Application Security News and Articles
The vulnerability impacts multiple Rust tar parsers, allowing attackers to smuggle additional archive entries.
The post TARmageddon Flaw in Popular Rust Library Leads to RCE appeared first on SecurityWeek.
Tenable has been named a Continuous Threat Exposure Management (CTEM) Leader in Latio’s 2025 Cloud Security Market Report. This recognition is based on rigorous product testing conducted by Latio founder and lead analyst James Berthoty.
Key ...
6 min readRobust auditing is essential for secure MCP deployments, providing compliance evidence, forensic capabilities, and operational confidence for managing AI agents and context-aware systems at scale. The dynamic nature of MCP makes a lack ...
The Expanding Threat Surface in Third-Party Access No matter how secure an organization’s internal defenses may be, the risk created by third parties cannot be ignored. A single vendor often has connections across dozens of client environments. ...
5 min readAI agents' rise has transformed software, as they make decisions and coordinate tasks. However, their security is often weak due to poor authentication and ad-hoc controls. The Model Context Protocol (MCP), developed by Anthropic, ...
A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this campaign stand out is how the threat actors avoid typical malware techniques ...
To scale a fraud or bot attack, adversaries need more than just realistic automation. They need infrastructure.
A convincing browser fingerprint and human-like interaction (mouse movements, keystrokes, etc.) are table stakes. But even with a ...
One of the flaws can be exploited by remote unauthenticated attackers for arbitrary command execution.
The post Critical Vulnerabilities Patched in TP-Link’s Omada Gateways appeared first on SecurityWeek.
We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.
The post ...
Think you know all there is to know about cybersecurity? Guess again. Shadow AI is challenging security leaders with many of the same issues raised by other “shadow” technologies. Only this time, it’s evolving at breakneck speed.
Key ...
Ivanti announced product enhancements across its solution pillars, empowering our customers to accelerate cloud adoption, strengthen security posture and streamline IT operations. Distributed workforce requires seamless and secure access to the ...
The company’s IAM platform identifies AI agents, supports assigning permission to them, and tracks all activity.
The post Keycard Emerges From Stealth Mode With $38 Million in Funding appeared first on SecurityWeek.
Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to ...
Rubrik announced the launch of the Rubrik Agent Cloud to accelerate enterprise AI agent adoption while managing risk of AI deployments. AI transformation is now mandatory for most organizations. However, IT leaders are constrained because agentic ...
Cyberattacks on UK retailers show rising supply chain risks. Learn how zero-trust, vendor vetting, and continuous monitoring strengthen cyber resilience.
The post Retail Cyberattacks Reveal Hidden Weaknesses In Supply Chain Security appeared ...
Star Blizzard started using the NoRobot (BaitSwitch) and MaybeRobot (SimpleFix) malware after public reporting on the LostKeys malware.
The post Russian APT Switches to New Backdoor After Malware Exposed by Researchers appeared first on SecurityWeek.
From fake PDFs to AI voice scams, phishing attacks are evolving fast. Learn key tactics and defenses to protect against fraud, identity theft, and account loss.
The post Phishing Scams Weaponize Common Apps to Fool Users appeared first on ...
Learn what a good email deliverability rate is, why it matters, and how to improve it. Explore benchmarks, tools, and strategies to boost your inbox placement.
The post What’s a Good Email Deliverability Rate in 2025? appeared first on Security ...
If you are recruiting for a Field CISO, Field CTO, etc., or are looking to leverage a resource at your company in one of these roles, what are some things you should be aware of?
The post What Makes a Great Field CXO: Lessons from the Front Lines ...
Jewett-Cameron Company says hackers stole sensitive information and are threatening to release it unless a ransom is paid.
The post Fencing and Pet Company Jewett-Cameron Hit by Ransomware appeared first on SecurityWeek.
