Application Security News and Articles
If you spend time on video game forums, you might have noticed posts from users discussing their accounts being hacked or stolen, often mentioning the loss of games or items linked to their accounts. At Castle, we know these incidents are often ...
Authors/Presenters: Harry Krejsa, Sarah Hipel
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; ...
What's the biggest challenge with WAF? It's not a bypass. It's all the operational details around getting a WAF operational in production. Inspector is Impart's solution to that problem. We built Inspector to address some of the most ...
The internet is vast. While most of us spend our days browsing the surface web—Facebook, Google, Instagram, Netflix—there’s another world lurking beneath, hidden from your search engine results: a shadowy, cryptic, and often misunderstood ...
The FBI is on a mission to raise awareness about the threat that North Korean IT workers present to organizations in the US and around the world. While corporate espionage comes to mind first, the threat goes beyond that: “In recent months, ...
Palo Alto Networks this week released an open application programming interface (API) framework that organizations can use to more easily deploy encryption keys that are not likely to be broken by a quantum computer.
The post Palo Alto Networks ...
Check out tips for adopting AI securely from the World Economic Forum. Plus, the EU’s DORA cyber rules for banks go into effect. Meanwhile, a report warns about overprivileged cloud accounts. And get the latest on ransomware trends; CIS ...
Insight No. 1: DORA’s knocking at your door
DORA is already in effect! For those who haven't started, playing catch-up could be a costly mistake. Organizations that fail to comply with the established ICT risk management framework could face ...
Discover insights learned from CodeMash 2025 community on NHI governance, secrets security, and addressing vault sprawl challenges in enterprise environments.
The post CodeMash 2025: A Community Conversation About NHI And Secrets Security ...
A vulnerability in Subaru’s Starlink connected vehicle service exposed US, Canada, and Japan vehicle and customer accounts.
The post Subaru Starlink Vulnerability Exposed Cars to Remote Hacking appeared first on SecurityWeek.
A malicious generative AI chatbot dubbed "GhostGPT" is being advertised to cybercriminals on underground forums as a tool for more quickly and efficiently creating malware, running BEC attacks, and other nefarious activities, lowering the barrier ...
North Korean fake IT workers are more aggressively extorting their employers in response to law enforcement actions.
The post North Korean Fake IT Workers More Aggressively Extorting Enterprises appeared first on SecurityWeek.
Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York for $2 million, trojanized RAT builder targets script kiddies.
The post In Other News: VPN Supply Chain Attack, PayPal ...
The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to North Korea.
The post US Charges Five People Over North Korean IT Worker Scheme appeared first on SecurityWeek.
CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of Old jQuery Vulnerability Linked to Chinese APT appeared first on SecurityWeek.
With the world being highly data-driven, data is an organization’s most valuable asset, so implementing a data governance framework is essential.
The post The Role of Data Governance in Strengthening Enterprise Cybersecurity appeared first on ...
Four decades of student and educator information was stolen from PowerSchool – tens of millions are potentially affected.
The post Millions Impacted by PowerSchool Data Breach appeared first on SecurityWeek.
Business resilience must be the ultimate purpose of all the security controls and processes we employ, because we will never conclusively defeat or protect ourselves from social engineering.
The post Cyber Insights 2025: Social Engineering Gets ...
Pwn2Own Automotive 2025 has come to an end and participants have earned a total of $886,000 for exploits targeting EV chargers and infotainment systems.
The post Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment ...
While zero-trust architecture (ZTA) has many benefits, it can be challenging for companies because of a static mindset, increased costs and continuous maintenance. it can be challenging for companies because of a static mindset, increased costs ...
