Application Security News and Articles
Perforce Software announced its latest platform update for Puppet Enterprise Advanced, designed to streamline DevSecOps practices and fortify enterprise security postures. This release incorporates more advanced and proactive remediation options, ...
A practical guide to maximizing the short- and long-term benefits of your upcoming OSCP exam attempt(s).
Disclaimer:
All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s ...
As AI agents transform enterprise technology, two critical protocols are emerging as industry standards: Anthropic's MCP for connecting AI to data sources and Google's A2A for agent collaboration. This analysis breaks down how these frameworks ...
1Password today extended the reach of its Extended Access Management (XAM) platform to include an ability to secure artificial intelligence (AI) agents.
The post 1Password Extends Reach of IAM Platform to AI Agents and Unmanaged Devices appeared ...
Ketch launched Data Sentry, a frontend data map for detecting website privacy risks. Designed for privacy and security teams, Data Sentry provides real-time visibility into website data flows—pinpointing hidden vulnerabilities before they lead ...
Simbian's industry-first AI SOC Hackathon Championship has concluded, bringing with it an exciting glimpse into the future of cybersecurity operations.
The post Augmented, Not Replaced – Humans Outpace AI in Simbian’s SOC Hackathon ...
Tenable Research discovered a privilege-escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ConfusedComposer. The vulnerability could have allowed an identity with permission ...
Why Enzoic Delivers Enterprise-Grade Continuous Credential Monitoring Helpful for Individuals, Not Enough for Enterprises In recent years, free services like Have I Been Pwned (HIBP) have helped raise awareness around the dangers of password ...
Disposable email addresses are temporary inboxes that allow users to receive messages without linking the address to a long-term identity. Unlike Gmail or Outlook, which are built for ongoing use and personal association, disposable email ...
Proofpoint has unveiled the global availability of Proofpoint Prime Threat Protection, the human-centric cybersecurity solution that brings together previously disparate critical threat defense capabilities—protection against multistage attacks ...
A vulnerability in SSL.com has resulted in nearly a dozen certificates for legitimate domains being wrongly issued.
The post SSL.com Scrambles to Patch Certificate Issuance Vulnerability appeared first on SecurityWeek.
There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server based on the Erlang/OTP SSH library are ...
Phishing attacks are not only more frequent but also more sophisticated, leveraging AI to craft highly convincing messages that bypass traditional security measures.
The post Beyond Firewalls: Why Phishing Demands a People-First, ...
A survey of 420 responses from IT and security professionals finds 86% now view securing software-as-a-service (SaaS) applications as a top priority, with more than three-quarters (76%) having increased budget allocations.
The post Survey ...
Hopper has emerged from stealth mode with a solution designed to help organizations manage open source software risk.
The post Open Source Security Firm Hopper Emerges From Stealth With $7.6M in Funding appeared first on SecurityWeek.
Security researchers detail various malware campaigns that use bulletproof services linked to Proton66 ASN.
The post Many Malware Campaigns Linked to Proton66 Network appeared first on SecurityWeek.
A sophisticated phishing campaign abuses weakness in Google Sites to spoof Google no-reply addresses and bypass protections.
The post Legacy Google Service Abused in Phishing Attacks appeared first on SecurityWeek.
Transnational organized crime groups in East and Southeast Asia are spreading their lucrative scam operations across the globe, according to a UN report.
The post UN Researchers Warn That Asian Scam Operations Are Spreading Across the Rest of the ...
At the upcoming RSAC 2025 Conference in San Francisco, Stellar Cyber will unveil the next evolution of modern SecOps: the human-augmented Autonomous SOC, powered by its breakthrough Agentic AI framework. See the human-augmented Autonomous SOC in ...
Bell Ambulance and Alabama Ophthalmology Associates have suffered data breaches affecting over 100,000 people after being targeted in ransomware attacks.
The post Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000 ...
