Application Security News and Articles
Tonic Validate is a free, open-source library for evaluating RAG and LLM based applications. We recently announced a new listing on GitHub Marketplace that provides a GitHub Actions template to run Tonic Validate against code changes on every ...
Tonic Validate, our free, open-source library for evaluating RAG and LLM-based applications, can be run entirely as a GitHub Action. And it's now available for quick deployment on GitHub Marketplace!
The post Tonic Validate is now available on ...
We are proud to announce that we have successfully completed our HIPAA certification, marking a significant milestone in our commitment to data security and privacy. This achievement underscores our dedication to providing secure data ...
A month or so ago a friend of mine received the following message on Steam from someone in their Friends list (they were already friends):
Figure 1 - 'this is for you'
The two links are ...
Remote attackers can trigger an avalanche of internal ESI requests, exhausting memory and causing denial-of-service in Apache Traffic Server. Executive Summary Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity ...
Imagine if every doctor had an invisible assistant, one that quietly listens during every patient interaction, captures every detail with precision, and instantly writes the...Read More
The post Top 7 Ambient Listening AI Tools Revolutionizing ...
Author/Presenter: Autumn Nash (Product Manager At Microsoft, Specializing In Linux Security
Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the ...
In today’s digital age, JavaScript is everywhere — powering everything from sleek single-page applications to complex web dashboards. But…Continue reading on Medium »
Noteworthy stories that might have slipped under the radar: China’s Salt Typhoon targeted Viasat, Washington Post emails compromised in hack, Rowhammer attack named Crowhammer.
The post In Other News: Viasat Hacked by China, Washington Post ...
Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent ...
Cloudflare has blocked yet another record-breaking DDoS attack, which delivered the equivalent of 9,000 HD movies in just 45 seconds.
The post Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider appeared first on SecurityWeek.
The phrase “alert fatigue” has become a mainstay in cybersecurity conversations. But behind the flood of findings, alerts, vulnerabilities, and compliance gaps lies a deeper problem: the security context crisis. Security teams aren’t just ...
Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud PCs are Azure (i.e., Windows 365 service)-hosted virtual Windows PCs ...
The Godfather Android trojan uses on-device virtualization to hijack legitimate applications and steal users’ funds.
The post Godfather Android Trojan Creates Sandbox on Infected Devices appeared first on SecurityWeek.
Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords.
The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek.
WhatsApp told SecurityWeek that it linked the exploited FreeType vulnerability CVE-2025-27363 to a Paragon exploit.
The post FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks appeared first on SecurityWeek.
Online scams are getting worse and more varied. DuckDuckGo knows that, so they’ve made changes. Their built-in Scam Blocker now stops more kinds of scam sites, all without tracking you. How Scam Blocker works (Source: DuckDuckGo) “If you ...
A threat actor is abusing Cloudflare Tunnels for the delivery of a Python loader as part of a complex infection chain.
The post Cloudflare Tunnels Abused in New Malware Campaign appeared first on SecurityWeek.
Companies with $1 billion in revenue or less might want to give a heads-up to HR to kickstart the search for a new CISO — because according to a study from IANS Research, your current CISO might be out the door within a year. The 363 CISOs in ...
Krispy Kreme is sharing more information on the data breach resulting from the ransomware attack targeting the company in 2024.
The post 161,000 People Impacted by Krispy Kreme Data Breach appeared first on SecurityWeek.
