Application Security News and Articles
The cryptocurrency sector has always been a magnet for cybercriminals, but the TraderTraitor campaign marks a different kind of threat—one backed by state-sponsored actors with long-term goals and surgical precision. Allegedly linked to North ...
What began as a trickle of spammy messages has evolved into a sophisticated and dangerous phishing campaign. The Smishing Triad, an active cybercriminal group, is behind a surge of SMS-based phishing attacks (smishing) targeting organizations ...
The recent Salt Typhoon breach targeting telecom infrastructure isn’t just another headline—it’s a warning shot to every service provider that uptime and connectivity aren’t enough. This sophisticated campaign, attributed to Chinese ...
via the comic humor & dry wit of Randall Munroe, creator of XKCD
Permalink
The post Randall Munroe’s XKCD ‘Push Notifications’ appeared first on Security Boulevard.
Lemonade says the incident is not material and that its operations were not compromised, nor was its customer data targeted.
The post Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers appeared first on SecurityWeek.
The world is changing fast — AI is reshaping what’s possible in software. Tools are evolving, business models are shifting, and the speed of iteration...Read More
The post 15 Timeless Truths of SaaS Business in the Age of AI appeared first on ...
The cybersecurity industry has been conspicuously quiet after President Trump targeted ex-CISA director Chris Krebs and SentinelOne for retribution. However, some voices have risen above the silence to urge support and the need for public ...
MISRA coding guidelines are a standard for automotive and other safety critical systems. SonarQube helps C++ developers deliver MISRA C++:2023 compliant apps with MISRA Compliance Early Access available in SonarQube Server Enterprise and Data ...
Author/Presenter: Patrick Kiley
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and ...
Bad bots continue to target organizations across every industry and geography, but the rise of Artificial Intelligence (AI) is fueling bot attacks, making them more intelligent and more evasive than ever before. For over twelve years, Imperva has ...
DaVita has not named the ransomware group behind the incident or share details on the attacker’s ransom demands.
The post Kidney Dialysis Services Provider DaVita Hit by Ransomware appeared first on SecurityWeek.
The business services provider confirms personal information such as names and Social Security numbers was stolen in a January cyberattack.
The post Conduent Says Names, Social Security Numbers Stolen in Cyberattack appeared first on SecurityWeek.
American car rental company Hertz has suffered a data breach linked to last year’s exploitation of Cleo zero-day vulnerabilities by a ransomware gang. The breach resulted in information of an unknown number of customers of Hertz and ...
In fresh filings, Landmark Admin and Young Consulting say data breaches back in 2024 impacted more people than initially estimated.
The post 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches appeared first on SecurityWeek.
We asked an AI agent to analyze the latest shift in U.S. cybersecurity policy, comparing past strategies under Biden to the new 2025 Trump Executive Order. The result? A surprisingly structured analysis that maps out the core philosophical and ...
PlexTrac launched PlexTrac for CTEM, expanding the platform’s capabilities with a proactive and continuous threat exposure management solution designed to help security teams centralize security data, prioritize risk based on business impact, ...
What is Device Code Flow Device code flow is an authentication mechanism typically used on devices with limited input capabilities—like smart TVs, IoT appliances, or CLI-based tools. A user initiates login on the device, which displays a code. ...
DataDome announced major advancements to its platform and partner ecosystem that put businesses back in control of how AI agents access and interact with their digital assets. These innovations come at a pivotal moment, as enterprises grapple ...
Why Comprehensive API Discovery Requires Both Domain-Based and Runtime Techniques The API attack surface is growing—and adversaries know it. Moving to the cloud, DevOps, and application modernization all lead to the proliferation of APIs. ...
ConnectSecure announced its new Google Workspace Assessments. This new capability enhances ConnectSecure’s vulnerability platform by empowering MSPs to assess, detect, and mitigate risks within their clients’ Google Workspace environments. ...
