Application Security News and Articles
The New HPE Networking: Integration Complete At Security Field Day, Hewlett Packard Enterprise showcased the results of its most ambitious integration effort: combining decades of networking expertise under a single, AI-driven security vision. ...
As technology continues to rapidly advance (i.e. generative AI, large language models, quantum computing, etc.), financial institutions (FIs) must evolve while balancing opportunity and risk. FIs are embracing advanced technology to meet rising ...
A new phishing campaign is attempting to trick users into believing they’ve missed important emails, security researchers are warning. The emails The bogus email alerts look like they are coming from the recipient’s email domain, and ...
SESSION
Session 2D: Android Security 1
Authors, Creators & Presenters: Mathias Oberhuber (Graz University of Technology), Martin Unterguggenberger (Graz University of Technology), Lukas Maar (Graz University of Technology), Andreas Kogler ...
A researcher found a way to exploit an SSRF vulnerability related to custom GPTs to obtain an Azure access token.
The post ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure appeared first on SecurityWeek.
An individual believed to have been involved in the operation of VenomRAT was arrested recently in Greece.
The post 1,000+ Servers Hit in Law Enforcement Takedown of Rhadamanthys, VenomRAT, Elysium appeared first on SecurityWeek.
Federal agencies have reported as ‘patched’ ASA or FTD devices running software versions vulnerable to attacks.
The post CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks appeared first on SecurityWeek.
Security leaders are under increasing pressure to prove that their defenses actually work. Board members and stakeholders want to see measurable progress, yet most metrics available to CISOs today don’t quite fit that need.
The post Metrics ...
CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and Firepower firewalls. “In CISA’s analysis of agency-reported ...
Join us as speakers from Cisco outline important steps industrial organizations can take to safeguard operations, achieve compliance, and enable sustainable growth.
The post Webinar Today: The Future of Industrial Network Security appeared ...
As organizations rush to deploy AI, enterprise defenses are struggling to keep up. This blog explores the emerging AI exposure gap — the widening divide between innovation and protection — and what security leaders can do to close it.
Key ...
TrojAI has launched its new AI runtime defense solution for agentic AI workflows, TrojAI Defend for MCP. Model Context Protocol (MCP) is an open protocol that allows AI agents to connect with external data, tools, and services in a standardized ...
The spam campaign is likely orchestrated by an Indonesian threat actor, based on code comments and the packages’ random names.
The post Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm appeared first on SecurityWeek.
Holiday shopping cybersecurity is a B2B issue. Learn how continuous password monitoring protects against credential threats.
The post The Holiday Shopping Is a Stress Test for Password Security appeared first on Security Boulevard.
As email remains the top vector for cyberattacks, the sophistication and scale of phishing tactics continue to evolve—often faster than traditional defenses can keep up. That’s why GigaOm’s 2025 Anti-Phishing Radar Report has become a ...
If you’ve been in the security universe for the last few decades, you’ve heard of the OWASP Top Ten. It’s a list of 10 security problems that we move around every year and never really solve. Oh sure, there are a few things we’ve made ...
本文探討 GitLab 的安全掃描策略,涵蓋多語言支援、分析器選擇、Pipeline ...
The UK’s national healthcare system is working with the country’s National Cyber Security Centre to investigate the incident.
The post NHS Investigating Oracle EBS Hack Claims as Hackers Name Over 40 Alleged Victims appeared first on ...
Tracked as CVE-2025-9242 (CVSS score of 9.3), the flaw leads to unauthenticated, remote code execution on vulnerable firewalls.
The post Critical WatchGuard Firebox Vulnerability Exploited in Attacks appeared first on SecurityWeek.
The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch (May 24, 2004)
From the vantage point of today, it’s surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The ...
