Application Security News and Articles
Author/Presenter: Cybelle Olivera, Mauro Eldritch
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites ...
Continuing on API client security, we cover more sandbox bypasses, this time in Bruno and Hoppscotch, as well as JavaScript sandboxing best practices.
The post Scripting Outside the Box: API Client Security Risks (2/2) appeared first on Security ...
Discover the comprehensive roadmap for B2B SaaS companies to achieve enterprise readiness. Learn essential infrastructure requirements, compliance frameworks, enterprise features, and go-to-market strategies from a serial founder who scaled ...
By Kevin Hanes, CEO of Reveal Security A few weeks ago, I shared a thought that sparked a lot of discussion: SaaS is not a black box we can ignore. It’s a rich, dynamic attack surface – and one that attackers are increasingly targeting. That ...
Discover how SPICE, WIMSE, and SCITT are redefining workload identity, digital trust, and software supply chain integrity in modern machine-first environments.
The post Standards for a Machine‑First Future: SPICE, WIMSE, and SCITT appeared ...
VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available.
The post NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch appeared first on SecurityWeek.
Security tools have mastered detection – but visibility without action still leaves you exposed. Exposure management platforms promise to bridge the gap between alerts and real risk reduction. But not all platforms deliver. Use this guide to ...
Cynet announced a major update to CyAI, its proprietary AI engine that powers advanced threat detection across the Cynet platform. By reducing false positives by 90%, CyAI advances Cynet’s mission to maximize purpose-built protection for ...
To meet today’s complex security requirements, organizations need solutions that are not only secure, but also practical and scalable. The Swissbit iShield Key 2 offers a compelling answer by combining two critical security functions – ...
Every day, online merchants lose thousands of dollars to a growing challenge: chargeback abuse. What started as consumer protection has become a favorite tactic for fraudsters. The numbers are stark: each chargeback costs merchants nearly $200 in ...
The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization.
The post Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers appeared first on SecurityWeek.
Red Hat Enterprise Linux 10 provides a strategic and intelligent backbone for enterprise IT to navigate complexity, accelerate innovation and build a more secure computing foundation for the future. As enterprise IT grapples with the ...
SecurityWeek’s 2025 Threat Detection & Incident Response (TDIR) Summit takes place as a virtual summit on Wednesday, May 21st.
The post Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit appeared first on ...
AI-native security assurance firm TrustCloud has raised $15 million in a strategic funding round led by ServiceNow Ventures.
The post TrustCloud Raises $15 Million for Security Assurance Platform appeared first on SecurityWeek.
The Last Mile of Zero Trust: Securing Where Work Really Happens — The Browser
At RSAC this year, Andy Ellis, former CSO at Akamai and now Partner at YL Ventures, challenged us to rethink what Zero Trust really means. Not the buzzword. Not ...
Outpost24 announced the addition of AI-enhanced summaries to the Digital Risk Protection (DRP) modules within its External Attack Surface Management (EASM) platform. With Outpost24’s DRP modules, organizations are able to identify, monitor, and ...
A suspected initial access broker has been leveraging trojanized versions of the open-source KeePass password manager to set the stage for ransomware attacks, WithSecure researchers have discovered. KeeLoader: Passoword manager that acts as data ...
Threat protection and intelligence firm CloudSEK raises $19 million in funding from new and existing investors.
The post CloudSEK Raises $19 Million for Threat Intelligence Platform appeared first on SecurityWeek.
A vulnerability in O2’s implementation of the IMS standard resulted in user location data being exposed in network responses.
The post O2 Service Vulnerability Exposed User Location appeared first on SecurityWeek.
New CISA Deputy Director Madhu Gottumukkala has joined the agency from South Dakota’s Bureau of Information and Technology.
The post Madhu Gottumukkala Officially Announced as CISA Deputy Director appeared first on SecurityWeek.
