Application Security News and Articles
The cybersecurity landscape is rapidly evolving, with vulnerability exploitation becoming a primary attack vector. Recent reports, including Google's 2024 Zero-Day Report, highlight a disturbing trend: attackers are increasingly focusing on ...
Scott Shober, Cyber Expert, Author of "Hacked Again," and CEO of Berkeley Varitronics Systems, sits down with host David Braue to discuss a cyberattack on the Office of the Comptroller of the Currency. The podcast can be listened to in its ...
Your security team is spending 70% of their time chasing ghosts. Here's how to reclaim those hours for strategic work that actually matters.
The post Why Your Security Team is Wasting 70% of Their Time on Phantom Threats And How to Fix It ...
We have discovered 10,000 vulnerabilities this year. Great, now what? This sounds like a lot of work has been done, but in reality, it is just noise, not a signal....
The post Why Fixing Every Vulnerability Is Wasting Time and Your Team’s ...
The RSAC Conference 2025 marked a pivotal shift in the cybersecurity industry’s collective mindset. From C-level leaders to frontline practitioners, there was a growing acknowledgment of what many have quietly known for years: the fragmented ...
A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) ...
Whether your organization is already in the cloud or just starting to plan your migration, security is a top priority. This webinar will help you to better understand your options for cloud migration as well as learn how to prioritize cloud ...
John Kindervag is best known for developing the Zero Trust Model. He is a hacker, but not within our common definition of a hacker today.
The post Hacker Conversations: John Kindervag, a Making not Breaking Hacker appeared first on SecurityWeek.
The post What is DLP & Why It’s Not Enough to Stop Data Breaches Alone appeared first on Votiro.
The post What is DLP & Why It’s Not Enough to Stop Data Breaches Alone appeared first on Security Boulevard.
Immersive launched AppSec Range Exercises, expanding its AppSec solution beyond hands-on labs to help cyber leaders and practitioners prove and improve their capabilities as part of a holistic cyber readiness program. The new product offers range ...
Threat actors are revisiting SAP NetWeaver instances to leverage webshells deployed via a recent zero-day vulnerability.
The post Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise appeared first on SecurityWeek.
Rami Khaled Ahmed, a 36-year-old from Yemen, has been charged for launching ransomware attacks between 2021 and 2023.
The post US Charges Yemeni Man for Black Kingdom Ransomware Attacks appeared first on SecurityWeek.
Despite the risks associated with artificial intelligence (AI) coding, developers remain enthusiastic, using it to keep up with the demand for delivery software at speed. A recent GitHub survey found that 92% of U.S.-based developers are using AI ...
Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published.
The post Samsung MagicINFO Vulnerability Exploited Days After PoC Publication appeared first on SecurityWeek.
CISA warns organizations that threat actors are exploiting a critical-severity vulnerability in low-code AI builder Langflow.
The post Critical Vulnerability in AI Builder Langflow Under Attack appeared first on SecurityWeek.
Misconfigured Apache Pinot instances can and have enabled threat actors to gain access to sensitive information.
The post Microsoft Warns of Attackers Exploiting Misconfigured Apache Pinot Installations appeared first on SecurityWeek.
An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being leveraged by attackers. Exploit attempts have been flagged by the SANS Internet ...
Android’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine.
The post Android Update Patches FreeType Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
As organizations brace for the rising tide of machine identities and prepare for a post-quantum cryptographic era, a quiet but crucial shift is underway in the financial sector: the deployment of a new, private PKI standard designed specifically ...
The importance of the MITRE-run Common Vulnerabilities and Exposures (CVE) Program shouldn’t be understated. For 25 years, it has acted as the point of reference for cybersecurity professionals to understand and mitigate security flaws. By ...
