Application Security News and Articles
SMS-based, two-factor authentication (2FA) has long been a staple security measure for many online services, including Gmail. However, as the tech industry shifts towards more secure authentication methods, it has become evident that SMS codes ...
Insight #1 - Veracode report: Flaw fix times increase 47% since 2020
Veracode’s 2025 State of Software Security report exposes a troubling trend — flaw fix times have surged 47%, jumping from 171 days in 2020 to 252 days in 2025.
This ...
How Morpheus revolutionizes security automation with dynamically generated, context-aware workflows.
The post Morpheus: Building Dynamic, Context-Specific Response Playbooks with AI appeared first on D3 Security.
The post Morpheus: Building ...
How Can Powerful Security Tools Impact Your Data Protection Strategy? Has it ever occurred to you how critical it is to have a robust data protection framework in massive digitalization? The need for advanced cybersecurity measures becomes more ...
Is Your Approach to NHI Lifecycle Management Robust Enough? Have you ever wondered about the invisibility of your organizational cyber risk? When did you last evaluate the strength of your Non-Human Identity (NHI) lifecycle management? The ...
Can We Be Optimistic About Future Cybersecurity Trends? Driven by the incessant need for safer digital environments where data and machine identities form the core of many organizational operations. A seasoned data management expert and ...
A joint blog featuring CISO Global’s Compliance Team & PreVeil The long-anticipated CMMC rule (CFR 32) is now live, marking a crucial turning point for defense contractors. The Compliance Team at CISO Global recently passed our CMMC Audit ...
Authors/Presenters: Justin Mott & Ava Petersen
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention ...
The 2025 audit landscape is shaped by new regulations and changes in enforcement of existing regulations. In the United States, both changes to longstanding administrative law and the Public Company Accounting Oversight Board (PCAOB) will shape ...
CrowdStrike has published its 2025 Global
Threat Report, which warns of faster breakout time and an increase in Chinese activity.
The post 26 New Threat Groups Spotted in 2024: CrowdStrike appeared first on SecurityWeek.
In the latest episode of Axio’s Executive Insight Series, CEO Scott Kannry spoke with Meagan Fitzsimmons, Chief Compliance and ESG Officer of a Fortune 500 logistics company. Their conversation offered
Read More
The post Executive Perspectives, ...
Interesting research: “Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs“:
Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code ...
Learn how to build a strong business case for replacing legacy DAST with a modern solution. This step-by-step guide helps AppSec leaders.
The post How to build a strong business case for replacing legacy DAST with a modern solution —a practical ...
via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé!
Permalink
The post Comic Agilé – Luxshan ...
Protecting cryptographic keys is a core security necessity. Hardware Security Modules (HSMs) are specialized, tamper-resistant devices that secure cryptographic processes. They generate, protect, and manage keys used for encrypting and decrypting ...
A Singaporean man accused of being a hacker responsible for over 90 data leaks has been arrested in Thailand.
The post Hacker Behind Over 90 Data Leaks Arrested in Thailand appeared first on SecurityWeek.
Authentication policies in Identity and Access Management (IAM) are the bedrock of modern enterprise security. They control who accesses what, safeguarding your organization's crown jewels — its data and systems. But deploying new (or even ...
A survey of 1,942 IT and IT security practitioners finds nearly half (47%) work for organizations that have experienced a data breach or cyberattack in the past 12 months that involved a third-party that has access to their network.
The post ...
In today’s rapidly evolving threat landscape, the sheer volume of malicious activity can be overwhelming. One client recently shared with me a startling statistic: on average, they observed 56 billion unique attacks every quarter. Yes, that ...
Author/Presenter: Per Thorsheim
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the ...
