Application Security News and Articles


Security flaws in government apps go unpatched for years

78% of public sector organizations are operating with significant security debt, flaws left unaddressed for more than a year, according to Veracode. 55% are burdened with ‘critical’ security debt, representing long-standing vulnerabilities ...

19 ways to build zero trust: NIST offers practical implementation guide

The National Institute of Standards and Technology (NIST) has released a new guide that offers practical help for building zero trust architectures (ZTA). The guidance, titled Implementing a Zero Trust Architecture (SP 1800‑35), includes 19 ...

New infosec products of the week: June 13, 2025

Here’s a look at the most interesting products from the past week, featuring releases from Contrast Security, Cymulate, Lemony, SpecterOps, Thales, and Vanta. Lemony mitigates privacy and compliance risks associated with cloud-based AI With ...

NSFOCUS Earns ISO 27701:2019 Privacy Information Management System Certification

Santa Clara, Calif. Jun 13, 2025 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced today that it has attained ISO 27701:2019 Privacy Information Management System (PIMS) certification. ISO/IEC 27701 extends the ...

7 Steps to Developing a Cybersecurity Strategy

The post 7 Steps to Developing a Cybersecurity Strategy appeared first on AI Security Automation. The post 7 Steps to Developing a Cybersecurity Strategy appeared first on Security Boulevard.

Integrative Security That Doesn’t Add Work to Your Workload

The post Integrative Security That Doesn’t Add Work to Your Workload appeared first on Votiro. The post Integrative Security That Doesn’t Add Work to Your Workload appeared first on Security Boulevard.

Assured Compliance Through Effective NHI Management

Is Assured Compliance Your Ultimate Goal? Consider Effective NHI Management Ever wondered how Non-Human Identities (NHIs) and Secrets Security Management could significantly enhance your cybersecurity strategy and lead to assured compliance? With ...

Freedom to Choose Your NHI Security Approach

Does Non-Human Identity Management Hold the Key to Effective Cybersecurity? The management of Non-Human Identities (NHIs) and secrets has emerged as a pivotal component. For organizations aiming to bolster their cybersecurity strategy, the ...

LinuxFest Northwest: LFNW 2025: In The Beginning…

Author/Presenter: Jon "maddog" Hall (Board Chair Emeritus: Linux Professional Institute, Founder: Project Cauã, Co-Founder: Caninos Loucos, Technical Advisor: QSentinel, Executive Director: Linux® International®) Our sincere appreciation to ...

CIAM in 2025: Navigating the Authentication Revolution and Solving Tomorrow’s Identity Challenges

The customer identity and access management landscape in 2025 presents both unprecedented opportunities and complex challenges. Organizations that succeed will be those that view identity management not as a technical infrastructure component, ...

Why hybrid deployment models are crucial for modern secure AI agent architectures

As enterprises embrace AI agents to automate decisions and actions across business workflows, a new architectural requirement is emerging — one that legacy IAM systems (even SaaS IAM!) were never built to handle. The reality is simple: AI ...

Updated Response to CISA Advisory (AA23-352A): #StopRansomware: Play Ransomware

AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-352A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Play Ransomware ...

Google Chrome to Distrust Chunghwa Telecom and Netlock Certificate Authorities (CAs)—What’s Next?

Recently, Google announced that starting August 1, 2025, the Google Chrome browser will no longer trust TLS certificates issued by Chunghwa Telecom and Netlock Certificate Authorities (CAs). According to Google, the decision follows a pattern of ...

How ADR Sees the Attacks that Other Cybersecurity Tools Miss | Application-Layer Security | Contrast Security

If your tools can’t see what’s happening inside your apps and application programming interfaces (APIs), they can’t stop breaches. And the truth is, perimeter and endpoint tools were never designed to detect the real mechanics of modern ...

Randall Munroe’s XKCD ‘Neighbor-Source Heat Pump’

via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Neighbor-Source Heat Pump’ appeared first on Security Boulevard.

Researchers warn of ongoing Entra ID account takeover campaign

Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have discovered. “Proofpoint’s research indicates that while simulated ...

Breach Readiness In A Legacy World: The Risk, The Challenge, And The Way Forward

The Legacy Security Dilemma: Essential, Irreplaceable — and Exposed  Despite the momentum of digital transformation, legacy systems remain integral to many operational environments — and not without reason. These systems often support ...

Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones

Citizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims. The post Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones appeared first on ...

OffensiveCon25 – Keynote: Automating Your Job? The Future Of AI and Exploit Development

Author/Presenter: Perri Adams Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton ...

Reimagining Integrity: Why the CIA Triad Falls Short

For decades, the CIA Triad of Confidentiality, Integrity, and Availability has been the bedrock framework of information security. While it serves as a conceptual guiding light, its simplicity and vagueness leave room for a tremendous amount of ...