Application Security News and Articles
Palo Alto Networks this week released an open application programming interface (API) framework that organizations can use to more easily deploy encryption keys that are not likely to be broken by a quantum computer.
The post Palo Alto Networks ...
Check out tips for adopting AI securely from the World Economic Forum. Plus, the EU’s DORA cyber rules for banks go into effect. Meanwhile, a report warns about overprivileged cloud accounts. And get the latest on ransomware trends; CIS ...
Insight No. 1: DORA’s knocking at your door
DORA is already in effect! For those who haven't started, playing catch-up could be a costly mistake. Organizations that fail to comply with the established ICT risk management framework could face ...
Discover insights learned from CodeMash 2025 community on NHI governance, secrets security, and addressing vault sprawl challenges in enterprise environments.
The post CodeMash 2025: A Community Conversation About NHI And Secrets Security ...
A vulnerability in Subaru’s Starlink connected vehicle service exposed US, Canada, and Japan vehicle and customer accounts.
The post Subaru Starlink Vulnerability Exposed Cars to Remote Hacking appeared first on SecurityWeek.
A malicious generative AI chatbot dubbed "GhostGPT" is being advertised to cybercriminals on underground forums as a tool for more quickly and efficiently creating malware, running BEC attacks, and other nefarious activities, lowering the barrier ...
North Korean fake IT workers are more aggressively extorting their employers in response to law enforcement actions.
The post North Korean Fake IT Workers More Aggressively Extorting Enterprises appeared first on SecurityWeek.
Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York for $2 million, trojanized RAT builder targets script kiddies.
The post In Other News: VPN Supply Chain Attack, PayPal ...
The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to North Korea.
The post US Charges Five People Over North Korean IT Worker Scheme appeared first on SecurityWeek.
CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of Old jQuery Vulnerability Linked to Chinese APT appeared first on SecurityWeek.
With the world being highly data-driven, data is an organization’s most valuable asset, so implementing a data governance framework is essential.
The post The Role of Data Governance in Strengthening Enterprise Cybersecurity appeared first on ...
Four decades of student and educator information was stolen from PowerSchool – tens of millions are potentially affected.
The post Millions Impacted by PowerSchool Data Breach appeared first on SecurityWeek.
Business resilience must be the ultimate purpose of all the security controls and processes we employ, because we will never conclusively defeat or protect ourselves from social engineering.
The post Cyber Insights 2025: Social Engineering Gets ...
Pwn2Own Automotive 2025 has come to an end and participants have earned a total of $886,000 for exploits targeting EV chargers and infotainment systems.
The post Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment ...
While zero-trust architecture (ZTA) has many benefits, it can be challenging for companies because of a static mindset, increased costs and continuous maintenance. it can be challenging for companies because of a static mindset, increased costs ...
Eclypsium warns that Palo Alto Networks firewalls are impacted by BIOS and bootloader flaws, but the vendor says users should not be concerned.
The post Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls ...
Companies are embracing multi-cloud strategies not just because they want to avoid vendor lock-in, but because different providers excel at other things.
The post Building Secure Multi-Cloud Architectures: A Framework for Modern Enterprise ...
Aviat Networks announced that it has enhanced its Secure Software Development Lifecycle (SSDLC) process and Software Vulnerability Alert (SVA) service designed to strengthen Aviat’s software and firmware development process to comply with ...
Organizations’ reliance on IT infrastructure for their financial and operational activities is growing exponentially. IT General Controls or ITGC ensures the IT systems work securely and efficiently. These controls keep in check how well ...
Accuracy, Coverage & Integration: A Comprehensive Benchmark for Modern SAST ToolsContinue reading on Medium »
