Application Security News and Articles
In early September, Palo Alto Networks publicly acknowledged that Secure Web Gateways (SWGs) are architecturally unable to defend against Last Mile Reassembly attacks. SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON ...
The attack was aimed at a European network infrastructure company and it has been linked to the Aisuru botnet.
The post Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps appeared first on SecurityWeek.
The cybersecurity world is once again reminded that the human element remains the weakest link. Authorities have arrested a teenager believed to be connected to the Scattered Spider hacking group, a collective that orchestrated some of the most ...
The cybersecurity community is closely following a dangerous new campaign. A group called Nimbus Manticore has been targeting aerospace, defense, and telecommunications firms in Europe using highly sophisticated malware. This operation ...
DeepSeek has become the first major AI firm to publish peer-reviewed research around the safety risks of its models.
The post DeepSeek Reveals AI Safety Risks in Landmark Study appeared first on Security Boulevard.
The software update includes additional file checks and helps users remove the known rootkit deployed in a recent campaign.
The post SonicWall Updates SMA 100 Appliances to Remove Overstep Malware appeared first on SecurityWeek.
OffSec has released Kali Linux 2025.3, the most up-to-date version of its popular penetration testing and digital forensics platform. What’s new in Kali Linux 2025.3 Better virtual machine tooling The way Kali builds and ships its VM images has ...
Discover why DSPM is the next big opportunity for MSPs/MSSPs to boost visibility, manage risk, and deliver measurable client value.
The post Are You Ready to Offer DSPM-as-a-Service? Why MSPs and MSSPs Need to Think Data-First appeared first on ...
Sentry released the beta of AI code review, an AI-powered solution that identifies and fixes code issues before they reach production. Following its acquisitions of Codecov (2022) and Emerge Tools (2025), AI code review marks a step in Sentry’s ...
Proofpoint announced four innovations designed to secure the agentic workspace, where people and AI agents collaborate side by side. Proofpoint’s new collaboration and data security capabilities address the risks of the agentic workspace by ...
Tracked as CVE-2025-59689, the command injection bug could be triggered via malicious emails containing crafted compressed attachments.
The post Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers appeared first on ...
In this Help Net Security interview, Tim Bramble, Director of Threat Detection and Response at OpenText, discusses how SOC teams are gaining value from AI in detecting and prioritizing threats. By learning what “normal” looks like across ...
Attackers have a new favorite playground, and it’s not where many security teams are looking. According to fresh data from Bugcrowd, vulnerabilities in hardware and APIs are climbing fast, even as website flaws hold steady. The shift shows how ...
Google must pay $425M for violating California privacy laws by tracking 98M users despite opt-outs. A major win for data privacy, though appeals loom.
The post Google’s $425 Million Fine a Win for Privacy, But Will it Stick? appeared first on ...
Nosey Parker is an open-source command-line tool that helps find secrets and sensitive information hidden in text files. It works like a specialized version of grep, focused on spotting things like passwords, API keys, and other confidential ...
Cofense Intelligence has been tracking a series of Copyright-themed campaigns conducted by the Lone None threat actor group. This Strategic Analysis will look at this campaign’s current TTPs (tactics, techniques, and procedures) and IOCs ...
In this Help Net Security video, David Hardoon, Global Head of AI Enablement at Standard Chartered, discusses the role of ethics and safety in AI development. He explains why principles like fairness, accountability, and transparency must be ...
Software powers almost every part of business, which means attackers have more chances than ever to exploit insecure code. A new report from CMD+CTRL Security looks at how teams are building their defenses through cyber range training. Based on ...
JLR extended the pause in production “to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation.”
The post Jaguar Land Rover Says Shutdown Will Continue Until at Least ...
More than 300 servers and 100,000 SIM cards designed to mimic cellphones and overwhelm networks.
The post A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York appeared first on SecurityWeek.
