Application Security News and Articles
In this Help Net Security video, Ozan Ucar, CEO of Keepnet Labs, highlights a critical cybersecurity blind spot: the vulnerability of new hires during onboarding. He explains how attackers now use AI-powered, multi-channel phishing tactics to ...
While Africa hosts some of the fastest-growing digital economies globally, it also faces persistent challenges in cybersecurity preparedness. Many organizations and individuals remain unaware of the risks they face online. Phishing schemes and ...
75% of organizations have building management systems (BMS) affected by known exploited vulnerabilities (KEVs), according to Claroty.
The post Exposed and unaware? Smart buildings need smarter risk controls appeared first on Help Net Security.
To ensure resilience across the internet stack, organizations need to protect and manage four key areas: reachability, availability, reliability, and performance, according to Catchpoint. The negative economic impact of incidents 51% report ...
Here’s a look at the most interesting products from the past week, featuring releases from DigitalOcean, Scamnetic, StealthCores, and Tracer AI. Scamnetic KnowScam 2.0 helps consumers detect every type of scam KnowScam 2.0 now comes with major ...
The notorious Hunters International RaaS group that racked up hundreds of victims over two years says it's shutting down and offering decryption software to victims, but security pros say this happens regularly in the cybercriminal world and that ...
Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which raises privacy and security concerns. In response, Google has ...
Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew out information that may benefit them, such as ...
A Barracuda Networks analysis of unsolicited and malicious emails sent between February 2022 to April 2025 indicates 14% of the business email compromise (BEC) attacks identified were similarly created using a large language model (LLM).
The post ...
A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts.
The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.
Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root.
The post Cisco Warns of Hardcoded Credentials in Enterprise Software appeared first on SecurityWeek.
Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified ...
SentinelOne says the fake Zoom update scam delivers ‘NimDoor’, a rare Nim-compiled backdoor.
The post North Korean Hackers Use Fake Zoom Updates to Install macOS Malware appeared first on SecurityWeek.
By breaking down internal silos, leveraging advanced technology and embracing industrywide cooperation, organizations can shift from reactive to proactive fraud prevention to protect revenue and reputation while supporting sustainable business ...
There is no question that vulnerability scanning and patch management remain necessary, but they are clearly no longer sufficient
The post We Are Losing the Scan/Patch Battle appeared first on Security Boulevard.
Understanding the difference between Shadow IT and BYOC, although subtle, requires different policies, procedures and technology to resolve.
The post The Differences and Similarities Between Shadow IT and BYOC appeared first on Security Boulevard.
GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management ...
StealthCores launched StealthMACsec, a comprehensive IEEE 802.1AE compliant MACsec engine that brings advanced side-channel countermeasures to Ethernet network security. Building on the proven security foundation of StealthAES, StealthMACsec ...
In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. ...
Every day, millions of travelers share sensitive information like passports, credit card numbers, and personal details with hotels, restaurants, and travel services. This puts pressure on the hospitality sector to keep that information safe and ...
