Application Security News and Articles
Companies that sell software that can be used or downloaded by anyone in the European Union are facing a major new liability. Late last year, the European Commission finalized fundamental changes to the EU Product Liability Directive (PLD) — ...
Boston, Mass., Mar. 11, 2025, CyberNewswire — GitGuardian, the security leader behind GitHub’s most installed application, today released its comprehensive “2025 State of Secrets Sprawl Report,” revealing a widespread and persistent ...
Apple warns that the WebKIt bug "may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
The post Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw appeared first on SecurityWeek.
Author/Presenter: Ben Helliwell
Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel.
Permalink
The post BSides Exeter 2024 ...
James Keiser, Director of Secured Managed Services Southeast, CISO Global, Inc. It’s been a while since I’ve put some thoughts together for the CISO Blog, and with World Backup Day coming at the end of this month, the timing felt right. ...
Redmond ships major security updates with warnings that a half-dozen Windows vulnerabilities have already been exploited in the wild.
The post Patch Tuesday: Microsoft Patches 57 Flaws, Flags Six Active Zero-Days appeared first on SecurityWeek.
6Critical
50Important
0Moderate
0Low
Microsoft addresses 56 CVEs, including seven zero-day flaws, with six of those being exploited in the wild.
Microsoft patched 56 CVEs in its March 2025 Patch Tuesday release, with six rated critical, and 50 ...
Adobe documents 35 security flaws in a wide range of products, including code-execution issues in the Acrobat and Reader applications.
The post Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader appeared first on SecurityWeek.
Lots of interesting details in the story:
The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the ...
Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.
The post UK Government Report Calls for Stronger Open Source Supply Chain Security Practices appeared first on SecurityWeek.
Cato Networks has analyzed a new IoT botnet named Ballista, which targets TP-Link Archer routers.
The post New Ballista IoT Botnet Linked to Italian Threat Actor appeared first on SecurityWeek.
via the comic humor & dry wit of Randall Munroe, creator of XKCD
Permalink
The post Randall Munroe’s XKCD ‘Tall Structures’ appeared first on Security Boulevard.
Do you remember the time your software application faced a security breach? It’s an unsettling experience that can cost a fortune, risk…Continue reading on Medium »
There are two vectors that hackers use to attack your enterprise. One is characterized as the North-South vector, which describes traffic moving between the enterprise and the public internet (or other outside networks, such as partners or ...
As AI technology advances, cybercriminals create more personalized and convincing scams. This includes mimicking voices, deepfake videos, and highly convincing phishing emails that are difficult to spot. Phishing, deepfakes, and voice cloning are ...
SSL/TLS certificate management developments are evolving rapidly, placing increasing pressure on businesses to maintain security, compliance, and operational efficiency. Sectigo’s Certificate as a Service (CaaS) model is a game-changer, ...
An amazing post
The post What is the Model Context Protocol (MCP) and How It Works appeared first on Security Boulevard.
Author/Presenter: Ricardo Sueiras
Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel.
Permalink
The post BSides Exeter ...
The cybersecurity industry has long treated patching as the gold standard for vulnerability management. It is the cornerstone of compliance frameworks, a key metric for security performance, and often the first response to a newly discovered ...
Sony Music told UK regulators that it had to remove more than 75,000 deepfake songs and other material, the latest example of the burgeoning problem of AI-generated false videos, images, and sound that threaten everything from national security ...
