Application Security News and Articles
Jumio announced the launch of selfie.DONE, a new solution that delivers on the company’s vision for true reusable identity. selfie.DONE empowers trusted users to be instantly recognized and reverified with just a selfie, eliminating the need to ...
The pace of change isn’t slowing down. If anything, it’s accelerating. Emerging technologies, new competitors, and new customer expectations are rewriting the rules of business....Read More
The post Gaining (and Regaining) Competitiveness in ...
Active Directory (AD) remains the backbone of enterprise identity and a prime target for attackers. Explore its 25-year history, evolving risks, and how organizations can modernize password security. This eBook shows why AD defenses must evolve ...
The malicious Smishing Triad domains were used to collect sensitive information, including Social Security numbers.
The post Massive China-Linked Smishing Campaign Leveraged 194,000 Domains appeared first on SecurityWeek.
Ransomware groups are facing an economic downturn of their own: In Q3 2025, only 23 percent of victims paid a ransom, and for data theft incidents that involved no encryption, the payment rate dropped to just 19 percent, according to Coveware. ...
At Tenable, we believe the next generation of great CISOs and security leaders will arise from those vulnerability management professionals who are driving the shift to exposure management today.
Key takeaways:
Vulnerability management is ...
Discover vein-based password technology: A deep dive into its security features, development aspects, and expert opinions on its role in future authentication systems.
The post Exploring Vein-Based Password Technology: Expert Insights appeared ...
Demystifying Enterprise IAM: Learn the core concepts, benefits, and implementation strategies for effective identity and access management in your organization.
The post Understanding the Concept of Enterprise IAM appeared first on Security ...
This article was originally published in T.H.E. Journal on 10/22/25 by Charlie Sander. Printers may not be glamorous, but they are an often-overlooked attack vector that should be part of every district’s cybersecurity strategy Cyber attacks ...
The world’s first global convention to prevent and respond to cybercrime opened for signature today in Hanoi, Vietnam, and will remain open at United Nations Headquarters in New York until 31 December 2026. Adopted by the UN General Assembly in ...
Explore the latest updates across the Black Duck portfolio—from GitHub integrations and AI-powered fixes to faster scans, audit-ready SBOMs, and workflow automation.
The post Black Duck’s product release round-up: faster fixes, smarter ...
All new extensions will be required to declare their data collection practices in their manifest file using a specific key.
The post New Firefox Extensions Required to Disclose Data Collection Practices appeared first on SecurityWeek.
Technical details CVE-2025-59287 is an unsafe deserialization vulnerability in the WSUS reporting component. In short, WSUS accepts serialized data from a network request and deserializes it without performing sufficient validation. A specially ...
Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced.
The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek.
Cyber insurance is no longer just a safety net; it’s a catalyst for change. With premiums climbing and coverage shrinking, insurers are forcing organizations to modernize security operations, embrace AI-driven risk quantification, and tighten ...
Coveware has attributed the drop to large enterprises increasingly refusing to pay up and smaller amounts paid by mid-market firms.
The post Ransomware Payments Dropped in Q3 2025: Analysis appeared first on SecurityWeek.
ReliaQuest’s Threat Spotlight: How Automation, Customization, and Tooling Signal Next Ransomware exposes how elite Ransomware-as-a-Service (RaaS) groups thrive. Automation, advanced tools, and attack customization attract top affiliates and ...
The rapid rise of AI and automation has helped create a new breed of researcher — the bionic hacker. Think of a Steve Austen-type researcher, only instead of body parts replaced by machines, human creativity is being augmented by ...
The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks.
The post Chrome Zero-Day Exploitation Linked to Hacking Team Spyware appeared first on SecurityWeek.
Biometric authentication has moved from fingerprints to voices to facial scans, but a team of researchers believes the next step could be inside the ear. New research explores how the ear canal’s unique acoustic properties can be used to verify ...
