Application Security News and Articles


Gogs Remote Command Execution Vulnerability (CVE-2024-56731)

Overview Recently, NSFOCUS CERT detected that Gogs issued a security bulletin and fixed the Gogs remote command execution vulnerability (CVE-2024-56731); Due to the incomplete CVE-2024-39931 fix, an authenticated attacker can delete files in the ...

Bitdefender GravityZone EASM reduces threat exposure

Bitdefender announced Bitdefender GravityZone External Attack Surface Management (EASM), a new solution that gives businesses, managed service providers (MSPs) and their customers comprehensive visibility into their internet-facing assets and ...

Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted ...

Critical Citrix NetScaler Flaw Exploited as Zero-Day

Citrix has released patches for a critical vulnerability in NetScaler ADC and NetScaler Gateway exploited as a zero-day. The post Critical Citrix NetScaler Flaw Exploited as Zero-Day appeared first on SecurityWeek.

Google’s Gemini CLI brings open-source AI agents to developers

Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, extensible, and usable for developers working outside the IDE. The tool, simply ...

Trend Micro Scam Radar analyzes different communications methods used by scammers

Trend Micro launched Scam Radar, a new feature within the Trend Micro ScamCheck app. Scam Radar offers real-time protection by identifying scam tactics utilized by cybercriminals as they happen, alerting users early and empowering them to take ...

Building cyber resilience in always-on industrial environments

In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber ...

CC Signals lets you set boundaries with AI without locking down your work

Creative Commons introduced CC Signals, a new framework that helps data and content owners communicate how they want their work used by AI systems. The idea is to build a shared understanding of what’s acceptable, and to encourage more fair and ...

Building Security In: Four Essential CI/CD Pipeline Use Cases for Code Security

In today’s fast-paced software development landscape, Continuous Integration and Continuous Delivery (CI/CD) pipelines are the engine of…Continue reading on Medium »

Breaking the cycle of attack playbook reuse

Threat actors have learned an old business trick: find what works, and repeat it. Across countless cyberattacks, Bitdefender has observed adversaries consistently applying the same steps—the same techniques, the same security bypass ...

Axiad Confirm validates users before issuing certificates

Axiad launched Axiad Confirm, a new, automated identity verification solution. Axiad Confirm, integrated within the Axiad Conductor credential management system (CMS), ensures secure identity verification before issuing robust credentials like ...

Embed’s agentic security platform triages and investigates security alerts

Embed Security unveiled its agentic security platform that autonomously triages and investigates alerts, empowering detection and response teams to focus on what matters most. “Over the last 90 days of using Embed, we’ve saved ...

Kanister: Open-source data protection workflow management tool

Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts of running these tasks on Kubernetes and gives a consistent way to ...

When synthetic identity fraud looks just like a good customer

People may assume synthetic identity fraud has no victims. They believe fake identities don’t belong to real people, so no one gets hurt. But this assumption is wrong. What is synthetic identity fraud? Criminals create fake identities by ...

Most AI and SaaS apps are outside IT’s control

60% of enterprise SaaS and AI applications operate outside IT’s visibility, according to CloudEagle.ai. This surge in invisible IT is fueling a crisis in AI identity governance, leading to increased breaches, audit failures, and compliance ...

How AI is Transforming the Legal Profession

AI isn't replacing lawyers—it's liberating them from mundane tasks to focus on strategy and human connection. From transforming document review to democratizing legal expertise for small firms, artificial intelligence is reshaping how legal ...

Lessons from the Titanic: when you don’t respond to a crisis

When the RMS Titanic hit an iceberg on 15 April 1912, she set off flares and her wireless operator sent out a distress call. The RMS Carpathia responded, but by the time she arrived, the Titanic had already sunk: only those who had made it to the ...

Is Container OS Insecurity Making Your K8s Infrastructure Less Secure?

The decision to adopt a purpose-built container operating system (OS) versus maintaining a standard OS across legacy and cloud-native systems depends on your organization’s risk tolerance, compliance requirements, and visibility needs. Below is ...

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability ...

Creating an Impenetrable Secrets Vault for Your Business

Why is the Management of Non-Human Identities and Secrets Crucial for Business Protection? Could your organization withstand a security breach? With the exponential growth, the risk of cyber threats has equally increased, making cybersecurity ...