Application Security News and Articles
How Does NHI Management Contribute to a Relaxed Security Stance? Can machine identities bring tranquility to your cybersecurity? InUnderstanding and managing Non-Human Identities (NHIs) can indeed create a calmer security environment for ...
Strengthen Fiserv’s card fraud defense with Enzoic BIN Monitoring—real-time dark web alerts that help stop fraud before it starts.
The post Closing the Card Fraud Detection Gap appeared first on Security Boulevard.
The enterprise IT perimeter dissolved years ago, taking with it any illusion that security teams can dictate which applications employees use or which devices they work from. Today’s reality: employees install applications freely, work from ...
AttackIQ presents the fifth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to ...
The security research team at JFrog, a provider of a platform for building and deploying software, have discovered a critical vulnerability in a node package manager (NPM) found in tools used by application developers that enable unauthenticated ...
SESSION
Session 2B: Web Security
Authors, Creators & Presenters: He Shuang (University of Toronto), Lianying Zhao (Carleton University and University of Toronto), David Lie (University of Toronto)
PAPER
Duumviri: Detecting Trackers and Mixed ...
DataDome strengthens its AWS partnership with three new Competencies, delivering real-time bot and agent trust management across key industries.
The post DataDome Earns Three New AWS Competencies appeared first on Security Boulevard.
Fraud is Starting Earlier, Scaling Faster, and Blurring the Line Between Human and Bots
The post Holiday Fraud Trends 2025: The Top 5 Cyber Threats to Watch This Season appeared first on Security Boulevard.
Introduction In the rapidly evolving cyber-threat landscape, traditional signature-based defences are no longer sufficient. Threat actors increasingly use stealth, lateral movement, encrypted channels, zero-day exploits and insider tactics. To ...
SESSION
Session 2B: Web Security
Authors, Creators & Presenters: Maria Hellenthal (CISPA Helmholtz Center for Information Security), Lena Gotsche (CISPA Helmholtz Center for Information Security), Rafael Mrowczynski (CISPA Helmholtz Center ...
Tenable researchers discovered seven vulnerabilities, including ones affecting the latest GPT model.
The post Researchers Hack ChatGPT Memories and Web Search Features appeared first on SecurityWeek.
Your data tells a story — if you know how to connect the dots. Every organization holds thousands of identity touchpoints: employee credentials, customer accounts, vendor portals, cloud logins. Each one is a potential doorway for attackers. But ...
A few years ago, Puppeteer stealth was one of the most popular tools in the automation and scraping ecosystem. Built as a plugin system on top of Puppeteer, it made automated browsers harder to detect by patching obvious fingerprinting artifacts. ...
Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass authentication, compromise vulnerable installations, and elevate privileges to ...
A visual, developer-friendly explainer on how SCIM brings automated lifecycle management to AI agents and agentic applications—onboarding, access sync, auditing, and deprovisioning.
The post How SCIM Helps Automate User Provisioning for AI ...
4 min readRenee Guttmann has led security at some of the world’s most recognized brands, including Coca-Cola, Royal Caribbean, Time Warner, and Campbell Soup Company. Over a career that spans multiple decades, she’s built and rebuilt ...
Ping Identity announced “Identity for AI,” a new solution designed to secure the world of AI agents. As organizations embrace agentic AI to boost productivity and commerce, Ping Identity is redefining how enterprises enable this new ...
The investment will fuel the development of Truffle’s enterprise-grade secrets detection, verification, and remediation platform.
The post Truffle Security Raises $25 Million for Secret Scanning Engine appeared first on SecurityWeek.
Team Cymru announced RADAR, a new real-time discovery module designed to give threat analysts visibility into all internet-facing infrastructure, whether known or unknown, without waiting on asset inventories, third-party scans, or ...
Incident responders from Mandiant have wrapped up their investigation into the SonicWall cloud backup service hack, and the verdict is in: the culprit is a state-sponsored threat actor (though the specific nation wasn’t disclosed). “[The ...
