Application Security News and Articles


Report Surfaces Multiple Novel Social Engineering Tactics and Techniques

HP’s latest threat report reveals rising use of sophisticated social engineering, SVG-based attacks, fake software updates, and AI-enhanced malware as cybercriminals escalate tactics to evade detection. The post Report Surfaces Multiple Novel ...

2026 API and AI Security Predictions: What Experts Expect in the Year Ahead

This is a predictions blog. We know, we know; everyone does them, and they can get a bit same-y. Chances are, you’re already bored with reading them. So, we’ve decided to do things a little bit differently this year.  Instead of bombarding ...

Former Accenture Employee Charged Over Cybersecurity Fraud

Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements. The post Former Accenture Employee Charged Over Cybersecurity Fraud appeared first on SecurityWeek.

The intelligent approach to achieve MISRA C++:2023 compliance

SonarQube provides an intelligent, high-precision, and integrated solution for development teams to achieve full, friction-free compliance with the MISRA C++:2023 coding standard for C++17 safety-critical applications. The post The intelligent ...

SonarQube Server 2025.6 is here: Vibe, then verify faster than ever

This release delivers deeper integrations, dramatically faster analysis, and unmatched support for the latest, most popular languages, helping your team embrace the “vibe, then verify” philosophy. The post SonarQube Server 2025.6 is here: ...

MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations

Eleven companies took part in the evaluations and several have boasted 100% detection and coverage rates. The post MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations appeared first on SecurityWeek.

Pierce County Library Data Breach Impacts 340,000

In April 2025, hackers stole personal information belonging to patrons and employees and their family members. The post Pierce County Library Data Breach Impacts 340,000 appeared first on SecurityWeek.

Beyond Cargo Audit: Securing Your Rust Crates in Container Images

Container image scanning has come a long way over the years, but it still comes with its own set of, often unique, challenges. One of these being the difficulty in analyzing images for vulnerabilities when they contain a Rust payload. If you’re ...

INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps

Cary, North Carolina, USA, 11th December 2025, CyberNewsWire The post INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps appeared first on Security Boulevard.

Wide Range of Malware Delivered in React2Shell Attacks

Security firms have seen cryptocurrency miners, Linux backdoors, botnet malware, and various post-exploitation implants in React2Shell attacks. The post Wide Range of Malware Delivered in React2Shell Attacks appeared first on SecurityWeek.

Unpatched Gogs Zero-Day Exploited for Months

The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution. The post Unpatched Gogs Zero-Day Exploited for Months appeared first on SecurityWeek.

How to Fix Reverse DNS does not match the SMTP banner Error

Originally published at How to Fix Reverse DNS does not match the SMTP banner Error by EasyDMARC. The “reverse DNS does not match SMTP banner” ... The post How to Fix Reverse DNS does not match the SMTP banner Error appeared first on ...

IBM Patches Over 100 Vulnerabilities

Most of the 100 vulnerabilities resolved this week, including critical flaws, were in third-party dependencies. The post IBM Patches Over 100 Vulnerabilities appeared first on SecurityWeek.

Thales expands AI ecosystem protection with application and RAG security tools

AI is one of the fastest-growing technologies in the history of modern business, with the ability to revolutionize industries, optimize operations, and drive innovation, but it is also introducing security gaps, risks, and vulnerabilities. ...

LW ROUNDTABLE: Lessons from 2025 — Cyber risk got personal; accountability enters a new phase

In 2025, the stakes changed. CISOs were hauled into courtrooms. Boards confronted a wave of shareholder lawsuits. And the rise of autonomous systems introduced fresh ambiguity and risk around who’s accountable when algorithms act. Part one of a ...

Microsoft Copilot Studio Security Risk: How Simple Prompt Injection Leaked Credit Cards and Booked a $0 Trip

The no-code power of Microsoft Copilot Studio introduces a new attack surface. Tenable AI Research demonstrates how a simple prompt injection attack of an AI agent bypasses security controls, leading to data leakage and financial fraud. We ...

Thailand’s Personal Data Protection Act

What is the Personal Data Protection Act (PDPA) of Thailand? The Personal Data Protection Act, B.E. 2562 (2019), often referred to by its acronym, PDPA, is Thailand’s comprehensive data privacy and protection law. Enacted to safeguard the ...

F5 strengthens ADSP with enhanced API discovery and threat detection

F5 unveiled enhancements to the F5 Application Delivery and Security Platform (ADSP). The latest updates focus on strengthening API discovery capabilities, improving threat detection, and optimizing network connectivity. These updated ...

How to Check and Improve Your Email Sender Reputation

Originally published at How to Check and Improve Your Email Sender Reputation by EasyDMARC. If you’re noticing a consistently poor ROI on ... The post How to Check and Improve Your Email Sender Reputation appeared first on EasyDMARC. The post ...

Black Duck Signal applies LLM intelligence to code and supply chain risk

Black Duck announced the launch of Black Duck Signal, a transformative agentic AI solution engineered to secure software at the speed of AI-powered development. Signal combines Black Duck’s 20 years of software security expertise and ...