Application Security News and Articles
Recently, two critical security flaws were discovered in Kentico Xperience 13, a popular digital experience platform (CMS). Tracked as CVE-2025-2746 and CVE-2025-2747, these vulnerabilities allow unauthenticated attackers to bypass the Staging ...
AMTSO has developed a Sandbox Evaluation Framework to standardize the testing of malware analysis solutions.
The post AMTSO Releases Sandbox Evaluation Framework appeared first on SecurityWeek.
IntroductionZscaler ThreatLabz has identified a new sophisticated malware family that we named CoffeeLoader, which originated around September 2024. The purpose of the malware is to download and execute second-stage payloads while evading ...
ESET researchers have published an in-depth analysis highlighting significant shifts within the ransomware landscape, spotlighting the rise of RansomHub. This relatively new ransomware-as-a-service operation has quickly come to dominate the ...
ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, they made an unexpected discovery in the victim’s ...
Authors/Presenters: Sick.Codes, Casey John Ellis
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites ...
Highlights:
Understanding Canadian API Standards: Key principles for secure government API development.
Critical Importance of API Security: Why robust protection is vital for citizen data.
Compliance and Trust: How adherence to standards builds ...
The late-stage startup said the round was led Coatue Management and brings Island’s total external funding to approximately $730 million.
The post Island Banks $250M Series E for Enterprise Browser appeared first on SecurityWeek.
Oscilar launched AI Agent platform, reshaping how organizations manage online risk. Built around a network of specialized AI agents, Oscilar’s platform addresses key challenges in fraud prevention, compliance, credit underwriting, and ...
AI is now part of the botnet. See how it’s powering ATOs and fake accounts, and why real-time, multi-layered detection is the only way to fight back.
The post How AI is Fueling ATOs & Fake Account Creation—And Why Bot Detection Needs to ...
Security consultant Troy Hunt, the creator of the Have I Been Pwned (HIBP) service, has revealed that he got tricked by a clever phishing email, and that the attacker gained access to his Mailchimp account and stole a list of email addresses of ...
DeNexus announced an innovative enhancement to its cyber risk management flagship solution DeRISK. The new DeRISK Quantified Vulnerability Management leverages advanced AI techniques to automatically and continuously mapping common ...
Discover insights from 900 security leaders across the globe in IDC’s Voice of Security 2025 survey, sponsored by Tines in partnership with AWS. Understand the biggest challenges facing security teams today, and how they can stay ahead of the ...
The new SonarQube Server 2025 Release 2 contains significant enhancements across code quality, code security, and issue remediation with AI CodeFix. Read on to learn more about these great new capabilities.
The post SonarQube Server 2025 Release ...
Atlantis AIO, a tool available to hackers on the dark web, gives threat actors an automated tool to rapidly test millions of stolen credentials against email, ecommerce, and other online accounts on more than 140 email and other platforms in ...
tl;dr: Less FPs for Owns/WriteOwner and new Owns/WriteOwnerLimitedRights edges
Before we get started, if you’d prefer to listen to a 10-minute presentation instead of or to supplement reading this post, please check out the recording of our ...
Concentric AI announced new, context-driven behavior analytics capabilities in its Semantic Intelligence data security governance platform, enabling organizations to identify abnormal activity at the user level. The company has also added new ...
Blumira launched Microsoft 365 (M365) threat response feature to help organizations contain security threats faster by enabling direct user lockout and session revocation within M365, Azure and Entra environments. The new threat response feature ...
A new ransomware group called Arkana claims to have compromised the US telecommunications provider WideOpenWest.
The post New Ransomware Group Claims Attack on US Telecom Firm WideOpenWest appeared first on SecurityWeek.
SplxAI has raised $7 million in a seed funding round led by LAUNCHub Ventures to secure agentic AI systems.
The post SplxAI Raises $7 Million for AI Security Platform appeared first on SecurityWeek.
