Application Security News and Articles
It’s unsettling to think that our food supply chain could be targeted or that the safety of our food could be compromised. But this is exactly the challenge the agri-food sector is dealing with right now. Despite agriculture’s importance, ...
Identity-based attack paths are behind most breaches today, yet many organizations can’t actually see how those paths form. The 2025 State of Attack Path Management report from SpecterOps makes the case that traditional tools like identity ...
Although 79% of organizations are already running AI in production, only 6% have put in place a comprehensive security strategy designed specifically for AI. As a result, most enterprises remain exposed to threats they are not yet prepared to ...
Corporate boards are adjusting to a more uncertain proxy landscape, according to EY’s 2025 Proxy Season Review. The report highlights four key 2025 proxy season trends shaping governance this year: more oversight of technology, fewer ...
Tea has said about 72,000 images were leaked online in the initial incident, and another 59,000 images publicly viewable in the app from posts, comments and direct messages were also accessed.
The post Tea App Takes Messaging System Offline After ...
Learn how Thales Cyber Services uses Tenable to help customers navigate the maturity levels of the Essential Eight, enabling vulnerability management and staying ahead of cyber threats.
In today’s fast-moving digital world, cyber threats are ...
The security breach of the popular women-only safe-dating app Tea widened over the weekend, when a second database storing 1.1 million DMs between members was compromised. News of the exposure came days after an initial investigation found that a ...
Creator/Author/Presenter: Varun Gurnaney
Our deep appreciation to Security BSides - San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held ...
Palo Alto Networks Inc. is in discussions to acquire CyberArk Software for more than $20 billion in one of tech’s biggest deals this year, as vendors scramble to fortify their cybersecurity defenses. Palo Alto Networks could finalize a deal for ...
Vulnerabilities discovered by Binarly in Lenovo devices allow privilege escalation, code execution, and security bypass.
The post Lenovo Firmware Vulnerabilities Allow Persistent Implant Deployment appeared first on SecurityWeek.
For years, primarily driven by regulatory compliance mandates, such as the Sarbanes-Oxley Act of 2002, identity and access management has been treated as a regulatory compliance exercise, rather than the security exercise it should be — and ...
Creator/Author/Presenter: Kane Narraway
Our deep appreciation to Security BSides - San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at ...
The open source security firm will use the investment to enhance go-to-market efforts and accelerate platform expansion.
The post Seal Security Raises $13 Million to Secure Software Supply Chain appeared first on SecurityWeek.
AI agents are showing up in more parts of the customer journey, from product discovery to checkout. And fraudsters are also putting them to work, often with alarming success. In response, cyberfraud prevention leader Darwinium is launching two ...
The current status of AppSec presents a significant challenge for many organizations in improving their application security.
The post Alert Fatigue and Talent Gaps Fuel AppSec Weaknesses appeared first on Security Boulevard.
Just ahead of Black Hat USA 2025, Darwinium has announced the launched Beagle and Copilot, two new agentic AI features that simulate adversarial attacks, surface hidden vulnerabilities, and dynamically optimize fraud defenses. As fraudsters ...
Promptfoo has raised $18.4 million in Series A funding to help organizations secure LLMs and generative AI applications.
The post Promptfoo Raises $18.4 Million for AI Security Platform appeared first on SecurityWeek.
Credentials, not firewalls, are now the front line of enterprise security. Attackers are bypassing traditional defenses using stolen passwords, infostealer malware, and MFA fatigue tactics. Enzoic’s Beyond Passwords guide shows how to shift to ...
The need for secure encryption in IoT and IIoT devices is obvious, and potentially critical for OT and, by extension, much of the critical infrastructure.
The post Order out of Chaos – Using Chaos Theory Encryption to Protect OT and IoT ...
Intruder has launched GregAI, an AI-powered security analyst that offers comprehensive visibility into users’ security infrastructure, now available in beta. Unlike generic AI assistants, GregAI integrates directly with data from Intruder’s ...
