Application Security News and Articles
At the end of Star Wars: A New Hope, Luke Skywalker races through the Death Star trench, hearing the ghostly voice of Obi-Wan Kenobi telling him to trust him. Luke places blind trust in an intangible energy that surrounds him, he defeats Darth ...
Falco is an open-source runtime security tool for Linux systems, built for cloud-native environments. It monitors the system in real time to spot unusual activity and possible security threats. Falco is a graduated project from the Cloud Native ...
A new report from Living Security and the Cyentia Institute sheds light on the real human element behind cybersecurity threats, and it’s not what most organizations expect. The Risky Business: Who Protects & Who Puts You at Risk report ...
Virtual event brings together leading experts, practitioners, and innovators for a full day of insightful discussions and tactical guidance on evolving threats and real-world defense strategies in cloud security.
The post Virtual Event Preview: ...
Obfuscated JavaScript code is embedded within SVG files for browser-native redirection to malicious pages.
The post Threat Actors Use SVG Smuggling for Browser-Native Redirection appeared first on SecurityWeek.
You don’t always need a vulnerable app to pull off a successful exploit. Sometimes all it takes is a well-crafted email, an LLM agent, and a few “innocent” plugins. This is the story of how I used a Gmail message to trigger code execution ...
NETSCOUT announced Adaptive Threat Analytics, a new enhancement to its Omnis Cyber Intelligence Network Detection and Response (NDR) solution, designed to improve incident response and reduce risk. Adaptive Threat Analytics enables security teams ...
A hacker accessed the X account of beloved Sesame Street character Elmo, which included racist and antisemitic posts and a foul tirade about Trump and Jeffrey Epstein. The incident came a week after xAI's Grok chatbot spewed antisemitic and white ...
Palo Alto Networks today extended its alliance with Okta to provide deeper integrations to enable cybersecurity teams to restrict which applications can be accessed from a secure browser.
The post Palo Alto Networks Extends Zero-Trust Alliance ...
UEFI firmware running on 100+ Gigabyte motherboard models is affected by memory corruption vulnerabilities that may allow attackers to install persistent and difficult-to-detect bootkits (i.e., malware designed to infect the computer’s boot ...
F5 announced new tools to reduce the immense complexity cross-functional operations (XOps) teams face in managing hybrid, multicloud, and AI-driven application environments. F5 AI Assistant now provides a single natural language interface across ...
Cloudflare has published its quarterly DDoS threat report for Q2 2025 and the company says it has blocked millions of attacks.
The post DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total appeared first on SecurityWeek.
Pennsylvania-based Century Support Services is disclosing a data breach after its systems were hacked in November 2024.
The post Data Breach at Debt Settlement Firm Impacts 160,000 People appeared first on SecurityWeek.
Fingerprint announced new Smart Signals and platform enhancements that detect malicious bots and AI agents, distinguishing them from legitimate automated traffic. As agentic commerce experiences explosive growth and autonomous AI agents become ...
At-Bay launched its new Managed Extended Detection and Response (MXDR) platform, designed to give mid-market and small businesses access to enterprise-grade cybersecurity at an affordable cost. Spanning endpoint, cloud, identity, and email, ...
Pentera has introduced a capability to uncover and validate risk exposure from data in Git repositories. Pentera now discovers repositories linked to the organization, identifies embedded credentials, tokens, and other sensitive data, and ...
A new report from AppOmni captures a significant misplaced confidence in the security of software-as-a-service applications and escalating risks associated with these cloud services.
The post The SaaS Security Disconnect: Why Most Organizations ...
AsyncRAT is an open-source remote access trojan that first appeared on GitHub in 2019. It includes a range of typical RAT capabilities, such as keylogging, screen capture, credential theft, and more. Its simplicity and open-source design have ...
Zip Security’s Series A funding round led by Ballistic Ventures will help the company grow its engineering and go-to-market teams.
The post Zip Security Raises $13.5 Million in Series A Funding appeared first on SecurityWeek.
DragonForce says it stole more than 150 gigabytes of data from US department store chain Belk in a May cyberattack.
The post Ransomware Group Claims Attack on Belk appeared first on SecurityWeek.
