Application Security News and Articles
The vulnerabilities are described as code execution and mitigation bypass issues that affect Apple’s iOS, iPadOS and macOS platforms.
The post Apple Quashes Two Zero-Days With iOS, MacOS Patches appeared first on SecurityWeek.
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.
Background
The Tenable Security Response Team ...
Author/Presenter: Mike Larkin
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and ...
Our engineering team has been busy behind the scenes building and improving our cybersecurity and safety products. We’ve been gathering feedback from our amazing customers (that’s you!) and turning it into new features and upgrades across the ...
via the comic humor & dry wit of Randall Munroe, creator of XKCD
Permalink
The post Randall Munroe’s XKCD ‘Anachronym Challenge’ appeared first on Security Boulevard.
Yesterday's headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today. Overnight, ...
The US government's cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational.
The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek.
The 2025 PyPI supply chain attack is a stark reminder of just how vulnerable cloud ecosystems remain to sophisticated, stealthy, and evolving threats.
The post Why the 2025 PyPI Attack Signals a New Era in Cloud Risk appeared first on Security ...
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for ...
This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new ...
IntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several ...
Author/Presenter: Brian Reilly
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and ...
In every HTTP request, the user agent header acts as a self-declared identity card for the client—typically a browser—sharing information about the software and platform supposedly making the request. It usually includes details like the ...
These are “interesting” times: U.S. government funding for the Common Vulnerabilities and Exposures program expires April 16.
The post MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’ appeared first on Security Boulevard.
Top-ranked mobile apps found using hardcoded keys and exposed cloud buckets.
The post Many Mobile Apps Fail Basic Security—Posing Serious Risks to Enterprises appeared first on SecurityWeek.
Entrust announced the Entrust Cryptographic Security Platform, a unified, end-to-end cryptographic security management solution for keys, secrets, and certificates. Cyberattacks on data security and identity systems are exploding in scale and ...
Shield Capital leads a $9 million seed-stage funding round for Israeli startup building technologies for AI security and privacy guardrails.
The post Pillar Security Banks $9M for AI Security Guardrails appeared first on SecurityWeek.
The Trump Administration is ending funding for MITRE's crucial CVE database program, a move that promises to hobble cybersecurity efforts around the world. However, CVE Board members introduce a new nonprofit organizations free of government ...
APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. Cozy Bear uses wine-tastings and dinners as a lure In early 2024, Zscaler ...
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.
Background
On April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. ...
