Application Security News and Articles


Taking a Threat Adapted Approach to Vulnerability Management

As cyberthreats grow in complexity and frequency, vulnerability management requires more than just patching systems; it demands a dynamic, threat-adapted approach. As part of Cyber Rhino Threat Week ( December 9-13, 2024) which aimed to inform, ...

Japanese Companies Threatened by DPRK IT Workers

Nisos Japanese Companies Threatened by DPRK IT Workers The Japanese government warned domestic companies in March 2024 about contracting North Korean (DPRK) IT workers posing as Japanese nationals to earn cash, as it is suspected... The post ...

Appdome Threat Dynamics analyzes and ranks mobile threats

Appdome announced that a new AI-Native threat-management module called Threat Dynamics will be offered inside Appdome’s ThreatScope Mobile XDR. Threat Dynamics uses AI deep learning to continuously evaluate the likelihood of a successful ...

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)

A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly advises users of the SMA1000 product to upgrade to the hotfix release ...

DigitalOcean Per-Bucket Access Keys boosts object storage security

DigitalOcean announced Per-Bucket Access Keys for DigitalOcean Spaces, its S3-compatible object storage service. This feature provides customers with identity-based, bucket-level control over access permissions, helping to enhance their data ...

Bitsight Instant Insights accelerates vendor risk assessments

Bitsight unveiled Instant Insights, a new offering from the Bitsight IQ suite of AI-based capabilities. The new feature leverages generative AI to analyze and summarize security questionnaires and reports, allowing security and compliance teams ...

Oracle WebLogic Server Remote Code Execution and Denial of Service Vulnerability (CVE-2025-21535/CVE-2025-21549)

Overview Recently, NSFOCUS CERT detected that Oracle has released a security announcement, in which the remote code execution and denial of service vulnerabilities of Oracle WebLogic Server have been fixed. Affected users should take protective ...

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA madhav Thu, 01/23/2025 - 06:25 Data Breaches in Healthcare: Why Stronger Regulations Matter A data breach involving personal health ...

Defense strategies to counter escalating hybrid attacks

In this Help Net Security interview, Tomer Shloman, Sr. Security Researcher at Trellix, talks about attack attribution, outlines solutions for recognizing hybrid threats, and offers advice on how organizations can protect themselves against ...

Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning

The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception. The scanner, developed by Maximilian Hildebrand, offers extensive support for various web cache poisoning and ...

CISOs are juggling security, responsibility, and burnout

This article gathers excerpts from multiple reports, presenting statistics and insights that may be valuable for CISOs, helping them with informed decision-making, risk management, and developing strategies to enhance their organization’s ...

Funding soars in a milestone year for Israeli cybersecurity

In this Help Net Security video, Or Salom, Analyst at YL Ventures, discusses the State of the Cyber Nation Report 2024. The report reveals resilience and growth in the Israeli cybersecurity industry, with total investments reaching $4 billion ...

NSFOCUS Licensed for SOC and Pentest Service in Malaysia in Accordance with Cyber Security Act 2024

Santa Clara, Calif. January 23, 2025  – NSFOCUS, a global provider of intelligent hybrid security solutions, today announced that it has received two security service licenses from the National Cyber Security Agency (NACSA) of Malaysia, being ...

Prevent Data Breaches with Advanced IAM

Why is IAM Vital in Preventing Data Breaches? Identity and Access Management (IAM) stands at the forefront of effective cybersecurity strategies. Implementing advanced IAM holds the key to data breach prevention, providing a formidable line of ...

Is Your Automation Exposing Critical Data?

Is Automation Compromising Your Data Security? In modern business environments, how secure is your automation process? Alarmingly, many companies are unknowingly exposing critical data due to inadequate Non-Human Identity (NHI) and Secrets ...

Empowering Teams with Secure API Management

Why is Secure API Management Essential for Team Empowerment? Is API management a critical aspect of your organization’s cybersecurity strategy? It should be. APIs, or Application Programming Interfaces, are the engines that power today’s ...

Announcing the 2025 State of Application Risk Report

Use the data and analysis in this report to prioritize your 2025 AppSec efforts. The post Announcing the 2025 State of Application Risk Report appeared first on Security Boulevard.

UK Mail Check: DMARC Reporting Changes to Know

The UK National Cyber Security Centre (NCSC), the country's technical authority for cyber security, has announced changes to its Mail Check program. The post UK Mail Check: DMARC Reporting Changes to Know appeared first on Security Boulevard.

DEF CON 32 – The Village Peoples’ Panel What Really Goes On In A Village

Authors/Presenters: Panel Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the ...

Proactive compliance with Sonatype: Automating reporting for U.S. Army SBOM requirements

We've been closely following the regulatory response to the increasing frequency with which cybersecurity attacks target software supply chains. The post Proactive compliance with Sonatype: Automating reporting for U.S. Army SBOM requirements ...