Application Security News and Articles
In every HTTP request, the user agent header acts as a self-declared identity card for the client—typically a browser—sharing information about the software and platform supposedly making the request. It usually includes details like the ...
These are “interesting” times: U.S. government funding for the Common Vulnerabilities and Exposures program expires April 16.
The post MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’ appeared first on Security Boulevard.
Top-ranked mobile apps found using hardcoded keys and exposed cloud buckets.
The post Many Mobile Apps Fail Basic Security—Posing Serious Risks to Enterprises appeared first on SecurityWeek.
Entrust announced the Entrust Cryptographic Security Platform, a unified, end-to-end cryptographic security management solution for keys, secrets, and certificates. Cyberattacks on data security and identity systems are exploding in scale and ...
Shield Capital leads a $9 million seed-stage funding round for Israeli startup building technologies for AI security and privacy guardrails.
The post Pillar Security Banks $9M for AI Security Guardrails appeared first on SecurityWeek.
The Trump Administration is ending funding for MITRE's crucial CVE database program, a move that promises to hobble cybersecurity efforts around the world. However, CVE Board members introduce a new nonprofit organizations free of government ...
APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. Cozy Bear uses wine-tastings and dinners as a lure In early 2024, Zscaler ...
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.
Background
On April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. ...
Struggling with proprietary identity solutions? This comprehensive guide explores how open source CIAM platforms offer enterprises transparency, flexibility, & cost control while maintaining robust security. Compare leading solutions and ...
Palo Alto, California, 16th April 2025, CyberNewsWire
The post SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions appeared first on Security Boulevard.
Cyware has added Compromised Credential Management to the Cyware Intel Packaged Solution, a pre-configured threat intelligence program-in-a-box that enables security teams to operationalize threat intelligence faster by eliminating complex ...
The Rhysida ransomware gang claims to have stolen 2.5 Tb of files from the Oregon Department of Environmental Quality.
The post Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial appeared first on SecurityWeek.
In recent attacks, the state-sponsored backdoor BPFDoor is using a controller to open a reverse shell and move laterally.
The post Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild appeared first on SecurityWeek.
The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in the ...
A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes.
The post Critical Vulnerability Found in Apache Roller Blog Server appeared first on SecurityWeek.
In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads.
The post Microsoft Warns of Node.js Abuse for Malware Delivery appeared first on SecurityWeek.
Chrome 135 and Firefox 137 updates have been rolled out with patches for critical- and high-severity vulnerabilities.
The post Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities appeared first on SecurityWeek.
Oracle’s April 2025 Critical Patch Update contains 378 security patches that resolve approximately 180 unique CVEs.
The post Oracle Patches 180 Vulnerabilities With April 2025 CPU appeared first on SecurityWeek.
Major companies have agreed to gradually reduce the lifetime of TLS certificates over the next few years.
The post Internet Giants Agree to Reduce TLS Certificate Lifespan to 47 Days by 2029 appeared first on SecurityWeek.
DataDome conducted a security assessment of the UK's online driving test booking system and identified several vulnerabilities in the system’s protection mechanisms.
The post Alert: Security Gaps Allow Bots to Exploit UK Driving Test Booking ...
