Application Security News and Articles
OpenAI on Thursday launched Aardvark, an artificial intelligence (AI) agent designed to autonomously detect and help fix security vulnerabilities in software code, offering defenders a potentially valuable tool against malicious hackers. The ...
Your regular browser may not be secure enough for modern threats, enterprise browsers can help.
The post Enterprise browsers – when your regular browser’s security just isn’t good enough appeared first on SecureIQ Lab.
The post Enterprise ...
SESSION Session 1C: Privacy & Usability 1
Authors, Creators & Presenters: Jiawei Li (Beihang University & National University of Singapore), Jiahao Liu (National University of Singapore), Jian Mao (Beihang University), Jun Zeng ...
6 min readLearn when to use 2-legged vs 3-legged OAuth flows for your authentication needs. Discover security vulnerabilities, implementation patterns, and how Workload Identity Federation eliminates credential risks.
The post 2-Legged vs ...
So long and thanks for all the fish: Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker.
The post US Defense Contractor Boss Sold Zero Days to Russia — Cops a Plea appeared first on Security Boulevard.
For decades, the Local Area Network (LAN) has been the neglected, insecure backyard of the enterprise. While we’ve poured money and talent into fortifying our data centers and cloud environments, the LAN has remained a tangled mess of ...
Institutions wondering whether to pay Oracle must decide whether unsupported OpenJDK for universities is good enough.
The post Is Unsupported OpenJDK for Universities Good Enough? appeared first on Azul | Better Java Performance, Superior ...
Veeam Software plans to expand the scope of its offerings into the realm of data security posture management (DSPM) following the closing of a $1.725 billion acquisition of Securiti AI. Securiti AI developed a DSPM platform based on a knowledge ...
Explore key findings from DataDome’s Global Bot Security Report, including which industries are least and most protected against bad bots and unwanted AI traffic in 2025 and beyond.
The post Which Industries Are Most & Least Protected from ...
October 2025 brought significant data breaches. From universities and airlines to healthcare providers and enterprise systems, multiple high-impact incidents exposed millions of records across industries. These breaches highlight recurring ...
For decades, federal programs operating in high-security or classified domains have relied on air-gapped environments as a primary line of defense. The simple logic being that if networks are physically isolated from the public internet, they ...
Spektrum Labs has raised $10 million in seed funding for its cyber resilience platform.
The post Spektrum Labs Emerges From Stealth to Help Companies Prove Resilience appeared first on SecurityWeek.
Tenable Cloud Security unifies visibility across code, build, and runtime stages. It correlates vulnerabilities, identities, and misconfigurations to prioritize exploitability and automate containment — helping teams detect, control, and ...
Manual secrets management costs organizations $172,000+ annually per 10 developers. Discover the hidden productivity drain, security risks, and how automation can recover at least 1.2 FTE worth of capacity.
The post The Hidden Cost of Secrets ...
We are in the middle of an AI gold rush. The technology is advancing, democratizing access to everything from automated content creation to algorithmic decision-making. For businesses, this means opportunity. For fraudsters, it means carte ...
As engineering teams race to adopt the Model Context Protocol (MCP) to harness the power of agentic AI, a more cautious conversation dominates security leaders’ mindshare. While the potential for innovation is clear, the primary question ...
Bring Your Own Device (BYOD) programs are now a fixture of the modern workplace. Employees expect to use their own phones, tablets, and laptops to get work done, whether at home, in the office, or on the road. For organizations, this flexibility ...
Messaging service WhatsApp is launching passkey-encrypted chat backups for iOS and Android, allowing users to encrypt their stored message history using their face, fingerprint, or device screen-lock code. Backups have long been a weak link in ...
AdaptixC2, a legitimate and open red team tool used to assess an organization's security, is being repurposed by threat actors for use in their malicious campaigns. Threat researchers with Silent Push have linked the abuse of the technology back ...
One of the most important phases of any web application penetration test is scoping. It sets the parameters for the test, defines the methodology, and helps ensure the results are meaningful. A clearly defined scope reduces the chances of missing ...
