Application Security News and Articles
XE Group, a cybercriminal outfit that has been active for over a decade, has been quietly exploiting zero-day vulnerabilities (CVE-2025-25181, CVE-2024-57968) in VeraCore software, a popular solution for warehouse management and order ...
With each passing year, social engineering attacks are becoming bigger and bolder thanks to rapid advancements in artificial intelligence.
The post How Agentic AI will be Weaponized for Social Engineering Attacks appeared first on SecurityWeek.
Authors/Presenters: Panel
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the ...
Before exploring how to mitigate the human factors in cybersecurity, it's essential to understand what this term means. The human factors of cybersecurity refer to the actions or events where human error leads to a successful hack or data breach. ...
A new Mythic add-on for Windows Agents
Mythic provides flexibility to agent developers for how they want to describe and execute techniques. While this is great, it also means that when operators hop from agent to agent, they can have issues ...
David Kennedy is a hacker. There is no doubt about that. He has qualities common among hackers, but also many differences.
The post Hacker Conversations: David Kennedy – an Atypical Typical Hacker appeared first on SecurityWeek.
SafeBreach launched SafeBreach exposure validation platform, which combines the power of its time-tested breach and attack simulation (BAS) product—now called Validate—and its new attack path validation product, Propagate. Together, they ...
Just as OT technology differs from IT technology, the threats, likely adversaries, and potential harm also differ.
The post Cyber Insights 2025: OT Security appeared first on SecurityWeek.
There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has confirmed. Meanwhile, Netgear has issued patches for critical flaws affecting its routers and wireless access points. Zyxel vulnerability: Exploited, ...
By Kelly Kaoudis and Evan Sultanik This blog post highlights key points from our new white paper Preventing Account Takeovers on Centralized Cryptocurrency Exchanges, which documents ATO-related attack vectors and defenses tailored to CEXes. ...
Our zLabs research team has discovered a mobile malware campaign consisting of almost 900 malware samples primarily targeting users of Indian banks.
The post Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach appeared first on ...
A significant number of cybersecurity-related merger and acquisition (M&A) deals announced in January 2025.
The post Cybersecurity M&A Roundup: 45 Deals Announced in January 2025 appeared first on SecurityWeek.
Satori announced its new capabilities, enabling security teams to be in control of all customer data across the development lifecycle in a simple, cost-effective, and holistic way. These capabilities automate the daunting tasks of discovering ...
Rhode Island disclosed in December that a ransomware attack had resulted in a data breach of its RIBridges social services database, exposing personal data of about 650,000 residents that included Social Security numbers, dates of birth, and ...
Riot has raised $30 million in Series B funding for a platform that helps employees improve their cybersecurity posture.
The post Riot Raises $30 Million for Employee Cybersecurity Solution appeared first on SecurityWeek.
150 abandoned Amazon S3 buckets could have been leveraged to deliver malware or backdoors to governments and Fortune companies.
The post Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms appeared first on SecurityWeek.
Russian threat groups have been observed exploiting a zero-day vulnerability in 7-Zip against Ukrainian entities.
The post Russian Hackers Exploited 7-Zip Zero-Day Against Ukraine appeared first on SecurityWeek.
Explore our analysis into the eight vulnerabilities discovered in LogicalDOC DMS. Vulnerabilities include SQL injection, remote code execution, and XSS.
The post CyRC Advisory: Eight vulnerabilities discovered in LogicalDOC appeared first on ...
PAM aims to provide a privileged identity-centric approach to controlling access as part of the bigger identity ecosystem.
The post The Path of Least Resistance to Privileged Access Management appeared first on Security Boulevard.
Chrome 133 and Firefox 135 were released with patches for multiple high-severity memory safety vulnerabilities.
The post Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
