Application Security News and Articles
Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent ...
Cloudflare has blocked yet another record-breaking DDoS attack, which delivered the equivalent of 9,000 HD movies in just 45 seconds.
The post Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider appeared first on SecurityWeek.
The phrase “alert fatigue” has become a mainstay in cybersecurity conversations. But behind the flood of findings, alerts, vulnerabilities, and compliance gaps lies a deeper problem: the security context crisis. Security teams aren’t just ...
Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud PCs are Azure (i.e., Windows 365 service)-hosted virtual Windows PCs ...
The Godfather Android trojan uses on-device virtualization to hijack legitimate applications and steal users’ funds.
The post Godfather Android Trojan Creates Sandbox on Infected Devices appeared first on SecurityWeek.
Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords.
The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek.
WhatsApp told SecurityWeek that it linked the exploited FreeType vulnerability CVE-2025-27363 to a Paragon exploit.
The post FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks appeared first on SecurityWeek.
Online scams are getting worse and more varied. DuckDuckGo knows that, so they’ve made changes. Their built-in Scam Blocker now stops more kinds of scam sites, all without tracking you. How Scam Blocker works (Source: DuckDuckGo) “If you ...
A threat actor is abusing Cloudflare Tunnels for the delivery of a Python loader as part of a complex infection chain.
The post Cloudflare Tunnels Abused in New Malware Campaign appeared first on SecurityWeek.
Companies with $1 billion in revenue or less might want to give a heads-up to HR to kickstart the search for a new CISO — because according to a study from IANS Research, your current CISO might be out the door within a year. The 363 CISOs in ...
Krispy Kreme is sharing more information on the data breach resulting from the ransomware attack targeting the company in 2024.
The post 161,000 People Impacted by Krispy Kreme Data Breach appeared first on SecurityWeek.
Managing certificates in-house using private CAs offers enterprises greater security, compliance, and long-term cost savings. With the shift toward shorter certificate lifespans and rising complexity in modern IT environments, public CAs often ...
Alright, let’s be honest — login systems are everywhere. From your favourite pizza delivery app to your office tools, every app asks you to Sign in with Google or Log in with Microsoft. Ever wondered how that works under the hood? That’s ...
Amazon Linux 2023 (AL2023) has earned FIPS 140-3 Level 1 validation for several of its cryptographic modules. This means it’s now approved for use in systems that need to meet U.S. and Canadian government standards for encryption. FIPS ...
We’ve officially entered the era of agentic AI—where systems do more than just follow instructions. These AI agents can now act autonomously, make decisions, execute tasks, and learn continuously from their interactions within digital ...
Personal data of former and current council workers, including election staff, may have been accessed by hackers.
The post Hackers Access Legacy Systems in Oxford City Council Cyberattack appeared first on SecurityWeek.
In this Help Net Security interview, Rob ter Linden, CISO at Signify, discusses priorities for CISOs working on IoT security, including the need for compliant infrastructure, easy device management, and preparing for future tech like quantum ...
Cold email still works in 2025—but only if done right. Learn best practices, deliverability tips, and how to secure your domain for real results.
The post Is Cold Email Still Effective in 2025? Best Practices for Outreach and Security appeared ...
95% of C-suite leaders say that GenAI is driving a new level of innovation in their organizations, according to NTT DATA. While CEOs and business leaders are committed to GenAI adoption, CISOs and operational leaders lack the necessary guidance, ...
Even security teams, the ones responsible for protecting the business, are adding to AI-related risk. A new survey by AI security company Mindgard, based on responses from over 500 cybersecurity professionals at RSAC 2025 Conference and ...
