Application Security News and Articles
SESSION
Session 3C: Mobile Security
-----------
-----------
Authors, Creators & Presenters: Chang Yue (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Kai Chen (Institute of Information Engineering, Chinese ...
IntroductionIn May 2025, Zscaler ThreatLabz discovered CVE-2025-50165, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8 that impacts the Windows Graphics Component. The vulnerability lies within windowscodecs.dll, ...
There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly ...
The Android malware is in development and appears to be mainly aimed at users in Europe.
The post New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages appeared first on SecurityWeek.
From secure service mesh rollouts to AI cluster hardening, see how KubeCon + CloudNativeCon NA 2025 redefined identity, trust, and governance in Kubernetes environments.
The post Trust Beyond Containers: Identity and Agent Security Lessons from ...
Oligo Security announced new capabilities to protect the broadest spectrum of AI deployments, including AI applications, LLMs, and agentic AI. The new platform modules address the largest blind spot in AI security by securing production AI ...
The AI-native social engineering defense (SED) platform will accelerate product innovation and expand its offerings.
The post Doppel Raises $70 Million at $600 Million Valuation appeared first on SecurityWeek.
A Chinese threat actor is exploiting known vulnerabilities in discontinued Asus devices in an Operational Relay Box (ORB) facilitation campaign.
The post Over 50,000 Asus Routers Hacked in ‘Operation WrtHug’ appeared first on ...
ISO 27001 provides a comprehensive framework to ensure organisations understand and manage their information security risks, and validates that appropriate controls are in place to mitigate those risks. Penetration testing plays a critical role ...
A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. Multi-stage delivery Dubbed DigitStealer by Jamf researchers, this ...
Media Land, Hypercore, and their leadership and employees are allegedly connected to various cybercriminal activities.
The post US and Allies Sanction Russian Bulletproof Hosting Service Providers appeared first on SecurityWeek.
Google has filed a complaint in court that details the scam:
In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily ...
Every click, post, and search leaves a data trail online — and it’s called a digital footprint. Digital footprints are a record of a person’s online activity across all websites, apps, and social media platforms. Whether you’re uploading ...
Researchers demonstrated a now-patched vulnerability that could have been used to enumerate all WhatsApp accounts.
The post Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts appeared first on SecurityWeek.
What is an SSL Certificate? An SSL certificate is a digital file that verifies a website’s identity and establishes an encrypted connection between the server and a web browser. An SSL certificate allows for the safe transmission of sensitive ...
A proof-of-concept (PoC) exploit targeting the high-severity remote code execution (RCE) bug exists.
The post Recent 7-Zip Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Bedrock Data announced Bedrock Data ArgusAI and Natural Language Policy. ArgusAI is a new product that expands the company’s capabilities into artificial intelligence governance. It allows enterprises to understand what data their AI models and ...
Originally published at Regulatory Landscape: DMARC, GDPR, DORA & What Businesses Need to Know in 2025 by Amanda E. Clark.
In 2025, compliance is key to remaining in ...
The post Regulatory Landscape: DMARC, GDPR, DORA & What Businesses ...
ID-Pal has announced a major enhancement to its document-fraud detection feature, ID-Detect, delivering even more powerful defences against AI-generated digital manipulation—one of the fastest-growing threats facing financially regulated ...
Deepfake-powered fraud is exploding as attackers weaponize AI to impersonate executives and bypass trust. Learn why detection alone fails and how AI-driven verification restores security.
The post AI vs. AI: Why Deepfake Detection Alone Won’t ...
