Application Security News and Articles
With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming and possibly already happening. According to ...
Tel Aviv, Israel, 9th June 2025, CyberNewsWire
The post Seraphic Security Unveils BrowserTotal™ – Free AI-Powered Browser Security Assessment for Enterprises appeared first on Security Boulevard.
RSA has updated its passwordless identity management platform to add support for desktops that are connected to the Microsoft Entra ID directory service.
The post RSA Extends Reach of Passwordless Management Platform appeared first on Security ...
iVerify links iPhone crashes to sophisticated zero-click attacks via iMessage targeting individuals involved in politics in the EU and US.
The post iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals appeared first ...
Contrast Security today made available an update to its application detection and response platform that leverages graph and artificial intelligence (AI) technologies to provide security operations teams with a digital twin of the applications ...
Explore the latest features and enhancements in CodeSentry 7.2! CodeSentry 7.2 SaaS introduces AI Component Detection, which highlights the use of Artificial Intelligence (AI) or Machine Learning (ML) software packages in the Software Bill Of ...
Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught.
The details are interesting, and worth reading in detail:
>Tracking code ...
The US is seeking the forfeiture of $7.74 million in cryptocurrency in frozen wallets tied to North Korean fake IT workers schemes.
The post US Seeks Forfeiture of $7.74M in Cryptocurrency Tied to North Korean IT Workers appeared first on ...
Kingsley Uchelue Utulu has been sentenced to more than 5 years in prison for his role in a scheme that involved hacking, fraud and identity theft.
The post Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison appeared first ...
New Zealand mandates DMARC enforcement under its new Secure Government Email framework. Learn what this means and how agencies can ensure compliance.
The post New Zealand Government Mandates DMARC Under New Secure Email Framework appeared first ...
SANTA CLARA, Calif., June 9, 2025 – NSFOCUS, a global leader in cybersecurity solutions, announced the release of its annual report, the 2024 Global DDoS Landscape Report. The full report is packed with in-depth analysis and insights that can ...
Have you ever had a client ask, “How much risk are we facing?” and all you had was a pie chart to show them? In 2025, that doesn’t cut it. Today’s business executives expect more. They want risk explained in clear, unambiguous terms—and ...
President Trump says his new cybersecurity executive order amends problematic elements of Biden- and Obama-era executive orders.
The post Trump Cybersecurity Executive Order Targets Digital Identity, Sanctions Policies appeared first on SecurityWeek.
In this Help Net Security interview, Renana Friedlich-Barsky, EVP and CISO at LPL Financial, discusses how threat actors are targeting high-net-worth clients and exploiting digital touchpoints in wealth management. She explains why firms must ...
The threat landscape in the bioeconomy is different from what most CISOs are used to. It includes traditional risks like data breaches, but the consequences are more complex. A compromise of genomic databases, for example, does not just expose ...
fiddleitm is an open-source tool built on top of mitmproxy that helps find malicious web traffic. It works by checking HTTP requests and responses for known patterns that might point to malware, phishing, or other threats. fiddleitm features ...
Using the MITRE ATT&CK framework as a baseline, organizations are generally improving year-over-year in understanding security information and event management (SIEM) detection coverage and quality, but plenty of room for improvement ...
In just 12 months, attackers attempted to steal more than $300 million via vendor email compromise (VEC), with 7% of engagements coming from employees who had engaged with a previous attack, according to Abnormal AI. Vendor email compromise risks ...
Join us as we discuss the long-awaited implementation of the REAL ID Act in the U.S. We cover the essentials you need to fly, the potential benefits of using your passport, and how new mobile IDs fit into the TSA’s plans. We also discuss the ...
Overview Recently, NSFOCUS CERT has detected that DataEase has issued a security bulletin to fix multiple high-risk vulnerabilities in DataEase (CVE-2025-49001/CVE-2025-49002/CVE-2025-48999). Combined use can achieve unauthorized code execution. ...
