Application Security News and Articles
With RSAC kicking off next week, the conversation is shifting—literally. Cybersecurity pros are rethinking how “shift left” applies not just to code, but to enterprise risk.
Related: Making sense of threat detection
In this Fireside Chat, I ...
Bitwarden launched Access Intelligence, a set of new capabilities that enables enterprises to proactively defend against internal credential risks and external phishing threats. Access Intelligence introduces two core functionalities: Risk ...
ExtraHop launched all-in-one sensor designed to unify network traffic collection that scales across a number of security use cases. This further advances ExtraHop’s vision to consolidate NDR, network performance monitoring (NPM), intrusion ...
Cybersecurity awareness training platform Pistachio has raised $7 million in a Series A funding round led by Walter Ventures.
The post Pistachio Raises $7 Million for Cybersecurity Training Platform appeared first on SecurityWeek.
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault (CVE-2025-3928), Active! Mail (CVE-2025-42599), and Broadcom Brocade ...
This is the first release in a new Castle series highlighting email domains associated with fraudulent activity. Our goal is to provide visibility into email infrastructure commonly abused by bots and fraudsters, so that security teams can ...
Browser security firm LayerX has raised $11 million in a Series A funding round extension led by Jump Capital.
The post LayerX Raises $11 Million for Browser Security Solution appeared first on SecurityWeek.
More than 30 companies announced a total of $1.7 billion in funding in weeks leading up to the industry’s largest gathering.
The post Cybersecurity Firms Raise Over $1.7 Billion Ahead of RSA Conference 2025 appeared first on SecurityWeek.
The number of exploited zero-days seen by Google in 2024 dropped to 75, from 98 observed in the previous year.
The post Google Tracked 75 Zero-Days in 2024 appeared first on SecurityWeek.
The “cyber incident” that British multinational retailer Marks & Spencer has been struggling with for over a week is a ransomware attack, multiple sources have asserted. The Telegraph’s sources say ransomware was deployed ...
Hundreds of companies are showcasing their products and services this week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 Announcements Summary (Day 1) appeared first on SecurityWeek.
Dummy description for placeholder page, Dummy description for placeholder page.
The post Dummy Title appeared first on Security Boulevard.
More than 400 SAP NetWeaver servers are impacted by CVE-2025-31324, an exploited remote code execution vulnerability.
The post Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Attacks appeared first on SecurityWeek.
Articles related to cyber risk quantification, cyber risk management, and cyber resilience.
The post Kovrr Launches First-Ever CRQ-Powered Cyber Risk Register appeared first on Security Boulevard.
In his recent post, our CEO, Eyal Benishti, sounded the phishing alarm for all to hear. The message? The traditional foundation of digital business communication, trust, is collapsing under the weight of AI-driven attacks.
The post Phishing 3.0: ...
Nisos
Assessment of DPRK IT Worker Tradecraft | Nisos Research 2025
Since early 2023 Nisos has been investigating and monitoring North Korean (DPRK) IT workers, who use fake personas and stolen identities to fraudulently obtain remote ...
Aqua Security has unveiled the next phase of its AI security strategy with the introduction of Secure AI, full lifecycle security from code to cloud to prompt. These new capabilities secure AI applications through the development process and into ...
by Source Defense On a recent Source Defense roundtable, seasoned QSAs gathered to discuss the latest PCI DSS 4.0.1 updates—specifically requirements 6.4.3 and 11.6.1—and how organizations should respond. What followed was a frank, practical, ...
CISA urges immediate patching for recently disclosed Broadcom, Commvault, and Qualitia vulnerabilities exploited in the wild.
The post CISA Warns of Exploited Broadcom, Commvault Vulnerabilities appeared first on SecurityWeek.
Varonis announced always-on AI risk defense that continuously identifies data exposure in real time, flags violations, and automatically fixes issues before they can become data breaches. In organizations with poor data security posture, ...
