Application Security News and Articles
An ongoing supply chain attack dubbed "Shai-Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that the ...
Last updated 7:00 p.m. ET on September 16, 2025
The post Ongoing npm Software Supply Chain Attack Exposes New Risks appeared first on Security Boulevard.
The raw attack surface isn’t just growing. It’s fragmenting. Logs from SaaS apps, cloud workloads, and third-party services flood security stacks already straining to keep up. Security teams are buried in alerts they can’t triage fast ...
Newark, NJ, Sept. 16, 2025, CyberNewswire — The OpenSSL Conference 2025 will take place on October 7 – 9 in Prague.
The program will bring together lawyers, regulators, developers, and entrepreneurs to discuss security and privacy in a global ...
Acquisition extends CrowdStrike’s Falcon platform into AI security, introducing AI Detection and Response (AIDR) to protect enterprise models, agents, and applications across the full AI lifecycle.
The post CrowdStrike to Acquire Pangea to ...
Las Vegas, Sept. 16, 2025, CyberNewswire —Seraphic today announced at Fal.Con 2025 that its Secure Enterprise Browser (SEB) solution is now available for purchase in the CrowdStrike Marketplace, a one-stop destination for the world-class ...
Is Your Cybersecurity Truly Impenetrable? Achieving an “impenetrable security” remains an elusive goal for many organizations. Yet, the rise of Non-Human Identities (NHIs) presents an innovative approach to this challenge. With an efficient ...
Why Should Secure NHI Practices Be a Priority? Is your organization prepared for increasing threats presented by unmanaged Non-Human Identities (NHIs)? Where the footprint of machine identities continues to increase, so does the risk associated ...
Does Your Organization’s Security Strategy Include Strong NHI Policies? Ensuring robust cloud security is much more than just protecting data from cyber attacks. It includes managing Non-Human Identities (NHIs) and their associated secrets ...
Villager is being pitched as a legitimate AI-powered pentest tool for red teams, but the platform, made by Chinese company Cyberspike, has been loaded almost 11,000 times on PyPI in two months, raising concerns that it is on the same path as ...
A global survey of 1,025 IT and security professionals finds that while organizations experienced an average of 2.17 cloud breaches over the past 18 months, only 8% were categorized as severe. At the same time, however, with the rise of ...
A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The worm has been dubbed “Shai-hulud” as it steals credentials ...
Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations ...
Move highlights rising demand for AI-native security as enterprises face new risks from generative models and autonomous agents
The post Check Point to Acquire AI Security Firm Lakera appeared first on SecurityWeek.
Newark, New Jersey, United States, 16th September 2025, CyberNewsWire
The post 3 Weeks Left Until the Start of the OpenSSL Conference 2025 appeared first on Security Boulevard.
Seceon Inc., an award-winning cybersecurity leader trusted by 700+ partners and 9,000+ customers worldwide, today announced aiCompliance CMX360™, the industry’s first security-native compliance platform that leverages existing security ...
On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a ...
CrowdStrike at its Fal.Con event today expanded its effort to embed artificial intelligence (AI) agents into security operations center (SOC) workflows and while simultaneously extending its ability to secure AI applications by acquiring Pangea ...
Each week, new operating system vulnerabilities are disclosed. The same alerts landing in your inbox are also fueling hacker research, as they look for the fastest way to exploit these newfound system weaknesses. We even have one vendor that is ...
JLR vs. SLH: Jaguar Land Rover woes worse than previously thought.
The post Jaguar Land Rover Admits to Longer Shutdown as Childish Hackers Troll Carmaker appeared first on Security Boulevard.
