Application Security News and Articles


Ghidra 11.3 released: New features, performance improvements, bug fixes

NSA’s Research Directorate released version 11.3 of Ghidra, an open-source software reverse engineering (SRE) framework. It offers advanced analysis tools, enabling users to dissect and examine compiled code across multiple platforms, including ...

Infosec pros struggle under growing compliance

The implementation of new regulatory measures that impact the UK, EU, and beyond are driving organizations to enhance vigilance in addressing evolving cybersecurity and operational risks, according to AuditBoard. The research showed 91% of ...

Overconfident execs are making their companies vulnerable to fraud

Cyber fraud (which includes activity such as hacking, deepfakes, voice cloning and highly sophisticated phishing schemes) rose by 14% year over year, according to Trustpair. US faces cyber fraud growth The proprietary research, which is based on ...

New infosec products of the week: February 7, 2025

Here’s a look at the most interesting products from the past week, featuring releases from Dynatrace, Nymi, Qualys, SafeBreach, and Satori. Qualys TotalAppSec enables organizations to address risks across web applications and APIs Qualys ...

Implementing Multi-Level Cloud Security Policies: A Guide to User, Server, Network, and Code Level…

An effective cloud security strategy requires layers of defenses across user, server, network, and code levels to protect sensitive data…Continue reading on Medium »

BTS #45 – Understanding Firmware Vulnerabilities in Network Appliances

In this episode, Paul, Vlad, and Chase discuss the security challenges associated with Palo Alto devices and network appliances. They explore the vulnerabilities present in these devices, the importance of best practices in device management, and ...

Five Must-Know Insights for Credential Monitoring

Password and credential monitoring are essential. Spot compromised accounts early and stop breaches before they happen. The post Five Must-Know Insights for Credential Monitoring appeared first on Security Boulevard.

House Lawmakers Push to Ban AI App DeepSeek From US Government Devices

A bipartisan duo in the the U.S. House is proposing legislation to ban the Chinese artificial intelligence app DeepSeek from federal devices. The post House Lawmakers Push to Ban AI App DeepSeek From US Government Devices appeared first on ...

How Romance Scammers Prey on Vulnerability

TechSpective Podcast Episode 146   Loneliness is a powerful emotion, and scammers know how to exploit it. Every year, in the weeks leading up to Valentine’s Day, there is a sharp rise in online romance scams. Similar spikes occur around ...

DEF CON 32 – Got 99 Problems But Prompt Injection Ain’t Pineapple

Authors/Presenters: Chloé Messdaghi, Kasimir Schulz Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention ...

SOC 2® Type 2: Preparing for Your First Audit

As a business leader, you know the stakes are high when it comes to data security. Whether you’re a SaaS company, a fintech startup, or a growing enterprise serving clients with stringent compliance requirements, achieving SOC 2® Type 2 ...

Invisible Threats: The Rise of AI-Powered Steganography Attacks

The post Invisible Threats: The Rise of AI-Powered Steganography Attacks appeared first on Votiro. The post Invisible Threats: The Rise of AI-Powered Steganography Attacks appeared first on Security Boulevard.

4 Data-Driven Takeaways from Kasada’s 2025 Account Takeover Trends Report

Discover key insights from Kasada's latest research on 2025 Account Takeover Attack Trends, including industry data, adversarial tactics, and defense strategies. The post 4 Data-Driven Takeaways from Kasada’s 2025 Account Takeover Trends Report ...

1,000 Apps Used in Malicious Campaign Targeting Android Users in India

Zimperium warns that threat actors have stolen the information of tens of thousands of Android users in India using over 1,000 malicious applications. The post 1,000 Apps Used in Malicious Campaign Targeting Android Users in India appeared first ...

https://www.comicagile.net/comic/hire/

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé! The post https://www.comicagile.net/comic/hire/ appeared ...

Why DeepSeek’s Low Price Could Cost You Everything

While its capabilities are impressive, this development raises significant concerns about the hidden costs and potential security risks associated with its widespread adoption. The post Why DeepSeek’s Low Price Could Cost You Everything ...

NIST Compliance Checklist: A Guide

Cybersecurity compliance goes beyond just meeting regulations. The point of security standards, like those from the National Institute of Standards and Technology (NIST), is to continuously defend your organization and customers against evolving ...

What Is Credential Harvesting? Tactics and Prevention

Imagine a thief silently slipping into your home and copying your keys so they can get back in. They don’t steal anything on their first visit, so you don’t even realize they were there. This is essentially what happens with credential ...

AMD Processors Vulnerable to Malicious Microcode

Google researchers recently published proof-of-concept code demonstrating the ability to create malicious microcode patches on AMD processors from Zen 1 through Zen 4. This vulnerability would allow an attacker to arbitrarily alter the execution ...

Cyber security training for executives: Why and how to build it

Building effective cyber security training for executives is no longer just an option—it’s a business necessity. In today’s rapid information sharing world, executive cyber awareness is The post Cyber security training for executives: Why ...