Application Security News and Articles
High-severity flaws in IOS XR could lead to ISO image verification bypass and denial-of-service conditions.
The post Cisco Patches High-Severity IOS XR Vulnerabilities appeared first on SecurityWeek.
For more than two decades, Comply-to-Connect (C2C) has been a stated goal across the Department of Defense (DoD). The idea is simple: before a system, device, or user connects to the network, it must be verified as secure and compliant. In ...
Organizations manage sensitive data, operate under complex regulations, and face relentless cyber threats. Yet traditional compliance—point-in-time audits, annual assessments, and static reporting—is no longer enough. Attackers don’t wait ...
F5 announced its intent to acquire CalypsoAI, whose platform brings real-time threat defense, red teaming at scale, and data security to enterprises racing to deploy generative and agentic AI. These capabilities will be integrated into the F5 ...
Threat intelligence feeds come with a simple promise: Improve operational security by teaching security practitioners what Tactics, Techniques, and Procedures (TTPs) threat actors use in the real world. The more you know about threat actor ...
N-able has introduced Cat-MIP, a solution designed to standardize and document terminology for AI automation and MCP Server behaviors across MSP and IT ecosystems. This breakthrough enables IT service providers to harness AI more effectively for ...
LNER said the security incident involved a third-party supplier and resulted in contact information and other data being compromised.
The post UK Train Operator LNER Warns Customers of Data Breach appeared first on SecurityWeek.
Box announced Box Shield Pro, a new suite of security capabilities powered by AI, that builds on the company’s flagship content protection solution, Box Shield. With Box Shield Pro, customers can automatically apply AI-driven classification, ...
Google patched a critical use-after-free vulnerability in Chrome that could potentially lead to code execution.
The post Critical Chrome Vulnerability Earns Researcher $43,000 appeared first on SecurityWeek.
Permiso researchers uncovered a Unicode obfuscation technique, “Inboxfuscation,” that exploits Microsoft Exchange inbox rules to evade detection and exfiltrate email data. Learn how it works and how security teams can defend against it.
The ...
Widespread visibility is critical for cloud security, but obtaining it is easier said than done. To discover insights and best practices for code-to-cloud visibility, check out highlights from a new IDC white paper. Plus, learn how Tenable’s ...
For the second time in two years, Senator Ron Wyden is asking federal regulators to investigate Microsoft's cybersecurity practices, saying the ongoing weaknesses in the Windows OS is making federal agencies, critical infrastructure, and ...
If you’ve been anywhere near cybersecurity leadership circles lately, you’ve probably heard the acronym CTEM tossed around a lot. Continuous Threat Exposure Management promises a framework for staying ahead of an endlessly shifting attack ...
The Akira ransomware group is likely exploiting a combination of three attack vectors to gain unauthorized access to vulnerable appliances.
The post Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw appeared first on ...
Researchers exploited K2 Think’s built-in explainability to dismantle its safety guardrails, raising new questions about whether transparency and security in AI can truly coexist.
The post UAE’s K2 Think AI Jailbroken Through Its Own ...
The tools manufacturer was targeted in a ransomware attack claimed by the Cactus group.
The post 100,000 Impacted by Cornwell Quality Tools Data Breach appeared first on SecurityWeek.
Senator Ron Wyden’s complaints focus on Windows security and the Kerberoasting attack technique.
The post Senator Urges FTC Probe of Microsoft Over Security Failures appeared first on SecurityWeek.
With security teams drowning in alerts, many suppress detection rules and accept hidden risks. AI promises relief through automation and triage—but without human oversight, it risks becoming part of the problem.
The post AI Emerges as the ...
AegisAI uses autonomous AI agents to prevent phishing, malware, and BEC attacks from reaching inboxes.
The post Email Security Startup AegisAI Launches With $13 Million in Funding appeared first on SecurityWeek.
APIs are now the beating heart of digital infrastructure. But as they have risen in importance, they’ve also become prime targets for attackers. Complex, often poorly understood API behaviors present rich opportunities for exploitation, and too ...
