Application Security News and Articles
Account takeover of a third-party service provider may put millions of airline users worldwide at risk.
Summary
Salt Labs has identified an account takeover vulnerability in a popular online top-tier travel service for hotel and car rentals. The ...
A financially motivated threat actor has been targeting German and Polish-speaking users with info-stealing malware and TorNet, a previously undocumented .NET backdoor that leverages the Tor network to evade detection. The phishing email The ...
China’s DeepSeek blamed sign-up disruptions on a cyberattack as researchers started finding vulnerabilities in the R1 AI model.
The post DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge appeared first on SecurityWeek.
Regula has launched the portable and autonomous ForensicScope Regula 4125. The new device enables ID verification in any place and environment: at border and inland checkpoints, at airports, in transport, etc. Although the Regula 4125 is only ...
Hiya has introduced Hiya AI Phone, an AI call assistant mobile app. Designed for busy professionals, Hiya AI Phone acts like a personal assistant, saving time by screening unwanted phone calls, safeguarding against phone scams, and taking notes ...
ENGlobal has informed the SEC that personal information was compromised in a November 2024 ransomware attack.
The post ENGlobal Says Personal Information Accessed in Ransomware Attack appeared first on SecurityWeek.
Ransomware attacks surged to a record high in December 2024, with 574 incidents reported, according to an NCC Group report. FunkSec, a newly identified group combining hacktivism and cybercrime, accounted for over 100 attacks (18% of the total), ...
SonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild.
The post SonicWall Confirms Exploitation of New SMA Zero-Day appeared first on SecurityWeek.
Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the ...
Cybercriminals are coming for your loyalty points and messing with dynamic pricing—don’t let them win. Learn how to stay ahead and keep your customers protected.
The post Protecting Airlines: How to Stop Scraping and Loyalty Fraud appeared ...
Apple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks.
The post Apple Patches First Exploited iOS Zero-Day of 2025 appeared first on SecurityWeek.
Explore DDoS mitigation, from choosing providers to understanding network capacity, latency, SLAs, and how solutions like DataDome can protect your assets
The post How to Mitigate a DDoS Attack: A Comprehensive Guide for Businesses appeared first ...
A report published by Google Cloud found nearly half (46%) of the observed security alerts involved a service account that was overprivileged.
The post Google Issues Cloud Security Wake-Up Call as Threats Evolve appeared first on Security Boulevard.
Compliance Scorecard released Compliance Scorecard Version 7. This latest release is designed to seamlessly integrate compliance into cybersecurity offerings, delivering new features that simplify and enhance compliance management for MSPs and ...
Discover how Sanoma reduced credential stuffing attacks by 99% with DataDome's real-time cyberfraud protection, while enjoying the benefits of easy integration and major time savings.
The post How Sanoma Saves Time & Protects User Accounts ...
The low-altitude economy is becoming an important force to promote economic growth by virtue of its innovative ability and huge development potential. From UAV logistics distribution to urban air traffic, from emergency rescue to aerial ...
Organizations today operate in dynamic and fast-paced environments, where multiple cross-functional teams are working together to develop, deploy, and manage infrastructure, cloud services and applications. These teams need digital certificates ...
As we celebrate Data Privacy Day, Bernard Montel, Tenable’s EMEA Technical Director and Security Strategist, wants to remind us that we live in a digital world and that we need to protect it. With data breaches a daily occurrence, and AI ...
BloodyAD is an open-source Active Directory privilege escalation framework that uses specialized LDAP calls to interact with domain controllers. It enables various privilege escalation techniques within Active Directory environments. Features ...
In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, 23andMe, Transport for London, and Cencora, CISOs are reassessing their organisation’s readiness to manage a potential “chaos” of a full-scale ...
