Application Security News and Articles
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-352A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Play Ransomware ...
Recently, Google announced that starting August 1, 2025, the Google Chrome browser will no longer trust TLS certificates issued by Chunghwa Telecom and Netlock Certificate Authorities (CAs). According to Google, the decision follows a pattern of ...
If your tools can’t see what’s happening inside your apps and application programming interfaces (APIs), they can’t stop breaches. And the truth is, perimeter and endpoint tools were never designed to detect the real mechanics of modern ...
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
Permalink
The post Randall Munroe’s XKCD ‘Neighbor-Source Heat Pump’ appeared first on Security Boulevard.
Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have discovered. “Proofpoint’s research indicates that while simulated ...
The Legacy Security Dilemma: Essential, Irreplaceable — and Exposed Despite the momentum of digital transformation, legacy systems remain integral to many operational environments — and not without reason. These systems often support ...
Citizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims.
The post Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones appeared first on ...
Author/Presenter: Perri Adams
Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton ...
For decades, the CIA Triad of Confidentiality, Integrity, and Availability has been the bedrock framework of information security. While it serves as a conceptual guiding light, its simplicity and vagueness leave room for a tremendous amount of ...
AI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up.
The post The AI Arms Race: Deepfake Generation vs. Detection appeared ...
The LockBit ransomware-as-a-service (RaaS) operation has netted around $2.3 million USD within 5 months, the data leak stemming from the May 2025 hack of a LockBit affiliate panel has revealed. From that sum, the operators took their 20% cut ...
Stepping into a time machine and traveling back to the past, during the last half of my nearly 20 year career at MITRE I served in a variety of roles that spanned the evolution of MITRE ATT&CK®. I started as a detection engineer / hunter ...
Tamnoon launched Managed CDR (Cloud Detection and Response), a managed service designed to validate, contextualize, and respond to cloud security alerts. Built on AWS and launching with Wiz Defend, Amazon GuardDuty, CrowdStrike Falcon, and Orca ...
I. The Promise and the Paradox of Zero Trust Zero Trust has emerged as a cornerstone of modern cybersecurity strategy. Its core principle, “never trust, always verify”, has gained traction...
The post Why Zero Trust Fails in the Real World ...
Hirundo tackles AI hallucinations and bias by making trained models “forget” poisoned, malicious, and confidential data.
The post Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior appeared first on SecurityWeek.
Chainguard provides hardened, zero-CVE container images (Chainguard Containers) that enable companies to achieve speed, security and scalability. Now, through a strategic partnership between Azul and Chainguard, Chainguard will build from ...
In this Help Net Security interview, Joni Klippert, CEO of StackHawk, discusses why API visibility is a major blind spot for security teams, how legacy tools fall short, and how StackHawk identifies risky APIs and sensitive data directly from ...
As large language model (LLM) applications mature, the line between model performance and model vulnerability continues to blur.
The post LLM vector and embedding risks and how to defend against them appeared first on Security Boulevard.
The new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data.
The post New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches appeared first on SecurityWeek.
As quantum computing threatens to undermine today’s cryptographic standards, organizations must move quickly to achieve crypto-agility and secure their software supply chains. This blog post explores how a Cryptography Bills of Materials (CBOM) ...
