Application Security News and Articles
What is Single Sign-On (SSO)
richard-r.stew…
Fri, 08/22/2025 - 16:53
Single Sign-On (SSO) [GO1] is an authentication model in which a user logs in once with a set of credentials to gain access to multiple applications. It forms a key part ...
Noah Michael Urban, a 20-year-old Florida man, was sentenced for his role as a member of the notorious Scattered Spider threat group in a series of phishing and other scams between 2022 and 2023 in which they got victims' credentials and used ...
Dubbed Operation Serengeti 2.0, the operation took place between June and August.
The post Large Interpol Cybercrime Crackdown in Africa Leads to the Arrest of Over 1,200 Suspects appeared first on SecurityWeek.
Creator, Author and Presenter: Reed Loden
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events ...
In its recently released 2025 Threat Hunting Report, Crowdstrike pointed out an interesting trend: a 136% surge in cloud intrusions. A good chunk of this surge is due to “China-nexus adversaries”, Murky Panda (aka Silk Typhoon) among ...
Organizations nowadays are struggling with a growing IT environment, cloud-based workloads, APIs, IoT devices, and containerized applications are just a few of the ingredients thrown into the mix. With every...
The post Automated Vulnerability ...
A survey of 400 cybersecurity professionals from organizations with more than 500 employees finds about half of organizations investigate between 70% and 89% of cloud security alerts within 24 hours. Conducted by CyberEdge Group on behalf of ...
From astroturfing Reddit to evading anti-cheating tools, InterviewHammer exposes a darker side of AI in hiring
The post The Rise of AI-Powered Interview Cheating appeared first on Security Boulevard.
It’s like some sort of digital age version of To Tell the Truth, the ancient TV show where three challengers claim to be the same person and the contestants have to guess which one is the real deal—typically with dismal results. So it goes ...
July’s Application Detection and Response data revealed two standout events: a concentrated malicious campaign using multiple attack types against one organization, and an unprecedented spike that hit another organization with more than 2 ...
Noteworthy stories that might have slipped under the radar: cryptojacker sentenced to prison, ECC.fail Rowhammer attack, and Microsoft limits China’s access to MAPP.
The post In Other News: McDonald’s Hack, 1,200 Arrested in Africa, ...
Silk Typhoon was seen exploiting Citrix NetScaler and Commvault vulnerabilities for initial access to victim systems.
The post Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day appeared first on SecurityWeek.
Check out the FBI’s alert on Russia-backed hackers infiltrating critical infrastructure networks via an old Cisco bug. Plus, MITRE dropped a revamped list of the most important critical security flaws. Meanwhile, NIST rolled out a battle plan ...
Think of the Web as a digital territory with its own social contract. In 2014, Tim Berners-Lee called for a “Magna Carta for the Web” to restore the balance of power between individuals and institutions. This mirrors the original charter’s ...
Unrestricted Resource Consumption (API4:2023) is the only threat category in the OWASP API Security Top 10 explicitly dedicated to Denial of Service (DoS) and resource abuse. But despite being just one category, attackers can exploit it in many ...
This is my third in a three-part series unpacking OpenAI’s June 2025 threat intelligence report and what it signals for enterprise communication security.
The post Pro Tip for Cybercriminals… (Part 3) appeared first on Security Boulevard.
Davis Lu was sentenced to four years in prison for installing malicious code on employer’s systems and for deleting encrypted data.
The post Developer Who Hacked Former Employer’s Systems Sentenced to Prison appeared first on SecurityWeek.
CPAP Medical Supplies and Services has disclosed a data breach resulting from an intrusion that occurred in December 2024.
The post CPAP Medical Data Breach Impacts 90,000 People appeared first on SecurityWeek.
AWS has addressed a vulnerability that could have been leveraged to bypass Trusted Advisor’s S3 bucket permissions check.
The post AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure appeared first on SecurityWeek.
Authorities in Africa have arrested 1,209 people in an Interpol-led crackdown on cybercrime that targeted nearly 88,000 victims. 11,432 malicious infrastructures were dismantled during Operation Serengeti 2025 (Source: Interpol) Operation ...
