Application Security News and Articles
Virtual event brings together leading experts, practitioners, and innovators for a full day of insightful discussions and tactical guidance on evolving threats and real-world defense strategies in cloud security.
The post Virtual Event Preview: ...
Obfuscated JavaScript code is embedded within SVG files for browser-native redirection to malicious pages.
The post Threat Actors Use SVG Smuggling for Browser-Native Redirection appeared first on SecurityWeek.
You don’t always need a vulnerable app to pull off a successful exploit. Sometimes all it takes is a well-crafted email, an LLM agent, and a few “innocent” plugins. This is the story of how I used a Gmail message to trigger code execution ...
NETSCOUT announced Adaptive Threat Analytics, a new enhancement to its Omnis Cyber Intelligence Network Detection and Response (NDR) solution, designed to improve incident response and reduce risk. Adaptive Threat Analytics enables security teams ...
A hacker accessed the X account of beloved Sesame Street character Elmo, which included racist and antisemitic posts and a foul tirade about Trump and Jeffrey Epstein. The incident came a week after xAI's Grok chatbot spewed antisemitic and white ...
Palo Alto Networks today extended its alliance with Okta to provide deeper integrations to enable cybersecurity teams to restrict which applications can be accessed from a secure browser.
The post Palo Alto Networks Extends Zero-Trust Alliance ...
UEFI firmware running on 100+ Gigabyte motherboard models is affected by memory corruption vulnerabilities that may allow attackers to install persistent and difficult-to-detect bootkits (i.e., malware designed to infect the computer’s boot ...
F5 announced new tools to reduce the immense complexity cross-functional operations (XOps) teams face in managing hybrid, multicloud, and AI-driven application environments. F5 AI Assistant now provides a single natural language interface across ...
Cloudflare has published its quarterly DDoS threat report for Q2 2025 and the company says it has blocked millions of attacks.
The post DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total appeared first on SecurityWeek.
Pennsylvania-based Century Support Services is disclosing a data breach after its systems were hacked in November 2024.
The post Data Breach at Debt Settlement Firm Impacts 160,000 People appeared first on SecurityWeek.
Fingerprint announced new Smart Signals and platform enhancements that detect malicious bots and AI agents, distinguishing them from legitimate automated traffic. As agentic commerce experiences explosive growth and autonomous AI agents become ...
At-Bay launched its new Managed Extended Detection and Response (MXDR) platform, designed to give mid-market and small businesses access to enterprise-grade cybersecurity at an affordable cost. Spanning endpoint, cloud, identity, and email, ...
Pentera has introduced a capability to uncover and validate risk exposure from data in Git repositories. Pentera now discovers repositories linked to the organization, identifies embedded credentials, tokens, and other sensitive data, and ...
A new report from AppOmni captures a significant misplaced confidence in the security of software-as-a-service applications and escalating risks associated with these cloud services.
The post The SaaS Security Disconnect: Why Most Organizations ...
AsyncRAT is an open-source remote access trojan that first appeared on GitHub in 2019. It includes a range of typical RAT capabilities, such as keylogging, screen capture, credential theft, and more. Its simplicity and open-source design have ...
Zip Security’s Series A funding round led by Ballistic Ventures will help the company grow its engineering and go-to-market teams.
The post Zip Security Raises $13.5 Million in Series A Funding appeared first on SecurityWeek.
DragonForce says it stole more than 150 gigabytes of data from US department store chain Belk in a May cyberattack.
The post Ransomware Group Claims Attack on Belk appeared first on SecurityWeek.
The MITRE AADAPT framework provides documentation for identifying, investigating, and responding to weaknesses in digital asset payments.
The post MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats appeared first on SecurityWeek.
The account was compromised over the weekend and Elmo’s 650,000 followers were given antisemitic threats and a reference to the Jeffrey Epstein investigation.
The post Sesame Workshop Regains Control of Elmo’s Hacked X Account After Racist ...
For decades, manufacturers and security professionals have been playing a high-stakes game of cat and mouse with counterfeiters. From holograms and QR codes to RFID tags and serial numbers, the industry’s toolkit has evolved, but so have the ...
