Application Security News and Articles


The Toxic Cloud Trilogy: Why Your Workloads Are a Ticking Time Bomb

Don’t let hidden cloud risks become tomorrow’s headline breach. The time to dismantle the toxic cloud trilogy is now. Here’s how Tenable Cloud Security can help. In today’s cloud environments, individual misconfigurations or ...

“Static Code Analysis with a Local LLM: Building a Lightweight Agentic SAST System”

🚀 I Built a Local LLM Agent That Finds Secrets in Your CodeContinue reading on Medium »

Verax Protect uncovers and mitigates GenAI risks

Verax AI announced Verax Protect, a solution suitable even for companies in highly regulated industries, aiming to help large enterprises uncover and mitigate GenAI risks, including unintended leaks of sensitive data. As companies race to embrace ...

Man Who Hacked Organizations to Advertise Security Services Pleads Guilty

Nicholas Michael Kloster has pleaded guilty to computer hacking after targeting at least two organizations. The post Man Who Hacked Organizations to Advertise Security Services Pleads Guilty appeared first on SecurityWeek.

N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams

The notorious BlueNoroff group from North Korea is using deepfake video and deceptive Zoom calls to steal cryptocurrency by enticing targets to unwittingly download malware onto their macOS devices and letting the hackers to get access into ...

Bonfy.AI Raises $9.5 Million for Adaptive Content Security Platform

Bonfy.AI has emerged from stealth mode to help organizations prevent cybersecurity, privacy and compliance risks. The post Bonfy.AI Raises $9.5 Million for Adaptive Content Security Platform appeared first on SecurityWeek.

SAFE and Trusted: Why the Spectra Assure Community Badge Belongs on Your Open Source Project

Here’s the thing about open-source software — it’s a gift. Someone out there wrote code and said, “Here, I’m sharing this code with you. Review it, use it, improve it, create something amazing.” Then pay it forward: publish your code ...

How to Investigate Suspicious User Activity Across Multiple SaaS Applications

Discover practical strategies security teams can use to investigate suspicious activity across SaaS apps, reduce alert noise, and respond to real threats faster. The post How to Investigate Suspicious User Activity Across Multiple SaaS ...

CISA Warns AMI BMC Vulnerability Exploited in the Wild

CISA is urging federal agencies to patch a recent AMI BMC vulnerability and a half-a-decade-old bug in FortiOS by July 17. The post CISA Warns AMI BMC Vulnerability Exploited in the Wild appeared first on SecurityWeek.

Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed.

In recent conversations with prospective customers, one request keeps rising to the top: “Can you monitor Snowflake?” At first, it felt like a coincidence. But over multiple engagements, that urgency isn’t random – it reflects a deeper ...

Central Kentucky Radiology Data Breach Impacts 167,000

The personal information of 167,000 individuals was compromised in an October 2024 data breach at Central Kentucky Radiology. The post Central Kentucky Radiology Data Breach Impacts 167,000 appeared first on SecurityWeek.

The Hacktivist Cyber Attacks in the Iran-Israel Conflict

Overview of the current cyber attacks in the Iran-Israel conflict The geopolitical confrontation between Iran and Israel has a long history. In recent years, as the competition between the two countries in the military, nuclear energy and ...

ClickFix attacks skyrocketing more than 500%

ClickFix, a deceptive attack method, saw a surge of more than 500% in the first half of 2025, making it the second most common attack vector after phishing, according to ESET’s latest Threat Report. The report, which looks at trends from ...

Critical Cisco ISE Vulnerabilities Allow Remote Code Execution 

Two critical vulnerabilities in Cisco ISE could allow remote attackers to execute arbitrary code with root privileges. The post Critical Cisco ISE Vulnerabilities Allow Remote Code Execution  appeared first on SecurityWeek.

British Man Suspected of Being the Hacker IntelBroker Arrested, Charged

25-year-old Kai West, believed to be the hacker IntelBroker, was arrested in France and charged by the United States. The post British Man Suspected of Being the Hacker IntelBroker Arrested, Charged appeared first on SecurityWeek.

Gogs Remote Command Execution Vulnerability (CVE-2024-56731)

Overview Recently, NSFOCUS CERT detected that Gogs issued a security bulletin and fixed the Gogs remote command execution vulnerability (CVE-2024-56731); Due to the incomplete CVE-2024-39931 fix, an authenticated attacker can delete files in the ...

Bitdefender GravityZone EASM reduces threat exposure

Bitdefender announced Bitdefender GravityZone External Attack Surface Management (EASM), a new solution that gives businesses, managed service providers (MSPs) and their customers comprehensive visibility into their internet-facing assets and ...

Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted ...

Critical Citrix NetScaler Flaw Exploited as Zero-Day

Citrix has released patches for a critical vulnerability in NetScaler ADC and NetScaler Gateway exploited as a zero-day. The post Critical Citrix NetScaler Flaw Exploited as Zero-Day appeared first on SecurityWeek.

Google’s Gemini CLI brings open-source AI agents to developers

Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, extensible, and usable for developers working outside the IDE. The tool, simply ...