Application Security News and Articles
Learn how SonarQube detected a Cross-Site Scripting (XSS) vulnerability in Grafana, a popular open-source data observability platform.
The post Data in Danger: Detecting Cross-Site Scripting in Grafana appeared first on Security Boulevard.
As RSAC 2025 convenes next week in San Francisco, digital trust is poised to take center stage.
Related: PKI and the IoT cloud
One quiet but consequential development now taking root in the financial sector could prove pivotal: the emergence … ...
The latest Verizon DBIR landed this week with a startling statistic about the security posture of VPNs and network edge devices.
The post Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances appeared first on SecurityWeek.
HYCU introduces R-Shield to provide comprehensive cyber resilience across SaaS, cloud, and on-premises environments as organizations face growing supply chain attacks.
The post HYCU Tackles SaaS Data Protection With New R-Shield Solution appeared ...
Organizations must avoid relying solely on traditional backups because ransomware attacks are occurring more often and becoming more expensive and complex.
The post Beyond Backups: Building a Ransomware Response Playbook That Works appeared first ...
Most corporate leaders now agree that cybersecurity is a vital business function. But dig deeper and their reasons for saying so may differ. Cyber is often still viewed primarily through a lens of minimizing business risk, rather than enabling ...
The lines between IT security and IT operations are blurring—and for good reasons. Historically, these functions operated in silos: operations focused on performance, uptime and infrastructure health, while security zeroed in on threats, ...
Microsoft synchronization capabilities for managing identities in hybrid environments are not without their risks. In this blog, Tenable Research explores how potential weaknesses in these synchronization options can be exploited.
Synchronizing ...
Push Security has raised $30 million in Series B funding to scale its browser-based identity security platform.
The post Push Security Raises $30 Million in Series B Funding appeared first on SecurityWeek.
AttackIQ Academy Enterprise is our answer to this challenge. This new solution gives security leaders clear visibility into their employees’ learning progress through an interactive dashboard displaying comprehensive training metrics and ...
AppViewX has announced the launch of the AVX ONE Post-Quantum Cryptography (PQC) Assessment Tool that generates a Cryptographic Bill of Materials and PQC readiness score. By scanning code, dependencies, configurations and certificates in ...
As cyber threats in healthcare continue to evolve, GitGuardian strengthens its commitment to the sector by joining Health-ISAC and offering members enhanced secrets detection capabilities to protect sensitive data.
The post GitGuardian Joins ...
CTEM consistsof multiple processes to help organizations scope, discover, prioritize, validate, and mobilize to mitigate risk. It also includes capabilities like Threat-Informed Defense (TID) and Breach and Attack Simulation (BAS) that work ...
If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been upgraded to patch a critical vulnerability ...
AI-powered threat prevention company Augur (rebranded from SecLytics) has raised $7 million in seed funding.
The post SecLytics Rebrands as Augur Security, Raises $7M in Seed Funding appeared first on SecurityWeek.
DirectDefense has launched DirectDefense Security Essentials, a fully managed, subscription-based security program purpose-built for small to mid-sized businesses (SMBs). With Security Essentials, DirectDefense is addressing the critical security ...
Skyhawk Security is adding new protection for custom-built cloud applications. The company announced the update to its AI-powered Autonomous Purple Team for RSAC 2025 Conference, which starts April 28 in San Francisco. The AI-based purple team ...
Combined with AI, polymorphic phishing emails have become highly sophisticated, creating more personalized and evasive messages that result in higher attack success rates.
The post AI-Powered Polymorphic Phishing Is Changing the Threat Landscape ...
The FBI received roughly 860,000 complaints of malicious activity in 2024, with reported losses exceeding $16.6 billion.
The post FBI: Cybercrime Losses Surpassed $16.6 Billion in 2024 appeared first on SecurityWeek.
Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024. Key trends and insights In 2024, Mandiant handled more incidents in the financial sector than in ...
