Application Security News and Articles
A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 ...
By Ivan Novikov and Stepan Ilyin When we started Wallarm, we focused on the APIs that power modern apps. We built an API-first platform, used AI from day one, and secured early patents in behavior-based detection and automated policy creation. ...
SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency.
The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek.
In today’s digital economy, business starts with the application. Increasingly, the critical activity lives in the APIs that support it.
Related: The hidden cost of API security laspses
For Jamison Utter, Field CISO at A10 Networks, this moment ...
From eight‑hour scans to minute‑level feedback — developer-first security for modern microservices and CI/CDContinue reading on Medium »
Wytec’s website was defaced twice by unknown threat actors more than a week ago and it has yet to be brought back online.
The post Wytec Expects Significant Financial Loss Following Website Hack appeared first on SecurityWeek.
ESET Research has identified a new threat group called GhostRedirector. In June 2025, this group broke into at least 65 Windows servers, mostly in Brazil, Thailand, Vietnam, and the United States. Countries where GhostRedirector victims were ...
Most B2B companies build cybersecurity programs backwards - starting with compliance instead of real security. Learn why this approach fails and how fractional CISO services can help you build effective security that actually prevents breaches ...
Discover how AI and machine learning reduce flaky tests, cut maintenance costs, and improve accuracy in modern automated testing.
The post AI in Automated Testing: How Machine Learning Reduces Flaky Tests and Maintenance Costs appeared first on ...
Discover how AI-powered passwordless authentication boosts security, prevents fraud, and simplifies logins with biometrics and passkeys.
The post AI-Enabled Fraud Detection in Passwordless Login Flows appeared first on Security Boulevard.
Google has observed ViewState deserialization attacks leveraging a sample machine key exposed in older deployment guides.
The post Hackers Exploit Sitecore Zero-Day for Malware Delivery appeared first on SecurityWeek.
Elevation of privilege flaws in Android Runtime (CVE-2025-48543) and Linux kernel (CVE-2025-38352) have been exploited in targeted attacks.
The post Two Exploited Vulnerabilities Patched in Android appeared first on SecurityWeek.
Cato Networks acquired Aim Security to further enhance the Cato SASE Cloud Platform, supporting secure enterprise adoption of AI agents and both public and private AI applications. Cato has now exceeded $300 million in annual recurring revenue ...
CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall back on CVSS scores, which label thousands of flaws as “high” or ...
Salesforce has become a major target for attackers in 2025, according to new WithSecure research into threats affecting customer relationship management (CRM) platforms. The report shows that malicious activity inside Salesforce environments rose ...
Overview Recently, NSFOCUS CERT detected that H2O-3 released a security update to fix the H2O-3 JDBC deserialization vulnerability (CVE-2025-6507); This vulnerability is a bypass of CVE-2024-45758 and CVE-2024-10553. Due to the deserialization ...
In the first half of 2025, there were 8,062,971 DDoS attacks worldwide, with EMEA taking the brunt at 3.2 million attacks, according to Netscout. Peak attacks reached speeds of 3.12 Tbps and 1.5 Gpps. These attacks have moved beyond simple ...
Co-founded by former MITRE experts, the startup will use the funding to accelerate product innovation and fuel company growth.
The post Tidal Cyber Raises $10 Million for CTI and Adversary Behavior Platform appeared first on SecurityWeek.
Discover how a CIAM platform centralizes customer identities, eliminates data silos, and powers secure, personalized experiences across 150+ integrations.
The post Why a CIAM Platform is Central to Your Identity Strategy appeared first on ...
Understanding the Significance of NHIs in Cybersecurity Why are Non-Human Identities (NHIs) so crucial in cybersecurity? These machine identities consist of Secrets (encrypted tokens, keys, or passwords) and permissions that are akin to a ...
