Application Security News and Articles
Author/Presenter: Ezz Tahoun
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and ...
New research demonstrates cyberattacks on the application layer often evade the most common tools, Endpoint Detection and Response (EDR) and web application firewalls (WAFs). Contrast Labs spent several weeks testing several attack methods to ...
Apr 25, 2025 - Alan Fagan - Washington, D.C. — 25th April 2025 — FireTail, the leading AI & API security platform, has released its annual report, The State of AI & API Security 2025, revealing a critical blind spot in the way ...
One of the most critical elements of modern information security is encryption. Encryption is a complex field based solely on the arms race between people seeking secure ways to encode and encrypt data at rest and in transit and those seeking to ...
When we think about vishing (voice phishing), the usual suspects come to mind: fake refund scams impersonating Norton, PayPal, or Geek Squad.
The post New Spin on Vishing: Attackers Are Now Targeting Healthcare Appointments appeared first on ...
The North Korean hackers behind the Contagious Interview worker scam, which threat intelligence analysts have followed since late 2023, are now hiding behind three bogus crypto companies they created as fronts for their info- and crypto-stealing ...
You may have seen the “no-lift pencil” puzzles online — challenges that ask you to draw a shape without lifting your pencil or retracing any lines. I solved a few of these on our whiteboard at home, much to my kids’ amazement. Of course, ...
HiddenLayer this week disclosed its researchers have discovered a prompt injection technique that bypasses instruction hierarchy and safety guardrails across all the major foundational artificial intelligence (AI) models.
The post HiddenLayer ...
Don’t say ‘spyware’—21 million screenshots in one open bucket.
The post 200,000 Workers’ PII at Risk in WorkComposer S3 SNAFU appeared first on Security Boulevard.
SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible.
Background
On ...
As fractious as Congress has been for the better part of a decade, it did manage to pass the Cybersecurity Information Sharing Act in 2015. And now that it’s up for renewal, it seems prudent—no, necessary—that Congress unite to okay it once ...
Empower your MSP or MSSP with AI-driven cybersecurity. Discover how Seceon enables service providers to deliver scalable, automated threat detection and response across multi-tenant environments. Whether you’re a Managed Security Service ...
In today’s hyper-connected digital world, Cybersecurity for Service Providers have emerged as critical enablers of modern business operations. Whether it’s managed service providers (MSPs), managed security service providers (MSSPs), cloud ...
ICS and SCADA (supervisory control and data acquisition) networks were built as isolated systems, never meant to connect to the internet.
The post The Hidden Security Risk on Our Factory Floors appeared first on Security Boulevard.
In today’s rapidly evolving threat landscape, cybersecurity is no longer optional—it’s a necessity. Businesses of all sizes are seeking robust, scalable, and intelligent solutions that offer not only protection but also agility and ...
Venables has served as CISO and security executive across several large organizations, including Google Cloud, Goldman Sachs, Deutsche Bank.
The post Former Google Cloud CISO Phil Venables Joins Ballistic Ventures appeared first on SecurityWeek.
Discover how proper secure coding practices can prevent costly data breaches and vulnerabilities. This comprehensive guide covers essential security principles, OWASP Top 10 mitigations, and language-specific techniques that every developer needs ...
DataDome renews its SOC 2 Type 2 compliance for the 4th year, covering all core products, with zero exceptions noted and expanded audit visibility into 2025.
The post DataDome Successfully Renews Its SOC 2 Type 2 Compliance appeared first on ...
Lattica has raised $3.25 million in pre-seed funding for a platform that uses FHE to enable AI models to process encrypted data.
The post Lattica Emerges From Stealth With FHE Platform for AI appeared first on SecurityWeek.
Mandiant’s latest threat report shows how attackers adapt faster than defenses, shifting strategies toward credential theft and insider threats.
The post M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat appeared first on ...
