Application Security News and Articles
It’s been a few weeks since the marketing excesses of the RSA Conference, and a quick glance at any day’s headlines confirms: attackers are collaborating and innovating faster than defenders can keep up. DeepTempo empowers security teams with ...
CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage group ...
Signal said the privacy feature is on by default for every Windows 11 user to block Microsoft from taking screenshots for Windows Recall.
The post Signal Adds Screenshot-Blocker to Thwart ‘Windows Recall’ appeared first on SecurityWeek.
Noteworthy stories that might have slipped under the radar: serious vulnerabilities found in a Volkswagen app, Australian hacker DR32 sentenced in the US, and Immersive launches OT security training solution.
The post In Other News: Volkswagen ...
Insight No. 1 — Instead of layoffs, bank on your security team.
Using Infosec layoffs to chase short-term payroll savings in cybersecurity is a dangerous gamble that will inevitably cost far more in the long run. When security teams are cut, ...
Check out expert recommendations for protecting your AI system data. Plus, boost your IT department’s cybersecurity skills with a new interactive framework. In addition, learn about a malware campaign targeting critical infrastructure orgs. And ...
A survey of 1,042 senior cybersecurity managers in the U.S., the United Kingdom and Australia finds only 5% have implemented quantum-safe encryption, even though 69% recognize the risk quantum computing poses to legacy encryption ...
Malware peddlers are using TikTok videos and the ClickFix tactic to trick users into installing infostealer malware on their computers, Trend Micro researchers have warned. The videos are getting published by a number of TikTok user accounts, ...
How Hunters International Used the Browser to Breach Enterprises — And Why They Didn’t See It Coming
At RSAC 2025, Cato Networks delivered a presentation that SOC teams and CISOs will want to pay attention to: “Suspicious ...
Operation Endgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet and indicting the leaders of both the DanaBot and Qakbot ...
Russian national Rustam Gallyamov was indicted in the US for his leading role in the development and distribution of Qakbot malware.
The post Russian Qakbot Gang Leader Indicted in US appeared first on SecurityWeek.
Operation Endgame, “Season 2”, is officially announced as of Friday, May 23rd, 2025. International law enforcement agencies and their partners have once again joined forces to disrupt and dismantle botnet infrastructure and their operators. ...
CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments.
The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek.
A Chinese threat actor exploited a zero-day vulnerability in Trimble Cityworks to hack local government entities in the US.
The post Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks appeared first on SecurityWeek.
Discover how ImpactQuill launched IQDMARC using PowerDMARC’s white label solution to enhance email security, and boost deliverability for clients.
The post DMARC MSP Case Study: ImpactQuill Enhances Email Security and Visibility for Clients ...
The DanaBot botnet ensnared over 300,000 devices and caused more than $50 million in damages before being disrupted.
The post DanaBot Botnet Disrupted, 16 Suspects Charged appeared first on SecurityWeek.
A Chinese espionage group has been chaining two recent Ivanti EPMM vulnerabilities in attacks against organizations in multiple critical sectors.
The post Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors appeared first on ...
Token Security launched Model Context Protocol (MCP) Server for non-human identity (NHI). This capability brings the power of agentic AI to modern security operations and enables teams to interact with complex NHI data using simple, natural ...
As digital transformation becomes a strategic imperative, development teams have emerged as a pillar of organizations. Agile and DevOps practices have revolutionized the pace of innovation, enabling businesses to respond rapidly to evolving ...
In this Help Net Security interview, Dr. Joy Wu, Assistant Professor, UBC Sauder School of Business, discusses the psychological and societal impacts of data monetization, why current privacy disclosures often fall short, and what it will take to ...
