Application Security News and Articles
Application Penetration Tester Tata Consultancy Services | Ireland | Hybrid – View job details As an Application Penetration Tester, you will perform in-depth manual testing of web applications and APIs. You’ll work with clients ...
MITRE has introduced AADAPT (Adversarial Actions in Digital Asset Payment Technologies), a new cybersecurity framework designed to tackle vulnerabilities in digital financial ecosystems, including cryptocurrency platforms. Modeled after the MITRE ...
As organizations continue to deploy AI, security professionals find themselves confronting critical gaps in their level of preparedness, according to F5's 2025 State of AI Application Strategy Report.
The post Survey Finds AI Adoption Outpacing ...
A vulnerability affecting systems named End-of-Train and Head-of-Train can be exploited by hackers to cause trains to brake.
The post Train Hack Gets Proper Attention After 20 Years: Researcher appeared first on SecurityWeek.
CISA considers the recently disclosed CitrixBleed 2 vulnerability an unacceptable risk and has added it to the KEV catalog.
The post CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA appeared first on SecurityWeek.
Google Gemini for Workspace can be tricked into displaying a phishing message when asked to summarize an email.
The post Google Gemini Tricked Into Showing Phishing Message Hidden in Email appeared first on SecurityWeek.
With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web application firewall – is expected to be leveraged by attackers ...
Blumira launched new features and capabilities designed to help IT teams and managed service providers (MSPs) work smarter, reduce alert fatigue and simplify compliance reporting. With these updates, Blumira continues its mission to deliver ...
Stellar Cyber released version 6.0.0 of its award-winning open and unified SecOps Platform, introducing new AI-driven capabilities and workflow enhancements designed to propel organizations further along their journey to a human-augmented ...
The Interlock ransomware group has partnered with the KongTuke TDS to distribute a new RAT variant via FileFix attacks.
The post New Interlock RAT Variant Distributed via FileFix Attacks appeared first on SecurityWeek.
Vulnerabilities in Gigabyte firmware implementations could allow attackers to disable Secure Boot and execute code during the early boot phase.
The post Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment appeared first on ...
Louis Vuitton customers in the UK, South Korea, Turkey and possibly other countries are being notified of a data breach.
The post Louis Vuitton Data Breach Hits Customers in Several Countries appeared first on SecurityWeek.
Attackers are using public models and automation tools to generate malware that is unique to every campaign. It doesn't look like anything we've seen before.
The post Rethinking Defense in the Age of AI-Generated Malware appeared first on ...
Modern AI attacks require runtime guardrails capable of spanning application, container and node/host runtime environments comprehensively.
The post Security in the Era of AI-speed Exploits appeared first on Security Boulevard.
Two Gravity Forms WordPress plugin versions available on the official download page were injected with malware in a supply chain attack.
The post Hackers Inject Malware Into Gravity Forms WordPress Plugin appeared first on SecurityWeek.
An AI hiring bot intended to streamline the job application process has instead created a super-sized privacy headache for McDonald’s.
The post McDonald’s Hiring Bot: Would You Like A Side of PII With That? appeared first on Security ...
In this Help Net Security interview, Gail Hodges, Executive Director at the OpenID Foundation, discusses how the Foundation ensures global consistency in FAPI 2.0 implementations and helps different industries, including healthcare, adopt secure ...
pqcscan is an open-source tool that lets users scan SSH and TLS servers to see which Post-Quantum Cryptography (PQC) algorithms they claim to support. It saves the results in JSON files. You can turn one or more of these files into an HTML report ...
Discover how Bitdefender PHASR enables organizations to identify and remediate security misconfigurations before attackers can exploit them. This demo walks through PHASR’s proactive hardening capabilities, showing how it transforms visibility ...
60% of organizations rate their Microsoft 365 security as “established” or “advanced”, according to CoreView. Yet, 60% of those same organizations have experienced account compromise attacks. The Microsoft 365 attack surface is wide and ...
