Application Security News and Articles
Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million. “Our bonus system, providing additional rewards for Lockdown Mode bypasses and ...
Mobilicom launched the Secured Autonomy (SA) Compute PRO-AT, which combines Mobilicom’s OS3 (Operational Security, Safety, and Standards compliance) cybersecurity software with Aitech’s rugged, NVIDIA-based AI Supercomputers, including the ...
Want recruiters to show you the money? A new report says AI skills are your golden ticket. Plus, cyber teams are all in on AI, including agentic AI tools. Oh, and please patch a nasty Oracle zero-day bug ASAP. And get the latest on vulnerability ...
GreyNoise has discovered that attacks exploiting Cisco, Fortinet, and Palo Alto Networks vulnerabilities are launched from the same infrastructure.
The post Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign appeared ...
Learn what a CAA record is, how it protects your domain from unauthorized SSL certificate issuance, and how to set it up for stronger website security.
The post What is CAA? Understanding Certificate Authority Authorization appeared first on ...
The botnet packs over 50 exploits targeting unpatched routers, DVRs, NVRs, CCTV systems, servers, and other network devices.
The post RondoDox Botnet Takes ‘Exploit Shotgun’ Approach appeared first on SecurityWeek.
Multimodal AI delivers context-rich automation but also multiplies cyber risk. Hidden prompts, poisoned pixels, and cross-modal exploits can corrupt entire pipelines. Discover how attackers manipulate multimodal inputs—and the governance, ...
AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. ...
Patches were rolled out for more than 200 vulnerabilities in Junos Space and Junos Space Security Director, including nine critical-severity flaws.
The post Juniper Networks Patches Critical Junos Space Vulnerabilities appeared first on SecurityWeek.
CVE-2025-11371, a unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by attackers in the wild. While Gladinet is aware of the vulnerability and of ...
California’s AB 2655 aimed to fight AI-generated political deepfakes, but a federal court struck it down under Section 230, highlighting the clash between free speech and AI regulation.
The post Red Pilling of Politics – Court Strikes ...
The unpatched vulnerabilities allow attackers to execute arbitrary code remotely and escalate their privileges.
The post ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities appeared first on SecurityWeek.
Apple has announced significant updates to its bug bounty program, including new categories and target flags.
The post Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date appeared first on SecurityWeek.
As autonomous AI agents spread across enterprise systems, a new risk emerges: Shadow AI. Learn why traditional controls fail and how to secure agentic AI.
The post Shadow AI: Agentic Access and the New Frontier of Data Risk appeared first on ...
The threat GitGuardian has long-anticipated is now a reality: criminal groups are executing systematic attacks targeting hardcoded credentials and over-permissive IAM configurations. The situation escalated when Shiny Hunters and Crimson ...
Learn the key differences between Reverse-Proxy SSO and SAML/OIDC authentication models to choose the best fit for your enterprise security.
The post Reverse-Proxy SSO vs. SAML/OIDC: Understanding the Key Differences in Authentication Models ...
Google researchers believe exploitation may have started as early as July 10 and the campaign hit dozens of organizations.
The post Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks appeared first on SecurityWeek.
A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after nearly a decade of service. Not far behind, after six years in existence, comes the end of Office 2019 and ...
Understand and stop credential harvesting. Explore how attacks happen, the risks to your data, the warning signs, and crucial security steps you can take.
The post What Is Credential Harvesting? Risks and Prevention Tips appeared first on ...
SMBs may not have big budgets, but they are on the receiving end of many cyberattacks. A new study from Cleveland State University looked at how these companies could train staff without getting lost in the thousands of skills and tasks in the ...
