Application Security News and Articles
ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware, augmented with the capability of compromising UEFI-based systems and weaponizing CVE-2024-7344 to bypass ...
Creator, Author and Presenter: Reed Loden
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events ...
Noteworthy stories that might have slipped under the radar: Huntress research raises concerns, Google paid out $1.6 million for cloud vulnerabilities, California web browser bill.
The post In Other News: $900k for XSS Bugs, HybridPetya Malware, ...
Check out Tenable’s report detailing challenges and best practices for cloud and AI security. Plus, CISA rolled out a roadmap for the CVE Program, while NIST updated its guidelines for secure software patches. And get the latest on TLS/SSL ...
A deserialization of untrusted data in the MOM software allows attackers to achieve remote code execution.
The post DELMIA Factory Software Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Ransomware has become one of the most devastating forms of cybercrime in the modern era. From hospitals forced to cancel surgeries to global supply chains brought to a standstill, ransomware doesn’t just lock data—it cripples organizations. ...
The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we want to outpace and outmaneuver our adversaries, we must first ensure that ...
Apple this year sent at least four rounds of notifications to French users potentially targeted by commercial spyware.
The post Apple Sends Fresh Wave of Spyware Notifications to French Users appeared first on SecurityWeek.
F5 is buying CalypsoAI for its adaptive AI inference security solutions, which will be integrated into its Application Delivery and Security Platform.
The post F5 to Acquire CalypsoAI for $180 Million appeared first on SecurityWeek.
CISA says it is time for the CVE Program to focus on improving trust, responsiveness, and the caliber of vulnerability data.
The post CISA: CVE Program to Focus on Vulnerability Data Quality appeared first on SecurityWeek.
Boost your Node.js development in 2024 with these 15 essential VS Code extensions. Streamline your workflow and boost productivity with actionable tools.
The post Top 15 Visual Studio Code Extensions for Node.js Development appeared first on ...
Exploiting incomplete speculative execution attack mitigations extended to the branch predictor state, VMScape leaks arbitrary memory.
The post VMScape: Academics Break Cloud Isolation With New Spectre Attack appeared first on SecurityWeek.
Most mobile apps silently leak personal data to third parties, even trusted ones. From trackers in Google Play apps to high-profile breaches like Strava and British Airways, app data leakage is a growing privacy risk. Learn why apps leak data and ...
Critical Security Alert: If you are an organization using Rockwell’s ThinManager software version 13.0 or below, you are vulnerable. If you cannot upgrade immediately, please scroll to the section on compensating controls below and contact our ...
KioSoft was notified about a serious NFC card vulnerability in 2023 and only recently claimed to have released a patch.
The post Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm appeared first on SecurityWeek.
HCLSoftware launched HCL AppScan 360º version 2.0, a next-generation application security platform designed to help organizations regain control over their software supply chains. As open-source adoption accelerates and global data regulations ...
Sublime Security released the Autonomous Detection Engineer (ADÉ), an end-to-end AI agent that turns attack telemetry into transparent and auditable protection that security teams can trust. Email attacks are advancing as adversaries weaponize ...
Overview NSFOCUS LLM security solution consists of two products and services: the LLM security assessment system (AI-SCAN) and the AI unified threat management (AI-UTM), forming a security assessment and protection system covering the entire life ...
You Don’t Know What You Don’t Know – And That’s the Problem Picture this: Your development team has built a robust e-commerce platform. Your security team has implemented comprehensive protection measures. Your compliance team has checked ...
With attacks on applications growing rapidly, regular testing of web and mobile platforms has become critical. In fact, statistics show that web applications are involved in 26% of breaches, ranking as the second most exploited attack pattern. ...
