Application Security News and Articles


SAST e DAST: o que são e quais as diferenças

A segurança de aplicações deixou de ser apenas uma preocupação técnica, tornou-se um diferencial competitivo.Continue reading on Medium »

Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability

Security firms say the flaw has been actively exploited for weeks, even as Fortinet quietly shipped fixes and CISA added the bug to its KEV catalog. The post Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability appeared first ...

ShinyHunters Compromises Legacy Cloud Storage System of Checkout.com

Checkout.com said the notorious ShinyHunters threat group breached a badly decommissioned legacy cloud storage system last used by the company in 2020 and stole some merchant data. The hackers demanded a ransom, but the company instead will give ...

NDSS 2025 – The Discriminative Power Of Cross-layer RTTs In Fingerprinting Proxy Traffic

SESSION Session 3A: Network Security 1 Authors, Creators & Presenters: Diwen Xue (University of Michigan), Robert Stanley (University of Michigan), Piyush Kumar (University of Michigan), Roya Ensafi (University of ...

The Trojan Prompt: How GenAI is Turning Staff into Unwitting Insider Threats

When a wooden horse was wheeled through the gates of Troy, it was welcomed as a gift but hid a dangerous threat. Today, organizations face the modern equivalent: the Trojan prompt. It might look like a harmless request: “summarize the attached ...

CYBERCOM 2.0: Pentagon Unveils Plan to Fix Cyber Talent Shortfalls

The goal is to produce a cyber force capable of defeating threats posed by major adversaries such as China. The post CYBERCOM 2.0: Pentagon Unveils Plan to Fix Cyber Talent Shortfalls appeared first on SecurityWeek.

Randall Munroe’s XKCD ‘’Emperor Palpatine”

via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘’Emperor Palpatine” appeared first on Security Boulevard.

TDL 009 | Inside DNS Threat Intelligence: Privacy, Security & Innovation

Summary Inside DNS Threat Intelligence: Privacy, Security & Innovation In this episode of the Defenders Log, host David Redekop speaks with Tim Adams, the founder of the protective DNS resolver Scout DNS. Tim shares his origin story, ...

How To Handle Increased Account Takeover Risks from Recent Credential Dumps

Billions of stolen credentials from Synthient heighten SaaS and IdP account takeover risks. Learn how AppOmni helps stop credential-based intrusions fast. The post How To Handle Increased Account Takeover Risks from Recent Credential Dumps ...

API Key Security: 7 Enterprise-Proven Methods to Prevent Costly Data Breaches

In this blog, we will navigate through a few enterprise-proven methods to make API key more secure. Read on! The post API Key Security: 7 Enterprise-Proven Methods to Prevent Costly Data Breaches appeared first on Security Boulevard.

NDSS 2025 – Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China

SESSION Session 3A: Network Security 1 Authors, Creators & Presenters: Shencha Fan (GFW Report), Jackson Sippe (University of Colorado Boulder), Sakamoto San (Shinonome Lab), Jade Sheffey (UMass Amherst), David Fifield (None), Amir Houmansadr ...

NDSS 2025 – Heimdall: Towards Risk-Aware Network Management Outsourcing

SESSION Session 3A: Network Security 1 Authors, Creators & Presenters: Yuejie Wang (Peking University), Qiutong Men (New York University), Yongting Chen (New York University Shanghai), Jiajin Liu (New York University Shanghai), Gengyu Chen ...

Emulating the Destructive Sandworm Adversary

AttackIQ has released a new assessment template designed to emulate the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with a recent intrusion targeting Ukrainian organizations that aligns with patterns previously ...

In Other News: Deepwatch Layoffs, macOS Vulnerability, Amazon AI Bug Bounty

Other noteworthy stories that might have slipped under the radar: EchoGram attack undermines AI guardrails, Asahi brewer still crippled after ransomware attack, Sora 2 system prompt uncovered. The post In Other News: Deepwatch Layoffs, macOS ...

Chinese cyber spies used Claude AI to automate 90% of their attack campaign, Anthropic claims

Anthropic threat researchers believe that they’ve uncovered and disrupted the first documented case of a cyberattack executed with the help of its agentic AI and minimal human intervention. “The threat actor manipulated ...

Anthropic Claude AI Used by Chinese-Back Hackers in Spy Campaign

AI vendor Anthropic says a China-backed threat group used the agentic capabilities in its Claude AI model to automate as much as 90% of the operations in a info-stealing campaign that presages how hackers will used increasingly sophisticated AI ...

Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks

Learn why you should revise your Akira ransomware protection plans. Plus, find out what’s new in OWASP’s revamped Top 10 Web Application Risks list. Also, find out about agentic AI’s cognitive degradation risk. And get the latest on AI ...

The Best Platforms for Enterprise Cyber Risk Management

Enterprises today face unprecedented cyber threats: AI-driven attacks, expanding digital footprints, complex supply chains, and rising regulatory expectations across the U.S., EU, and APAC. As cyber risk becomes a top-three business risk for ...

Checkout.com Discloses Data Breach After Extortion Attempt

The information was stolen from a legacy cloud file storage system, not from its payment processing platform. The post Checkout.com Discloses Data Breach After Extortion Attempt appeared first on SecurityWeek.

Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack

The media company admitted that cybercriminals attempted to extort a payment after stealing personal information.  The post Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack appeared first on SecurityWeek.