Application Security News and Articles
Yesterday's headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today. Overnight, ...
The US government's cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational.
The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek.
The 2025 PyPI supply chain attack is a stark reminder of just how vulnerable cloud ecosystems remain to sophisticated, stealthy, and evolving threats.
The post Why the 2025 PyPI Attack Signals a New Era in Cloud Risk appeared first on Security ...
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for ...
This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new ...
IntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several ...
Author/Presenter: Brian Reilly
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and ...
In every HTTP request, the user agent header acts as a self-declared identity card for the client—typically a browser—sharing information about the software and platform supposedly making the request. It usually includes details like the ...
These are “interesting” times: U.S. government funding for the Common Vulnerabilities and Exposures program expires April 16.
The post MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’ appeared first on Security Boulevard.
Top-ranked mobile apps found using hardcoded keys and exposed cloud buckets.
The post Many Mobile Apps Fail Basic Security—Posing Serious Risks to Enterprises appeared first on SecurityWeek.
Entrust announced the Entrust Cryptographic Security Platform, a unified, end-to-end cryptographic security management solution for keys, secrets, and certificates. Cyberattacks on data security and identity systems are exploding in scale and ...
Shield Capital leads a $9 million seed-stage funding round for Israeli startup building technologies for AI security and privacy guardrails.
The post Pillar Security Banks $9M for AI Security Guardrails appeared first on SecurityWeek.
The Trump Administration is ending funding for MITRE's crucial CVE database program, a move that promises to hobble cybersecurity efforts around the world. However, CVE Board members introduce a new nonprofit organizations free of government ...
APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. Cozy Bear uses wine-tastings and dinners as a lure In early 2024, Zscaler ...
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.
Background
On April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. ...
Struggling with proprietary identity solutions? This comprehensive guide explores how open source CIAM platforms offer enterprises transparency, flexibility, & cost control while maintaining robust security. Compare leading solutions and ...
Palo Alto, California, 16th April 2025, CyberNewsWire
The post SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions appeared first on Security Boulevard.
Cyware has added Compromised Credential Management to the Cyware Intel Packaged Solution, a pre-configured threat intelligence program-in-a-box that enables security teams to operationalize threat intelligence faster by eliminating complex ...
The Rhysida ransomware gang claims to have stolen 2.5 Tb of files from the Oregon Department of Environmental Quality.
The post Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial appeared first on SecurityWeek.
In recent attacks, the state-sponsored backdoor BPFDoor is using a controller to open a reverse shell and move laterally.
The post Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild appeared first on SecurityWeek.
