Application Security News and Articles


Healthcare Services Group Data Breach Impacts 624,000

The personal information of many individuals was stolen from Healthcare Services Group’s computer systems in 2024. The post Healthcare Services Group Data Breach Impacts 624,000 appeared first on SecurityWeek.

Dynamic Authorization vs. Static Secrets: Rethinking Cloud Access Controls

6 min readLearn why static secrets fail in modern environments and how to implement dynamic authorization. The post Dynamic Authorization vs. Static Secrets: Rethinking Cloud Access Controls appeared first on Aembit. The post Dynamic ...

Custom Controls: Beyond NIST SP 800-53

Extend Q-Compliance's capabilities beyond its out-of-the box offerings! Custom Controls allow organizations meet compliance objectives with unique requirements, procedures and risk profiles. The post Custom Controls: Beyond NIST SP 800-53 first ...

Formal Methods for Stellar DeFi: Verifying Lending Protocol with Certora Sunbeam Prover

Hello! My name is Kirill Ziborov, and I’m a formal verification engineer and security researcher at Positive Web3. From February 24 to March 18, an audit contest for the Blend protocol on the Stellar blockchain was held on the Code4rena. In ...

Aembit Introduces GitLab Credential Lifecycle Management and GitLab Component

7 min readSay goodbye to long-lived personal access tokens as you replace them with ephemeral, policy-driven credentials and automated service account management. The post Aembit Introduces GitLab Credential Lifecycle Management and GitLab ...

Aembit Extends Secretless CI/CD with Credential Lifecycle Management for GitLab

Silver Spring, USA / Maryland, 26th August 2025, CyberNewsWire The post Aembit Extends Secretless CI/CD with Credential Lifecycle Management for GitLab appeared first on Security Boulevard.

Key findings from “The State of Embedded Software Quality and Safety 2025” report

Discover key trends and challenges in embedded software development, from AI integration to SBOM compliance. Learn how Black Duck's solutions can help ensure quality and safety. The post Key findings from “The State of Embedded Software ...

Data Blindness is the Silent Threat Undermining AI, Security and Operational Resilience

Data blindness is emerging as one of the biggest business risks of the AI era — without visibility, organizations can’t trust their data. The post Data Blindness is the Silent Threat Undermining AI, Security and Operational Resilience ...

7 Best People Search Platform to Strengthen KYC and Fraud Detection Processes

Leading solutions in best people search sites. How to effectively choose the optimal platform to improve your know your customer and fraud detection processes. The post 7 Best People Search Platform to Strengthen KYC and Fraud Detection Processes ...

Docker Desktop Vulnerability Leads to Host Compromise

A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek.

Encryption Backdoor in Military/Police Radios

I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities­—five in total—­in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, ...

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)

CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US ...

AI Systems Vulnerable to Prompt Injection via Image Scaling Attack

Researchers show how popular AI systems can be tricked into processing malicious instructions by hiding them in images. The post AI Systems Vulnerable to Prompt Injection via Image Scaling Attack appeared first on SecurityWeek.

Hundreds of Thousands Affected by Auchan Data Breach

Auchan confirms that the personal information of hundreds of thousands of customers was stolen in a data breach. The post Hundreds of Thousands Affected by Auchan Data Breach appeared first on SecurityWeek.

Cracking the Code: My First Hands-On Journey with GitHub CodeQL

When I first came across GitHub CodeQL, it felt like some advanced hacker tool. Honestly, I thought:  “This is too technical for me.”Continue reading on Medium »

Security Culture: When Are We Really Creating Change? with Marisa Fagan

Discover insights from The Elephant in AppSec episode with Marisa Fagan. The post Security Culture: When Are We Really Creating Change? with Marisa Fagan appeared first on Security Boulevard.

Organizations Warned of Exploited Git Vulnerability

CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote code execution. The post Organizations Warned of Exploited Git Vulnerability appeared first on SecurityWeek.

FTC Calls on Tech Firms to Resist Foreign Anti-Encryption Demands

Tech giants have received a letter from the FTC urging them not to weaken security and privacy at the request of foreign governments. The post FTC Calls on Tech Firms to Resist Foreign Anti-Encryption Demands appeared first on SecurityWeek.

IoT security challenges, issues and best practices

From smart homes and wearable fitness trackers to connected cars and industrial machinery, the Internet of Things (IoT) has become an inseparable part of our lives. With billions of devices already online and millions more joining everyday, IoT ...

The Enterprise Risk of OAuth Device Flow Vulnerabilities – And How SSOJet Solves It

SSOJet delivers far more than "just SSO": we give your team the visibility, control, and security intelligence needed to defeat device flow phishing and build a future-proof identity management framework. The post The Enterprise Risk of OAuth ...