Application Security News and Articles


Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure

Attempts to exploit CVE-2024-0108, an authentication bypass vulnerability in Palo Alto firewalls, started one day after disclosure.  The post Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure appeared first on SecurityWeek.

Grip Security unveils SSPM solution to strengthen SaaS security posture

Grip Security has unveiled its SaaS Security Posture Management (SSPM) solution, which proactively identifies misconfigurations, enforces best practices and strengthens SaaS security posture against emerging risks. Unlike traditional SSPM ...

Pig butchering scams are exploding

2024 is set to be a record year for scammers who received at least US$9.9 billion in crypto revenues from their illicit activities, according to Chainalysis. This figure is projected to rise to an all-time high of $12.4 billion as ongoing ...

Inconsistent security strategies fuel third-party threats

47% of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network, according to Imprivata and the Ponemon Institute. Third-party security incidents persist Notably, 64% ...

New infosec products of the week: February 14, 2025

Here’s a look at the most interesting products from the past week, featuring releases from Armor, EchoMark, Netwrix, Palo Alto Networks, and Socure. Palo Alto Networks Cortex Cloud applies AI-driven insights to reduce risk and prevent threats ...

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)

Overview Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the identity bypass vulnerability in PAN-OS (CVE-2025-0108). Due to the problem of path processing by Nginx/Apache in PAN-OS, ...

Microsoft Security Update Notification in February of High-Risk Vulnerabilities in Multiple Products

Overview On February 12, NSFOCUS CERT detected that Microsoft released a security update patch for February, which fixed 63 security issues involving widely used products such as Windows, Microsoft Office, Azure, Apps, and Microsoft Visual ...

Choosing a DeFi Protocol: Risks, Red Flags, and Recommendations

A guide to walk you through the key steps in deciding which protocol to invest in and give you the tools to assess the risks. The post Choosing a DeFi Protocol: Risks, Red Flags, and Recommendations appeared first on Security Boulevard.

A New Chapter in Cybersecurity Excellence: Nuspire Becomes PDI Security & Network Solutions

In the rapidly evolving landscape of cybersecurity, transformation isn’t just about adaptation—it’s about strengthening capabilities to better serve and protect organizations worldwide. That’s why we’re excited to announce a ...

From Reactive to Predictive: Building Cyber Resilience for 2025

When you’re resilient to something, you don’t just endure; you adapt, recover, and emerge stronger. This idea is what should motivate companies to focus more on cyber resilience. It’s not enough to simply weather the storm of a cyberattack; ...

Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation

Rapid7 finds a new zero-day vulnerability in PostgreSQL and links it to chain of attacks against a BeyondTrust Remote Support product. The post Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation appeared first on SecurityWeek.

DEF CON 32 – MFT Malicious Fungible Tokens

Authors/Presenters: Mauro Eldritch, Cybelle Oliveira Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention ...

Google Hub in Poland to Develop AI Use in Energy and Cybersecurity Sectors

Poland is being targeted by various forms of cyberattacks and sabotage actions believed to be sponsored by Russia. The post Google Hub in Poland to Develop AI Use in Energy and Cybersecurity Sectors appeared first on SecurityWeek.

Energy Regulations Are Rising: Stay Ahead with Modern DCIM

As data centers continue to serve as the backbone of the digital economy, they face an escalating challenge: the tightening grip of global energy consumption regulations. Governments and regulatory bodies worldwide are implementing stricter ...

How DataDome Defended a Marketplace with 90 Million Users from Flash DDoS Attacks

A leading online marketplace with 90M+ users faced two Flash DDoS attacks. See how DataDome blocked them in milliseconds at the edge, ensuring zero disruption. The post How DataDome Defended a Marketplace with 90 Million Users from Flash DDoS ...

Generative AI-centric technologies: Get Gartner® report

Artificial intelligence (AI) continues to revolutionize how businesses operate, with generative AI (GenAI) technologies taking center stage as critical enablers for innovation. The post Generative AI-centric technologies: Get Gartner® report ...

Daniel Stori’s Turnoff.US: ‘git submodules adoption flows’

via the inimitable Daniel Stori at Turnoff.US! Permalink The post Daniel Stori’s Turnoff.US: ‘git submodules adoption flows’ appeared first on Security Boulevard.

Grip Security Adds SaaS Security Posture Management Offering

Grip Security today extended its portfolio of tools for securing software-as-a-service (SaaS) applications to provide an ability to proactively identify misconfigurations and enforce best cybersecurity practices. The post Grip Security Adds SaaS ...

What developers think about application security might surprise you

Cybersecurity is often viewed from the point of view of practitioners, which is why the DevSecOps company Jit took a different tack on the subject — and asked developers about their views on application security (AppSec). The post What ...

Circuit Board Maker Unimicron Targeted in Ransomware Attack

The Sarcoma ransomware group is threatening to leak data stolen from Taiwanese printed circuit board manufacturer Unimicron. The post Circuit Board Maker Unimicron Targeted in Ransomware Attack appeared first on SecurityWeek.