Application Security News and Articles
The OpenEoX model proposes a shared data format that can be integrated into SBOMs, security advisories, and other ecosystem tools.
The post Tech Giants Propose Standard For End-of-Life Security Disclosures appeared first on SecurityWeek.
Tom Sheehan (Hurricane Labs Director of Cybersecurity Consulting and Compliance) attended the inaugural Horizon3 Global Partner summit last week. This event brought together the brightest minds and boldest innovators in cybersecurity for a ...
MCP tools are implicated in several new attack techniques. Here's a look at how they can be manipulated for good, such as logging tool usage and filtering unauthorized commands.
Background
Over the last few months, there has been a lot of ...
Author/Presenter: Brandon Pinzon
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; ...
Frankfurt, Apr.30, 2025, CyberNewswire – Link11, DOSarrest, and Reblaze have combined their strengths into a single, integrated platform with a new brand identity. The result: a consistent user experience, maximum efficiency, and seamless ...
An illicit npm package called 'crypto-encrypt-ts' may appear to revive the unmaintained but vastly popular CryptoJS library, but what it actually does is peek into your crypto wallet and exfiltrate your secrets to threat actors.
The post Revived ...
Ridge Security announced RidgeSphere, a centralized management platform designed to simplify the orchestration of multiple RidgeBot , the AI-powered automated security validation platform, across client environments. Built for Managed Security ...
RSAC 2025 Conference is taking place at the Moscone Center in San Francisco. Help Net Security is on-site, and this gallery takes you inside the event. The featured vendors are: PowerDMARC, Skyhawk Security, ThreatLocker, Stellar Cyber, Center ...
You've been at HYPR for six years. Why is now the right time for this expanded role and for HYPR's next chapter?
Doug: Timing is everything. It's the one thing you can't manufacture in this industry. You’re either too early, too late, or you ...
Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise AirPlay-enabled devices developed and sold by Apple and by other companies. ...
Edgescan’s 2025 Vulnerability Statistics Report explores risk density patterns across network/device and application layers, uncovers complex vulnerabilities that automated tools consistently miss, and evaluates the real-world effectiveness ...
Traditional approaches to cloud access rely on static, permanent permissions that are often overprivileged. Learn how just-in-time access completely changes the game.
The access challenge in modern cloud environments
As cloud adoption ...
As April 2025 drew to a close, it left a string of high-profile data breaches in its wake, rattling major organizations. Yale New Haven Health saw 5.5 million patient records...
The post Top Data Breaches in April 2025 That Made The Headlines ...
Organizations that assume secrets protection is solely about scanning public repositories and codebases for API keys, passwords, and tokens may be overlooking a major blind spot.
The post Secrets leaks increase — and expand beyond the codebase ...
Hundreds of companies are showcasing their products and services this week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 Announcement Summary (Day 2) appeared first on SecurityWeek.
Emails purportedly sent by rental property management firms are being used to steal money from people in France and Canada, Proofpoint researchers have warned. A BEC scam preying on renters “Most campaigns are sent from compromised ...
Starting May 5, 2025, Microsoft enforces strict sender requirements. Emails from domains sending over 5,000 messages per day must pass SPF, DKIM, and DMARC checks.—or face the 550 5.7.15 Access Denied error.
The post Microsoft Sender ...
Meta has released new Llama protection tools to help the open source AI community build more secure applications.
The post Meta Releases Llama AI Open Source Protection Tools appeared first on SecurityWeek.
France says the Russian state-sponsored group APT28 is responsible for targeting or compromising a dozen French entities.
The post France Blames Russia for Cyberattacks on Dozen Entities appeared first on SecurityWeek.
Legit Security has unveiled new functionalities that leverage AI to help security teams more quickly shore up gaps in their AppSec programs. Specifically, Legit now leverages AI to drive advanced discovery for code-to-cloud correlation, increased ...
