Application Security News and Articles
It’s hard to believe that we’re in December of 2025 already and the end of the year is fast approaching. Looking back on the year, there are two major items that really stand out in my mind. First, there is the large number of Microsoft ...
CISA and global partners issue new guidance for secure AI integration in operational technology, highlighting risks, governance, behavioral analytics, and OT safety.
The post CISA Releases New AI-in-OT Security Guidance: Key Principles & ...
Enterprises are rushing to deploy agentic systems that plan, use tools, and make decisions with less human guidance than earlier AI models. This new class of systems also brings new kinds of risk that appear in the interactions between models, ...
Operational teams know that access sprawl grows fast. Servers, virtual machines and network gear all need hands-on work and each new system adds more identities to manage. A bastion host tries to bring order to this problem. It acts as a single ...
Most healthcare organizations focus on encryption, network monitoring, and phishing prevention, although one simple source of risk still slips through the cracks. Password management continues to open doors for attackers more often than leaders ...
IT leaders want their employees to work without running into digital hurdles, but many still struggle with fragmented systems that slow teams down. A new report from Lenovo sheds light on how widespread the problem has become and what ...
The Washington Post last month reported it was among a list of data breach victims of the Oracle EBS-related vulnerabilities, with a threat actor compromising the data of more than 9,700 former and current employees and contractors. Now, a ...
Security leaders are entering another budget cycle with more money to work with, but many still feel no safer. A new benchmark study from Wiz shows a widening gap between investment and impact. Budgets keep rising, cloud programs keep expanding, ...
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Creative cybersecurity strategies for resource-constrained institutions In this Help Net Security interview, Dennis Pickett, CISO at RTI ...
Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure ...
For too long, security has been cast as a bottleneck – swooping in after developers build and engineers test to slow things down. The reality is blunt; if it’s bolted on, you’ve already lost. The ones that win make security part of every ...
Other noteworthy stories that might have slipped under the radar: Akamai patches HTTP smuggling vulnerability, Claude Skills used to execute ransomware, PickleScan flaws.
The post In Other News: X Fined €120 Million, Array Flaw Exploited, New ...
The critical React vulnerability has been exploited in the wild by Chinese and other threat actors.
The post Cloudflare Outage Caused by React2Shell Mitigations appeared first on SecurityWeek.
The cybersecurity startup detects impersonation risk in real-time, across video, phone, and chat communication.
The post Imper.ai Emerges From Stealth Mode With $28 Million in Funding appeared first on SecurityWeek.
Warp Panda has been using the BrickStorm, Junction, and GuestConduit malware in attacks against US organizations.
The post US Organizations Warned of Chinese Malware Used for Long-Term Persistence appeared first on SecurityWeek.
ShadyPanda spent seven years uploading trusted Chrome and Edge extensions, later weaponizing them for tracking, hijacking, and remote code execution. Learn how the campaign unfolded.
The post ShadyPanda Takes its Time to Weaponize Legitimate ...
The startup will invest in expanding its engineering and research teams, deepening product integrations, and scaling go-to-market efforts.
The post Lumia Security Raises $18 Million for AI Security and Governance appeared first on SecurityWeek.
Cloudflare recently mitigated a new record-breaking Aisuru attack that peaked at 14.1 Bpps.
The post Aisuru Botnet Powers Record DDoS Attack Peaking at 29 Tbps appeared first on SecurityWeek.
The BBB warns of a rising ghost-tap scam exploiting tap-to-pay cards and mobile wallets. How attackers use NFC proximity tricks.
The post Ghost-Tap Scam Makes Payments Scarier appeared first on Security Boulevard.
CrowdStrike deepens its AWS partnership with automated Falcon SIEM configuration, AI security capabilities, EventBridge integrations and new MSSP-focused advancements.
The post CrowdStrike Extends Scope of AWS Cybersecurity Alliance appeared ...
