Application Security News and Articles
Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution. About MITRE Caldera MITRE Caldera is a platform built on the ...
APIs present a security risk—that much is a given. Attacks on APIs have caused some of the most significant security incidents of the past decades. But the question now is: How can we flip the script and leverage their power to enhance ...
I sent this as an op-ed to the Portland Press Herald but have no delusion they will ACK it or post even a small part of it. As a longtime Mainer and independent voter, I have watched Senator Susan Collins’ career with cautious optimism, hoping ...
Software projects don’t always go as planned. Deadlines slip, budgets overrun, and technical challenges mount. What starts as a minor issue can quickly snowball into...Read More
The post How to Avoid Costly Technical Debt and Get Your Software ...
Noteworthy stories that might have slipped under the radar: Krispy Kreme data breach costs $11M, Pwn2Own moves to Berlin, the story of the 2024 Disney hack.
The post In Other News: Krispy Kreme Breach Cost, Pwn2Own Berlin, Disney Hack Story ...
The Open Source Security Foundation (OpenSSF), a cross-industry initiative by the Linux Foundation, has announced the initial release of the Open Source Project Security Baseline (OSPS Baseline), a tiered framework of security practices that ...
The Qilin ransomware gang claims to have stolen 350 Gb of files from Lee Enterprises in the attack that caused newspaper disruptions.
The post Ransomware Group Takes Credit for Lee Enterprises Attack appeared first on SecurityWeek.
The Vo1d botnet is now powered by 1.6 million Android TV devices, up from 1.3 million half a year ago.
The post Vo1d Botnet Evolves as It Ensnares 1.6 Million Android TV Boxes appeared first on SecurityWeek.
Businesses face increasing pressure to maintain compliance across regions, mitigate risks and improve consumer protection and stakeholder trust.
The post Spotlight on Regulatory Compliance: The Challenges Your IT and Security Teams May Face ...
In a lawsuit targeting cybercriminals who abuse AI services, Microsoft has named individuals from Iran, the UK, China and Vietnam.
The post Microsoft Names Suspects in Lawsuit Against AI Hackers appeared first on SecurityWeek.
The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and evade detection. The Veriti Research team analyzed these chat logs, revealing our ...
PowerDMARC secures a spot in G2’s Top 100 Fastest-Growing Software Companies of 2025! Learn how our innovative email authentication solutions drive security, trust, and growth.
The post PowerDMARC Ranks Among G2’s Top 100 Fastest-Growing ...
In this Help Net Security interview, David Dumont, Partner at Hunton Andrews Kurth, discusses the implications of the EU AI Act and how organizations can leverage existing GDPR frameworks while addressing new obligations such as conformity ...
In this Help Net Security video, Nathan Parks, Senior Research Specialist at Gartner, discusses their recent research, revealing that only 14% of security leaders effectively balance data security with business goals. 35% of leaders are focused ...
Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Armor, BigID, Dynatrace, Fortinet, Legit Security, Netwrix, Nymi, Palo Alto Networks, Pangea, Privacera, Qualys, SafeBreach, Satori, Seal ...
In the fast-paced world of online retail, where customer satisfaction and availability are paramount, a sudden attack by scalping bots can disrupt operations, inflate costs, and damage reputation. A North American Online Retailer faced a ...
Product Update: Version 4.8 This update brings key improvements to asset management and power tracking. Highlights include Template Power metrics in bulk actions, simplified rack layouts for easier asset placement, and advanced power sensors for ...
SMS-based, two-factor authentication (2FA) has long been a staple security measure for many online services, including Gmail. However, as the tech industry shifts towards more secure authentication methods, it has become evident that SMS codes ...
Insight #1 - Veracode report: Flaw fix times increase 47% since 2020
Veracode’s 2025 State of Software Security report exposes a troubling trend — flaw fix times have surged 47%, jumping from 171 days in 2020 to 252 days in 2025.
This ...
How Morpheus revolutionizes security automation with dynamically generated, context-aware workflows.
The post Morpheus: Building Dynamic, Context-Specific Response Playbooks with AI appeared first on D3 Security.
The post Morpheus: Building ...
