Application Security News and Articles


Analysis Surfaces Increased Usage of LLMs to Craft BEC Attacks

A Barracuda Networks analysis of unsolicited and malicious emails sent between February 2022 to April 2025 indicates 14% of the business email compromise (BEC) attacks identified were similarly created using a large language model (LLM). The post ...

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins

A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts. The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.

Cisco Warns of Hardcoded Credentials in Enterprise Software

Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root. The post Cisco Warns of Hardcoded Credentials in Enterprise Software appeared first on SecurityWeek.

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)

Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified ...

North Korean Hackers Use Fake Zoom Updates to Install macOS Malware

SentinelOne says the fake Zoom update scam delivers ‘NimDoor’, a rare Nim-compiled backdoor. The post North Korean Hackers Use Fake Zoom Updates to Install macOS Malware appeared first on SecurityWeek.

Beyond Silos: The Power of Internal Collaboration on Transforming Fraud Prevention

By breaking down internal silos, leveraging advanced technology and embracing industrywide cooperation, organizations can shift from reactive to proactive fraud prevention to protect revenue and reputation while supporting sustainable business ...

We Are Losing the Scan/Patch Battle

There is no question that vulnerability scanning and patch management remain necessary, but they are clearly no longer sufficient The post We Are Losing the Scan/Patch Battle appeared first on Security Boulevard.

The Differences and Similarities Between Shadow IT and BYOC

Understanding the difference between Shadow IT and BYOC, although subtle, requires different policies, procedures and technology to resolve. The post The Differences and Similarities Between Shadow IT and BYOC appeared first on Security Boulevard.

GitPhish: Open-source GitHub device code flow security assessment tool

GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management ...

StealthMACsec strengthens Ethernet network security

StealthCores launched StealthMACsec, a comprehensive IEEE 802.1AE compliant MACsec engine that brings advanced side-channel countermeasures to Ethernet network security. Building on the proven security foundation of StealthAES, StealthMACsec ...

Healthcare CISOs must secure more than what’s regulated

In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. ...

Cyberattacks are draining millions from the hospitality industry

Every day, millions of travelers share sensitive information like passports, credit card numbers, and personal details with hotels, restaurants, and travel services. This puts pressure on the hospitality sector to keep that information safe and ...

AI tools are everywhere, and most are off your radar

80% of AI tools used by employees go unmanaged by IT or security teams, according to Zluri’s The State of AI in the Workplace 2025 report. AI is popping up all over the workplace, often without anyone noticing. If you’re a CISO, if you want ...

90% aren’t ready for AI attacks, are you?

As AI reshapes business, 90% of organizations are not adequately prepared to secure their AI-driven future, according to a new report from Accenture. Globally, 63% of companies are in the “Exposed Zone,” indicating they lack both a cohesive ...

Industrial security is on shaky ground and leaders need to pay attention

44% of industrial organizations claim to have strong real-time cyber visibility, but nearly 60% have low to no confidence in their OT and IoT threat detection capabilities, according to Forescout. How confident are you in your OT/IoT threat ...

SAST for Developers — Your First Line of Code Defense

You open your PR, and there it is: “Potential SQL injection vulnerability detected.” SAST just did its job — before your code hits…Continue reading on Medium »

SAST for Developers — Your First Line of Code Defense

You open your PR, and there it is: “Potential SQL injection vulnerability detected.” SAST just did its job — before your code hits…Continue reading on Medium »

Silent Push, NordVPN Uncover Thousands of Brand-Spoofing Websites

Researchers from NordVPN and Silent Push uncover separate brand-spoofing campaigns that involve tens of thousands of fake websites impersonating real plans that are used to lure victims to hand their data and money to threat actors. The post ...

Concentric AI Expands Data Security Ambitions With Swift Security, Acante Acquisitions 

Data security governance provider Concentric AI announced its acquisition of Swift Security and Acante, two AI-driven security startups, in a move Concentric AI founder and CEO Karthik Krishnan hopes will reshape enterprise data protection. The ...

Blumira Identifies 824 Iranian Cyber Incidents Over 21 Months 

Security operations platform provider Blumira today released an intelligence assessment that tracked 824 security incidents attributed to Iranian threat actors over 21 months, providing insights into recent Iranian threat activity. The post ...