Application Security News and Articles
Skyhigh Security announced the launch of its risk-focused data visibility and compliance dashboard as part of Skyhigh DSPM’s Data Explorer. In April 2025, Data Security Posture Management (DSPM) was integrated into Skyhigh Security’s SSE ...
The PCIe flaws, found by Intel employees, can be exploited for information disclosure, escalation of privilege, or DoS.
The post Intel, AMD Processors Affected by PCIe Vulnerabilities appeared first on SecurityWeek.
In this Help Net Security interview, Stefan Braun, CISO at Henkel, discusses how smart manufacturing environments introduce new cybersecurity risks. He explains where single points of failure hide, how attackers exploit legacy systems, and why ...
Cybersecurity leaders spend much of their time watching how threats and tools change. A new study asks a different question, how has the research community itself changed over the past two decades. Researchers from the University of Southampton ...
UTMStack is an open-source unified threat management platform that brings SIEM and XDR features into one system. The project focuses on real time correlation of log data, threat intelligence, and malware activity patterns gathered from different ...
LLMs are moving deeper into enterprise products and workflows, and that shift is creating new pressure on security leaders. A new guide from DryRun Security outlines how these systems change long standing assumptions about data handling, ...
A SOX audit can reveal uncomfortable truths about how a company handles access to financial systems. Even organizations that invest in strong infrastructure often discover that everyday password habits weaken the controls they thought were solid. ...
Britain and its allies face escalating “hybrid threats … designed to weaken critical national infrastructure, undermine our interests and interfere in our democracies.”
The post UK Sanctions Russian and Chinese Firms Suspected of Being ...
The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs.
The post Adobe Patches Nearly 140 Vulnerabilities appeared first on SecurityWeek.
Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges.
The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek.
Promotions across Microsoft’s security organization reinforce the company’s shift toward AI-driven defense and tighter operational oversight under Global CISO Igor Tsyganskiy.
The post Microsoft Names New Operating CISOs in Strategic Move to ...
Noma Security today revealed it has discovered a vulnerability in the enterprise edition of Google Gemini that can be used to inject a malicious prompt that instructs an artificial intelligence (AI) application or agent to exfiltrate data. Dubbed ...
The AI-powered platform autonomously conducts security design reviews and proactively identifies design flaws across development work.
The post Prime Security Raises $20 Million to Build Agentic Security Architect appeared first on SecurityWeek.
When it comes to cybersecurity, it often seems the best prevention is to follow a litany of security “do’s” and “don’ts.” A former colleague once recalled that at one organization where he worked, this approach led to such a ...
The exploitation efforts by China-nexus groups and other bad actors against the critical and easily abused React2Shell flaw in the popular React and Next.js software accelerated over the weekend, with threats ranging from stolen credentials and ...
The Tech Field Day Exclusive with Microsoft Security (#TFDxMSSec25) spotlighted one of the most aggressive demonstrations of AI-powered security operations to date. Microsoft showcased how Sentinel’s evolving data lake and graph architecture ...
Learn how GRC and SOC teams can turn shared threat intelligence into faster action, clearer communication, and stronger organizational resilience.
The post Webinar Today: Inside the First 72 hours of a Cyber Event appeared first on SecurityWeek.
At a recent Tech Field Day Exclusive event, Microsoft unveiled a significant evolution of its security operations strategy—one that attempts to solve a problem plaguing security teams everywhere: the exhausting practice of jumping between ...
North Korean threat actors are believed to be behind CVE-2025-55182 exploitation delivering EtherRAT.
The post React2Shell Attacks Linked to North Korean Hackers appeared first on SecurityWeek.
The funding round was led by KKR, with participation from Sixth Street Growth, TenEleven, and Carrick Capital Partners.
The post Identity Security Firm Saviynt Raises $700 Million at $3 Billion Valuation appeared first on SecurityWeek.
