Application Security News and Articles
AI-powered phishing attacks leverage ConnectWise ScreenConnect for remote access, underscoring their sophistication.
The post Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect appeared first on SecurityWeek.
Google says the hackers systematically exported corporate data, focusing on secrets such as AWS and Snowflake keys.
The post Hundreds of Salesforce Customers Hit by Widespread Data Theft Campaign appeared first on SecurityWeek.
On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the exfiltrated credentials and reconstructed a fuller ...
Google researchers say China-linked UNC6384 combined social engineering, signed malware, and adversary-in-the-middle attacks to evade detection.
The post China-Linked Hackers Hijack Web Traffic to Deliver Backdoor appeared first on SecurityWeek.
Creators, Authors and Presenters: Rohit Bansal, Zach Pritchard
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the ...
A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments. “[Google Threat Intelligence Group] ...
A new report from Anthropic shows how criminals are using AI to actively run parts of their operations. The findings suggest that AI is now embedded across the full attack cycle, from reconnaissance and malware development to fraud and extortion. ...
For years, security teams focused on defending against malicious code injected into open source projects and package repositories. At Sonatype, we've tracked espionage campaigns, shadow downloads, and targeted malware designed to compromise ...
The post Email Security’s Blind Spot: Hidden Threats in Attachments appeared first on Votiro.
The post Email Security’s Blind Spot: Hidden Threats in Attachments appeared first on Security Boulevard.
Discover how to assess and advance your cyberfraud protection maturity with practical strategies and the Cyberfraud Protection Maturity Model for CISOs.
The post How to Assess Your Organization’s Cyberfraud Protection Maturity & Readiness ...
State websites and phone lines were taken offline, but officials say emergency services and personal data remain unaffected.
The post Nevada State Offices Closed Following Disruptive Cyberattack appeared first on SecurityWeek.
As students head back to school, Contrast Security customers are getting ready for more sophisticated cyberattacks. Dark Reading published a feature on the growing risks facing K-12 schools.
The post Cyber Threat Protection for K-12 Schools | ...
Unit21 has launched its Build Your Own Agent (BYOA) for banks, credit unions, and fintechs. The product enables risk and compliance teams to automate fraud and AML tasks, turning hours of manual data gathering, sorting and sifting into just ...
Qwiet AI has unveiled updates to its application security platform. These updates, which include expanded integrations across Azure DevOps, Azure Boards, and GitHub, and the introduction of new AI-powered AutoFix capabilities and an enhanced user ...
Competition among malware-as-a-service developers has transformed infostealers into refined, accessible tools for cybercriminals worldwide.
The post Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime appeared first on SecurityWeek.
Zero-day exploited in the wild forces Citrix and CISA to push emergency patch deadlines for federal agencies.
The post Citrix Patches Exploited NetScaler Zero-Day appeared first on SecurityWeek.
Proof-of-concept ransomware uses AI models to generate attack scripts in real time.
The post PromptLock: First AI-Powered Ransomware Emerges appeared first on SecurityWeek.
Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has warned. About CVE-2025-34158 Plex Media Server ...
Nice indirect prompt injection attack:
Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own account.) It looks ...
Seceon’s AI/ML and Dynamic Threat Modeling (DTM) powered cybersecurity solutions are designed to close this gap, providing enterprises and Managed Security Service Providers (MSSPs) with an intelligent, automated, and cost-effective way to ...
