Application Security News and Articles
The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in the ...
A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes.
The post Critical Vulnerability Found in Apache Roller Blog Server appeared first on SecurityWeek.
In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads.
The post Microsoft Warns of Node.js Abuse for Malware Delivery appeared first on SecurityWeek.
Chrome 135 and Firefox 137 updates have been rolled out with patches for critical- and high-severity vulnerabilities.
The post Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities appeared first on SecurityWeek.
Oracle’s April 2025 Critical Patch Update contains 378 security patches that resolve approximately 180 unique CVEs.
The post Oracle Patches 180 Vulnerabilities With April 2025 CPU appeared first on SecurityWeek.
Major companies have agreed to gradually reduce the lifetime of TLS certificates over the next few years.
The post Internet Giants Agree to Reduce TLS Certificate Lifespan to 47 Days by 2029 appeared first on SecurityWeek.
DataDome conducted a security assessment of the UK's online driving test booking system and identified several vulnerabilities in the system’s protection mechanisms.
The post Alert: Security Gaps Allow Bots to Exploit UK Driving Test Booking ...
Shadow IT is reshaping enterprise risk. Learn which departments lead shadow SaaS adoption, why it’s growing, and how to gain control before security gaps widen.
The post Shadow IT in 2025: 5 Teams Most Likely to Use Shadow IT Apps appeared ...
Cardiovascular diseases (CVDs) remain the leading cause of morbidity and mortality worldwide, despite significant advancements in diagnosis and treatment. However, the integration of artificial intelligence...Read More
The post How Predictive AI ...
Cato Networks introduced GenAI security controls for Cato CASB (Cloud Access Security Broker). Cato CASB, a native feature in the Cato SASE Cloud Platform, is now enhanced with new capabilities for GenAI applications including a shadow AI ...
That AI has gotten much more proficient in social engineering is a revelation that's not surprising, but still sets alarm bells ringing.
The post In a Social Engineering Showdown: AI Takes Red Teams to the Mat appeared first on Security Boulevard.
A long, long time ago I can still remember How those CVEs would make me smile And I knew if I had my chance To patch a vuln or take a stance Maybe we’d be secure for a while But April ides made me shiver With each leaked memo and press release ...
NEC introduces Identity Cloud Service (ICS), a new identity verification solution to deliver streamlined, secure and cost-effective access management. Based on NEC’s biometric technology, ICS provides verification and search capabilities for ...
For CISOs, mergers and acquisitions (M&A) bring both potential and risk. These deals can drive growth, but they also open the door to serious cybersecurity threats that may derail the transaction. Strong due diligence, smart risk planning, ...
AI readiness in cybersecurity involves more than just possessing the latest tools and technologies; it is a strategic necessity. Many companies could encounter serious repercussions, such as increased volumes of advanced cyber threats, if they ...
MITRE’s Attack Flow project aims to translate complex cyber operations into a structured language. By describing how adversaries sequence and combine offensive techniques to reach their objectives, Attack Flow offers defenders, analysts, ...
By now, most CISOs agree: passwords are the weakest link in the authentication chain. They’re easy to guess, hard to manage, and constantly reused. Even the most complex password policies don’t stop phishing or credential stuffing. ...
Despite being present on virtually every employee’s browser, extensions are rarely monitored by security teams or controlled by IT, according to LayerX. Most extensions have access to sensitive data 99% of enterprise users have at least one ...
MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be ...
ADAMnetworks is excited to announce Wyo Support to the family of Licensed Technology Partners.
“After working with the various systems and technologies, there are few that compare with the protection that ADAMnetworks provides. It reduces ...
