Application Security News and Articles
More details emerged on the ToolShell zero-day attacks targeting SharePoint servers, but confusion remains over the vulnerabilities.
The post ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets appeared ...
Data breaches seem to pop up in the news every other week, so it’s no surprise that keeping sensitive information safe has jumped to the top of the priority list for just about every industry. Hardware-encrypted drives like the iStorage ...
In this Help Net Security video, Chad Humphries, Solution Consultant, Networks & Cyber Security at Rockwell Automation, explores how cyber risk quantification is becoming essential for modern organizations. He breaks down global legal ...
Printer platform security is often overlooked in enterprise security strategies, creating security gaps, according to HP Wolf Security. By addressing security at every stage, organizations can strengthen their defenses and ensure their print ...
A new survey from ISC2 shows that nearly a third of cybersecurity professionals are already using AI security tools, and many others are close behind. So far, 30 percent of professionals say they’ve already integrated AI into their operations, ...
CISO Kbrw | France | Hybrid – View job details As a CISO, you will develop risk management processes aligned with company goals and enforce cybersecurity policies compliant with ISO27001, NIS2, and SOC2. You will handle ...
Hackers are exploiting a significant Microsoft vulnerability chain that allows them gain control of on-premises SharePoint servers, steal cryptographic keys, and access Windows applications like Outlook, Teams, and OneDrive. It also gives them ...
Iranian APT MuddyWater has been using new versions of the DCHSpy Android surveillance tool since the beginning of the conflict with Israel.
The post Iranian APT Targets Android Users With New Variants of DCHSpy Spyware appeared first on SecurityWeek.
Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this ...
Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this ...
Cierant Corporation and Zumpano Patricios independently disclosed data breaches, each impacting more than 200,000 individuals.
The post Marketing, Law Firms Say Data Breaches Impact Over 200,000 People appeared first on SecurityWeek.
As artificial intelligence (AI) accelerates across industries from financial modeling and autonomous vehicles to medical imaging and logistics optimization, one issue consistently flies under the radar: Physical security.
The post The ...
With cyberthreats intensifying and regulatory bodies tightening oversight, securing revenue data in the cloud is essential.
The post Securing Revenue Data in the Cloud: Compliance and Trust in a Digital Age appeared first on Security Boulevard.
A surveillance company was caught using an SS7 bypass technique to trick wireless carriers into divulging users’ locations.
The post Surveillance Firm Bypasses SS7 Protections to Retrieve User Location appeared first on SecurityWeek.
The Alcohol & Drug Testing Service (TADTS) says personal information was stolen in a July 2024 ransomware attack.
The post 750,000 Impacted by Data Breach at The Alcohol & Drug Testing Service appeared first on SecurityWeek.
Cybersecurity officers need to remember that the reality is, most attacks don’t begin with a dramatic break-in… they start with a login.
The post Cybersecurity Isn’t Just an IT Line Item — It’s a Business Imperative appeared first on ...
Microsoft has started releasing updates to fix the exploited SharePoint zero-days tracked as CVE-2025-53770 and CVE-2025-53771.
The post Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers appeared first on ...
The way we manage certificates must transform. For CISOs, this is not a future problem; the time to re-architect digital trust is now.
The post The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and Machine ...
Hackers are exploiting a zero-day vulnerability in CrushFTP to gain administrative privileges on vulnerable servers via HTTPS.
The post Exploited CrushFTP Zero-Day Provides Admin Access to Servers appeared first on SecurityWeek.
Security gaps, coupled with savvy cybercriminals, lend urgency to mitigating the potential for exploitation posed by surveillance tech.
The post Who’s Watching You? FBI IG Looks to Plug Holes in Ubiquitous Technical Surveillance appeared ...
