Application Security News and Articles
CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and Firepower firewalls. “In CISA’s analysis of agency-reported ...
Join us as speakers from Cisco outline important steps industrial organizations can take to safeguard operations, achieve compliance, and enable sustainable growth.
The post Webinar Today: The Future of Industrial Network Security appeared ...
As organizations rush to deploy AI, enterprise defenses are struggling to keep up. This blog explores the emerging AI exposure gap — the widening divide between innovation and protection — and what security leaders can do to close it.
Key ...
TrojAI has launched its new AI runtime defense solution for agentic AI workflows, TrojAI Defend for MCP. Model Context Protocol (MCP) is an open protocol that allows AI agents to connect with external data, tools, and services in a standardized ...
The spam campaign is likely orchestrated by an Indonesian threat actor, based on code comments and the packages’ random names.
The post Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm appeared first on SecurityWeek.
Holiday shopping cybersecurity is a B2B issue. Learn how continuous password monitoring protects against credential threats.
The post The Holiday Shopping Is a Stress Test for Password Security appeared first on Security Boulevard.
As email remains the top vector for cyberattacks, the sophistication and scale of phishing tactics continue to evolve—often faster than traditional defenses can keep up. That’s why GigaOm’s 2025 Anti-Phishing Radar Report has become a ...
If you’ve been in the security universe for the last few decades, you’ve heard of the OWASP Top Ten. It’s a list of 10 security problems that we move around every year and never really solve. Oh sure, there are a few things we’ve made ...
本文探討 GitLab 的安全掃描策略,涵蓋多語言支援、分析器選擇、Pipeline ...
The UK’s national healthcare system is working with the country’s National Cyber Security Centre to investigate the incident.
The post NHS Investigating Oracle EBS Hack Claims as Hackers Name Over 40 Alleged Victims appeared first on ...
Tracked as CVE-2025-9242 (CVSS score of 9.3), the flaw leads to unauthenticated, remote code execution on vulnerable firewalls.
The post Critical WatchGuard Firebox Vulnerability Exploited in Attacks appeared first on SecurityWeek.
The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch (May 24, 2004)
From the vantage point of today, it’s surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The ...
Every teacher runs their classroom a little differently. Some thrive on structure, others on flexibility, and most land somewhere in between. These differences form what educators call classroom management styles. Understanding what your style is ...
Since its original release in 2009, checksec has become widely used in the software security community, proving useful in CTF challenges, security posturing, and general binary analysis. The tool inspects executables to determine which exploit ...
Over the past few years, API security has gone from a relatively niche concern to a headline issue. A slew of high-profile breaches and compliance mandates like PCI DSS 4.0 have woken security teams up to the reality that APIs are the front door ...
The rumors were true: Operation Endgame, a joint effort between law enforcement and judicial authorities of several European countries, Australia, Canada, the UK and the US, has disrupted the infrastructure supporting the operation of the ...
Fractional CISO services are essential for growing B2B companies to win enterprise customers and grow with confidence. In this article we look at what is fractional CISO, how it works and associated costs.
The post What is a Fractional CISO and ...
The ransomware attack on the pathology services provider disrupted operations at several London hospitals.
The post Synnovis Confirms Patient Information Stolen in Disruptive Ransomware Attack appeared first on SecurityWeek.
With AI phishing attacks rising 1,760% and achieving a 60% success rate, learn how attackers use AI, deepfakes and automation — and discover proven, multi-layered defense strategies to protect your organization in 2025.
The post How ...
AI is getting better at mimicking how leaders think — not just how they sound.
Related: Can AI mimic my personality?
The latest wave of deepfake attacks isn’t about dramatic voice-cloning or bold social engineering. Instead, the bigger risk ...
