed, we’ve saved ...
Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts of running these tasks on Kubernetes and gives a consistent way to ...
People may assume synthetic identity fraud has no victims. They believe fake identities don’t belong to real people, so no one gets hurt. But this assumption is wrong. What is synthetic identity fraud? Criminals create fake identities by ...
60% of enterprise SaaS and AI applications operate outside IT’s visibility, according to CloudEagle.ai. This surge in invisible IT is fueling a crisis in AI identity governance, leading to increased breaches, audit failures, and compliance ...
AI isn't replacing lawyers—it's liberating them from mundane tasks to focus on strategy and human connection. From transforming document review to democratizing legal expertise for small firms, artificial intelligence is reshaping how legal ...
When the RMS Titanic hit an iceberg on 15 April 1912, she set off flares
and her wireless operator sent out a distress call. The RMS Carpathia
responded, but by the time she arrived, the Titanic had already sunk: only
those who had made it to the ...
The decision to adopt a purpose-built container operating system (OS) versus maintaining a standard OS across legacy and cloud-native systems depends on your organization’s risk tolerance, compliance requirements, and visibility needs. Below is ...
A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability ...
Why is the Management of Non-Human Identities and Secrets Crucial for Business Protection? Could your organization withstand a security breach? With the exponential growth, the risk of cyber threats has equally increased, making cybersecurity ...