Application Security News and Articles
Verosint launched Vera, an agentic AI security analyst to transform how organizations detect, investigate, and respond to identity-based threats. Built on top of Verosint’s intelligent ITDR platform, Vera is an always-on, expert identity ...
WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind SysAid’s popular IT service management and IT helpdesk solutions ...
The US has sanctioned Myanmar warlord Saw Chit Thu and his militia for their roles in cyber scams causing billions in losses to American victims.
The post US Sanctions Myanmar Militia Involved in Cyber Scams appeared first on SecurityWeek.
At ISHIR, we’ve worked with hundreds of innovators — startup founders, intrapreneurs, and enterprise technology leaders. And one thing is clear: Great ideas don’t come...Read More
The post The 3 Stages of the Idea Cycle: From Raw Concept to ...
The rapid rise in the use of SaaS applications — often without the IT organization's knowledge or consent — has spawned a whole new set of challenges for security teams. These include visibility gaps, unmanaged data flows, and an expanding ...
In our recent live webinar, Ask Us Anything: Solving K-12 Tech Teams’ Biggest Challenges, we gave attendees the chance to get real answers to their top pain points by submitting questions in advance. The session featured Bob Boyd, Chief ...
Meta has won its WhatsApp hacking lawsuit against Israeli spyware company NSO Group in an “important step forward for privacy and security”.
The post Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack appeared first on SecurityWeek.
BlueVoyant launched its Continuous Optimization for Microsoft Security (COMS) offering. COMS improves security outcomes, helps customers stay ahead of cyber threats, and minimizes technology costs by drawing on BlueVoyant’s expertise with ...
Application performance monitoring provider AppSignal has raised $22 million in a Series A funding round led by Elsewhere Partners.
The post AppSignal Raises $22 Million for Application Monitoring Solution appeared first on SecurityWeek.
At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.
The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on SecurityWeek.
Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds ...
Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges.
The post Second OttoKit Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.
Engaging the cybersecurity community
As part of our activities at RSAC 2025 Conference, SquareX hosted an exclusive networking dinner for CISOs and security leaders at the St. Francis Yacht Club. The event brought together forward-thinking ...
The US government warns of threat actors targeting ICS/SCADA systems at oil and natural gas organizations.
The post US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations appeared first on SecurityWeek.
Bringing Browser Security to the Forefront
What a week it’s been! The SquareX team just returned from San Francisco where we attended two back-to-back cybersecurity events: BSides SF and RSAC 2025 Conference. These events gave us the perfect ...
The NATO Cooperative Cyber Defence Centre of Excellence in Estonia is hosting the Locked Shields 2025 cyber defense exercise.
The post 41 Countries Taking Part in NATO’s Locked Shields 2025 Cyber Defense Exercise appeared first on SecurityWeek.
A new report from bot defense firm Kasada has exposed the growing threat of ALTSRUS, a fraud syndicate targeting some of the most vulnerable corners of the digital economy. Researchers revealed how the group has scaled its operations to steal and ...
Application security is changing fast. In this Help Net Security interview, Loris Gutic, Global CISO at Bright, talks about what it takes to keep up. Gutic explains how DevOps, containers, and serverless tools are shaping security, and shares ...
Autorize is an open-source Burp Suite extension that checks if users can access things they shouldn’t. It runs automatic tests to help security testers find authorization problems. Autorize installation To use Autorize, you’ll need Burp ...
Starting in mid-2022, Cofense Intelligence detected a new technique for successfully delivering a credential phishing page to a user’s inbox: blob URIs (Uniform Resource Identifier).
The post Using Blob URLs to Bypass SEGs and Evade Analysis ...
