Application Security News and Articles
In my first article on Bedrock AgentCore Code Interpreters, I demonstrated that custom code interpreters can be coerced into performing AWS control plane actions by non-agentic identities. This presented a novel path to privilege escalation, ...
The best software developers I've had the privilege to work with live by the principle that they have ultimate responsibility for the code we introduce. They take ownership of what they write, review, and ship. They ask questions when they don't ...
Security researchers interested in participating in the 2026 Apple Security Research Device program can apply until October 31.
The post Apple Seeks Researchers for 2026 iPhone Security Program appeared first on SecurityWeek.
Creator, Author and Presenter: Parker Shelton
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s ...
Bringing a new product to market is hard—especially for small companies with limited sales resources. While large players can rely on global sales teams, most startups and scale-ups need to be smarter in how they approach their go-to-market ...
Kasada’s Q2 2025 Threat Report breaks down the top bot attack trends: from AI scraping bots hammering infrastructure, to scalper bots flipping hype-driven inventory, to stolen travel accounts surging in underground value. Learn how adversaries ...
Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.
The post Why the Principle of Least Privilege Is Critical for Non-Human Identities appeared ...
Scientists at NYU developed a ransomware prototype that uses LLMs to autonomously to plan, adapt, and execute ransomware attacks. ESET researchers, not knowing about the NYU project, apparently detected the ransomware, saying it appeared to be a ...
Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability ...
About CyberFlex CyberFlex is an Outpost24 solution that combines the strengths of its Pen-testing-as-a-Service (PTaaS) and External Attack Surface Management (EASM) solutions. Customers benefit from continuous coverage of their entire attack ...
LinkedIn is rolling out new verification rules to make it easier to confirm that people and companies are who they claim to be. The company will now require workplace verification when someone adds or updates a leadership or recruiter role on ...
Compromised credentials are now the leading cause of cloud breaches, making identity your most critical attack surface. A new IDC white paper explores why this shift is happening and where traditional defenses fall short. Read on to learn how ...
An AI supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution.
The post AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products appeared first on SecurityWeek.
Hello readers!Continue reading on Medium »
Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly ...
Marat Tyukov, Mikhail Gavrilov, and Pavel Akulov targeted US critical infrastructure and over 500 energy companies in 135 countries.
The post US Offers $10 Million for Three Russian Energy Firm Hackers appeared first on SecurityWeek.
The post From Static Workflows to Agentic AI: The Evolution of MSP Operations appeared first on Security Boulevard.
What is the Personal Data Protection Act (PDPA)? The Singapore Personal Data Protection Act (PDPA), enacted in 2012 and enforced by the Personal Data Protection Commission (PDPC), is the nation’s comprehensive data protection law. It governs ...
What is the Data Privacy Act (DPA)? The Philippines Data Privacy Act of 2012 (Republic Act No. 10173), commonly referred to as the DPA, is the country’s primary data protection law. Enacted in August 2012, the Act was designed to safeguard the ...
The Israeli startup’s AI-powered no-code platform helps security teams design and deploy custom apps in minutes—tackling tool sprawl without heavy engineering.
The post Sola Security Raises $35M to Bring No-Code App Building to Cybersecurity ...
