Application Security News and Articles
A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, opportunistic threat actors who are leveraging previously established webshells ...
Google has agreed to a $1.375 billion settlement with Texas in lawsuits over location and private browsing tracking, and biometric data collection.
The post Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits appeared first on ...
Hunted Labs announced Entercept, an AI-powered source code security platform that gives enterprises instant visibility into suspicious behavior from the people and code in their software supply chain. Open source code and the people who write it ...
Ascension Health has notified the HHS that more than 437,000 people were affected by a recently disclosed data breach.
The post 437,000 Impacted by Ascension Health Data Breach appeared first on SecurityWeek.
CrowdStrike introduced several enhancements to its Falcon cybersecurity platform and Falcon Next-Gen SIEM at the RSA Conference 2025, highlighting artificial intelligence, managed threat hunting and operational efficiencies aimed at transforming ...
A newly discovered 0-click NTLM authentication bypass vulnerability has resurfaced within Microsoft Telnet Server implementations, exposing a dangerous flaw in outdated yet still-operational systems. Veriti research reveals that this ...
Two vulnerabilities in ASUS’s pre-installed software DriverHub can be exploited for remote code execution.
The post Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks appeared first on SecurityWeek.
Global Crossing Airlines is investigating a cybersecurity incident after Anonymous hackers targeted its systems.
The post US Deportation Airline GlobalX Confirms Hack appeared first on SecurityWeek.
Long lists of firewall rules can lead to misaligned and inconsistent policies, creating gaps in your security perimeter for threat actors to exploit.
The post Firewall Rule Bloat: The Problem and How AI can Solve it appeared first on Security ...
Security teams can analyze live network traffic, an approach also known as network detection and response, and be more proactive in detecting the warning signs of an impending breach.
The post Cybersecurity’s Early Warning System: How Live ...
This critical shift of social media apps becoming “mission-critical” everything apps requires a different approach when it comes to resiliency.
The post Ensuring High Availability and Resilience in the ‘Everything App’ Era ...
Resecurity launched Resecurity One, the next-generation cybersecurity platform designed to improve how organizations approach cybersecurity. Resecurity One combines Digital Risk Management, Cyber Threat Intelligence, Endpoint Protection, Identity ...
German authorities seized the servers of crypto-swapping service eXch for laundering approximately $1.9 billion in fraudulent assets.
The post German Authorities Take Down Crypto Swapping Service eXch appeared first on SecurityWeek.
The passage of the CA/Browser Forum ballot to reduce the maximum certificate lifespan to 47 days represents a natural and anticipated progression in the industry’s ongoing effort to enhance security and streamline certificate management. This ...
Anyproxy and 5socks, websites offering proxy services through devices ensnared by a botnet, have been disrupted in a law enforcement operation.
The post US Announces Botnet Takedown, Charges Against Russian Administrators appeared first on ...
The Bluetooth Special Interest Group has released Bluetooth 6.1, and one of the most important new features is an update to how devices manage privacy and power. The update, called Bluetooth Randomized RPA (resolvable private address) Updates, ...
In this Help Net Security interview, Dr. Peter Garraghan, CEO of Mindgard, discusses their research around vulnerabilities in the guardrails used to protect large AI models. The findings highlight how even billion-dollar LLMs can be bypassed ...
Most people think great presenters are born with natural talent. Luka Krejci, a presentation expert, disagrees. “They are called presentation skills. Skills, not talent,” he says. “Any skill, be it dancing, football, or ...
SPIRE is a graduated project of the Cloud Native Computing Foundation (CNCF). It’s a production-ready implementation of the SPIFFE APIs that handles node and workload attestation to securely issue SVIDs to workloads and verify the SVIDs of ...
In this Help Net Security video, Chase Doelling, Principal Strategist at JumpCloud, discusses the overlooked security risks associated with improper offboarding. Though many organizations focus on securely onboarding new employees, they often ...
