Application Security News and Articles
Insider risk is not just about bad actors. Most of the time, it’s about mistakes. Someone sends a sensitive file to the wrong address, or uploads a document to their personal cloud to work from home. In many cases, there is no ill intent, ...
Cerbos is an open-source solution designed to simplify and modernize access control for cloud-native, microservice-based applications. Instead of hardcoding authorization logic into your application, Cerbos lets you write flexible, context-aware ...
The European Union Agency for Cybersecurity (ENISA) has unveiled the European Vulnerability Database (EUVD), an initiative under the NIS2 Directive aimed at enhancing digital security across the EU. The database serves as a centralized repository ...
The fall of two of the most dominant ransomware syndicates, LockBit and AlphV, triggered a power vacuum across the cybercriminal landscape, acccording to a Black Kite survey. In their place, dozens of new actors emerged, many of them lacking the ...
Santa Clara, Calif. May 14, 2025 – Recently, Gartner released the “Market Guide for Cloud Web Application and API Protection”[1], and NSFOCUS was selected as a Representative Vendor with its innovative WAAP solution. We believe this ...
Cary, NC, May 13, 2025, CyberNewswire –Fresh from a high-impact presence at RSAC 2025, where INE Security welcomed thousands of visitors to its interactive booth at San Francisco’s Moscone Center, the global cybersecurity training and ...
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
Background
On May 13, Ivanti released a security advisory to address a high severity remote code ...
Is Your Secrets Management Strategy Straining Your Budget? Organizations are on the lookout for budget-friendly secrets management solutions that provide robust security without causing financial strain. I believe that a comprehensive Non-Human ...
Why is the Strategic Management of NHIs Essential? How do we ensure that our cybersecurity measures keep pace? Non-Human Identities (NHIs) present a unique challenge, as they require a different approach to securing their secrets. This task can ...
How Does Proactive Non-Human Identity Management Keep You Ahead? Cybersecurity, for years, has been placing humans at the center of the identity universe. But have you considered the indispensable role of Non-Human Identities (NHIs) in your ...
Are You Maximizing the Potential of Your IAM Strategies? Effective data management requires a nuanced understanding of advanced Identity and Access Management (IAM) strategies. Where cyber threats are evolving at a rapid pace, an organization’s ...
On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. The zero-days and the publicly disclosed flaws ...
Adobe Patch Tuesday headlined by a major Adobe ColdFusion update patching a wide swatch of code execution and privilege escalation attacks.
The post Adobe Patches Big Batch of Critical-Severity Software Flaws appeared first on SecurityWeek.
The tech giant didn’t disclose the total amount of lost jobs but it will amount to about 6,000 people.
The post Microsoft to Lay Off About 3% of Its Workforce appeared first on SecurityWeek.
As AI makes perfect digital impersonations increasingly accessible, distinguishing reality from fiction becomes harder. This guide breaks down deepfake technology in simple terms and provides practical protection strategies anyone can ...
5Critical
66Important
0Moderate
0Low
Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild.
Microsoft patched 71 CVEs in its May 2025 Patch Tuesday release, with five rated critical and 66 rated as ...
Author/Presenter: Blake Hudson
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and ...
Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s product security incident response team has revealed on Tuesday. About ...
Patch Tuesday: Microsoft patches at least 70 security bugs and flagged five zero-days in the “exploitation detected” category.
The post Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday appeared first on SecurityWeek.
The recent failure of Skybox has left many companies without a supported NSPM solution. As a result, many of these previous Skybox customers have taken this opportunity to reevaluate their...
The post Network Security Policy Management (NSPM) in ...
