Application Security News and Articles
Sep 05, 2025 - Lina Romero - In 2025, we are seeing an unprecedented rise in the volume and scale of AI attacks. Since AI is still a relatively new beast, developers and security teams alike are struggling to keep up with the changing landscape. ...
Solution Providers Rank IRONSCALES as the Top Performer in Security - Email and Web
Today we’re excited to announce that IRONSCALES has earned a 2025 CRN Annual Report Card (ARC) Award in Security - Email and Webfrom CRN®, a brand of The ...
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub ...
Creator, Author and Presenter: David Spark, Andy Ellis, Alexandra Landegger
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. ...
Widespread adoption of AI coding tools accelerates development—but also introduces critical vulnerabilities that demand stronger governance and oversight.
The post How to Close the AI Governance Gap in Software Development appeared first on ...
In Part 3 of this series, we saw how stealth networking is already transforming industries, from healthcare to smart factories, defense, and retail. In this final installment, we look to the horizon. What will define the next decade of edge ...
Called A2, the framework mimics human analysis to identify vulnerabilities in Android applications and then validates them.
The post Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool appeared first on SecurityWeek.
Destructive cyber attacks against critical infrastructure have unfortunately become increasingly frequent. Just last week, multinational government agencies blared the alarm about a global cyber espionage campaign targeting critical ...
Enterprises today are no longer confined to a single IT environment. Instead, they are embracing multi-cloud strategies—leveraging services from AWS, Microsoft Azure, Google Cloud, and private clouds to achieve flexibility, scalability, and ...
Cybersecurity today is more complex than ever before. Organizations operate in hybrid and multi-cloud environments, manage remote and mobile workforces, and depend on countless third-party applications and integrations. This interconnectedness ...
The AI-powered automated penetration testing firm will invest the new funds in R&D, team expansion, and global scale.
The post FireCompass Raises $20 Million for Offensive Security Platform appeared first on SecurityWeek.
Noteworthy stories that might have slipped under the radar: Google fined €325 million, City of Baltimore sent $1.5 million to scammer, Bridgestone targeted in cyberattack.
The post In Other News: Scammers Abuse Grok, US Manufacturing Attacks, ...
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday. Their alert ...
AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users’ view, JFrog AI architect Shaked Zychlinski has found. This novel approach allows attackers to inject prompts / instructions ...
Interesting experiment:
To design their experiment, the University of Pennsylvania researchers tested 2024’s GPT-4o-mini model on two requests that it should ideally refuse: calling the user a jerk and giving directions for how to synthesize ...
Sevii launched an autonomous defense & remediation (ADR) platform, using agentic AI Warriors to cut response times and transform SOC operations.
The post Sevii Agentic AI Warriors Augment SOCs with Machine-Speed Remediation appeared first ...
The hackers were seen actively monitoring cyber threat intelligence to discover and rebuild exposed infrastructure.
The post North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks appeared first on SecurityWeek.
DigitalOcean has announced support for Single Sign-On. This integration is designed to provide digital native businesses with secure authentication to their DigitalOcean accounts. DigitalOcean Single Sign-On (SSO) helps to centralize user access ...
Hirsch released Velocity 3.9, the latest advancement in its security management platform. Purpose-built for organizations that demand trust, compliance, and operational efficiency, Velocity 3.9 helps leaders safeguard people, assets, and data ...
Proofpoint, SpyCloud, Tanium, and Tenable confirmed that hackers accessed information stored in their Salesforce instances.
The post More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach appeared first on SecurityWeek.
