Application Security News and Articles
AI-Driven Security Threats: Moving Beyond the Hype Security does a great job of sensationalizing attacks. This trend was set from a perspective of awareness and edge cases which the industry deals with as attacks and realized perspectives. While ...
Next week our founder Simon Moffatt will be hosting two panels at the Future Identity Festival in London. The two day event hosted an array of stages focused on financial services and fraud, identity and access management and fintech solutions ...
Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE's major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft ...
The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks.
The post Data Exposure Vulnerability Found in Deep Learning Tool Keras appeared first on SecurityWeek.
ClickFix prompts typically contain instructions for Windows users, but now they are tailored for macOS and they are getting increasingly convincing.
The post ClickFix Attacks Against macOS Users Evolving appeared first on SecurityWeek.
Anchore Enterprise 5.23 adds CycloneDX VEX and VDR support, completing our vulnerability communication capabilities for software publishers who need to share accurate vulnerability context with customers. With OpenVEX support shipped in 5.22 and ...
Learn how Nevada refused to pay ransom after a 2025 cyberattack, restoring systems in 28 days—and what this reveals about ransomware readiness and policy.
The post Doubling Down in Vegas: The High-Stakes Question of Whether to Pay appeared ...
Turn your editor into a quiet, relentless security reviewer.Continue reading on Medium »
Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware infection. Push Security has spotted one of these pages, showing an ...
As businesses grapple with the security challenges of protecting their data in the cloud, several security strategies have emerged to safeguard digital assets and ensure compliance. One such security strategy is called zero-trust ...
Google’s acquisition of Wiz is expected to close in 2026, but there are other reviews that need to be cleared.
The post DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz appeared first on SecurityWeek.
The Congressional Budget Office confirmed it had been hacked, potentially disclosing important government data to malicious actors.
The post The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures appeared ...
Smart buildings face rising IoT cyber threats. Learn how simulations, AI, and red or purple teaming can strengthen defenses and improve incident response.
The post Simulating Cyberattacks to Strengthen Defenses for Smart Buildings appeared ...
An out-of-bounds write flaw in WebGPU tracked as CVE-2025-12725 could be exploited for remote code execution.
The post Chrome 142 Update Patches High-Severity Flaws appeared first on SecurityWeek.
Multiple state-sponsored Russian groups are targeting Ukrainian entities and European countries linked to Ukraine.
The post Destructive Russian Cyberattacks on Ukraine Expand to Grain Sector appeared first on SecurityWeek.
What is Domain Hijacking? Domain hijacking, also referred to as domain theft, refers to the act where the registrant of a domain name has their domain name taken over without their permission. This happens when a hacker somehow gets into the ...
Between 2016 and 2021, the suspects defrauded 4.3 million cardholders in 193 countries of €300 million (~$346 million).
The post 18 Arrested in Crackdown on Credit Card Fraud Rings appeared first on SecurityWeek.
WHAT IS SSL STRIPPING? SSL stripping is an attack in which an unauthorized party downgrades the connection security from HTTPS to HTTP. It takes advantage of weak spots in the process of migrating people from HTTP and HTTPS to HTTPs, allowing the ...
Increase by 61%! Yes, nearly 2/3rd of organizations experienced a cloud security incident in 2025, a significant increase compared to 2024. 85% of organizations now identify security as the biggest challenge in cloud computing. These facts ...
Tufin announced Tufin Orchestration Suite (TOS) R25-2. The R25-2 release delivers expanded visibility, automation, and stronger security controls, enabling organizations to strengthen their security posture while simplifying operations across ...
