Application Security News and Articles
Check out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity ...
CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers. Sonicwall confirmed it by updating the original security advisory to reflect the new state of play, and by ...
Noteworthy stories that might have slipped under the radar: 4chan hacked, auto-reboot security feature coming to Android, Iranian administrator of Nemesis charged in US.
The post In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin ...
Data protection firm Cy4Data Labs has raised $10 million in a Series A funding round led by Pelion Venture Partners.
The post Cy4Data Labs Raises $10 Million to Secure Data in Use appeared first on SecurityWeek.
Legends International says the personal information of employees and customers was compromised as a result of a cyberattack.
The post Live Events Giant Legends International Hacked appeared first on SecurityWeek.
In today's complex threat landscape, gut feelings and disparate risk scores are no longer sufficient for effective cyber risk management. Organizations need concrete, data-driven insights to make informed decisions, prioritize security ...
Ahold Delhaize has confirmed that data was stolen from its systems in November 2024 after a ransomware group claimed the attack.
The post Ahold Delhaize Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek.
For most MSPs, Security Awareness Training (SAT) is an unavoidable part of the service stack, but let’s be honest, it often feels more like a recurring project than a meaningful security strategy.
The post Reimagining SAT For MSPs: From Static ...
A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions.
The post Fresh Windows NTLM Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Overview On April 16, 2025, NSFOCUS CERT detected that Oracle officially released the Critical Patch Update (CPU) for April. A total of 390 vulnerabilities with different degrees were fixed this time. This security update involves Oracle MySQL ...
PKWARE announced its quantum readiness assessment and encryption capabilities to help organizations protect sensitive data from quantum computing threats. Quantum computing is no longer theoretical—it is becoming a powerful reality with the ...
Credential stuffing is a pervasive and increasingly sophisticated cyberattack that exploits the widespread habit of password reuse among users. By […]
The post Understanding Credential Stuffing: A Growing Cybersecurity Threat appeared first on ...
Medusa: Its operations, the main factor driving its recent resurgence, which has led to warnings issued by global authorities, its targets and why it’s so dangerous.
The post Medusa Ransomware: Inside the 2025 Resurgence of One of the ...
Phone theft is now commonplace in London. The Met Police recently revealed that it seizes 1,000 stolen phones weekly as it cracks down on organized criminal networks driving the £50 million trade. Nationally, cases have doubled to 83,900 ...
Using high availability (HA) clustering to test patches and updates more easily and to apply them in production environments with near-zero application downtime.
The post Unlocking Near-Zero Downtime Patch Management With High Availability ...
In this Help Net Security interview, Dr. Dag Flachet, co-founder at Codific, explains what the Cyber Resilience Act (CRA) means for companies and how it compares to GDPR in terms of regulatory complexity and impact on organizations. He discusses ...
If we want privacy, trust and resilience in our digital infrastructure, tokenization is no longer optional. It’s essential.
The post The Urgent Need for Tokenizing Personally Identifiable Information appeared first on Security Boulevard.
Should we negotiate? Should we pay? These are the questions every organization faces when cybercriminals lock their data. By the time attackers have encrypted your systems, the focus shifts from prevention to response. It’s no longer about ...
The digital world is crumbling, and conventional vulnerability management alone is not enough to defend your organization against the unannounced cyber threats. Identifying the flaws present within your organizational platforms and patching them ...
Rise in accessible AI tools significantly lowered the barrier to entry for cyber attackers, enabling them to create and deploy malicious bots at scale, according to Thales. Automated bot traffic surpassed human-generated traffic for the first ...
