Application Security News and Articles
If your organization uses GitLab for managing your software development lifecycle, you must ensure you’re not misconfiguring the permissions of this open source DevSecOps platform. Doing so can expose your source code, along with sensitive ...
Bitsight launched Bitsight Identity Intelligence, a new, standalone threat intelligence module designed to help security teams detect compromised credentials, prevent unauthorized access, and proactively mitigate risk across their extended attack ...
CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has ...
The notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion.
The post Hunters International Ransomware Gang Rebranding, Shifting Focus appeared first on SecurityWeek.
As businesses embrace the cloud, their attack surface expands accordingly. Cloud workloads are built on APIs, and Cequence’s expertise in API security and bot management means the company and its products are uniquely positioned to protect ...
Author: Ehud Amiri, SVP Product Management, Savyint How will the threat to identities change over the coming year? AI will […]
The post Identities and IAM Trends: Q&A With a Saviynt Identity Expert appeared first on Security Boulevard.
Google is making it easier for Gmail users to send end-to-end encrypted (E2EE) emails to anyone by adopting a process that does away with complex options like S/MIME and instead uses encrypted keys that are controlled by the sender.
The post ...
Less than two dozen cybersecurity merger and acquisition (M&A) deals were announced in March 2025.
The post Cybersecurity M&A Roundup: 23 Deals Announced in March 2025 appeared first on SecurityWeek.
Nisos
Managing Human Risk in the Employee Lifecycle
Human Resources (HR) plays a critical role in identifying and mitigating human risks throughout the Employee Lifecycle (ELC)...
The post Managing Human Risk in the Employee Lifecycle appeared ...
When it comes to the frequency and sophistication of software supply chain attacks, few industries can compare with the cryptocurrency industry. As RL’s 2025 Software Supply Chain Security Report notes: In 2024, there were close to two dozen ...
Cybercriminals commonly target K-12 schools. 71% of UK secondary schools reported a breach or attack in the previous year alone — mirrored by schools across the U.S. This, paired with internal threats, requires schools to adopt advanced ...
Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. “Historically, the #1 spot has been dominated by the usual suspects – big tech ...
The post How to Secure and Make Your Iframe Compliant in 2025 appeared first on Feroot Security.
The post How to Secure and Make Your Iframe Compliant in 2025 appeared first on Security Boulevard.
GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.
The post 39 Million Secrets Leaked on GitHub in 2024 appeared first on SecurityWeek.
Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’.
The post Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability appeared first on SecurityWeek.
Cisco fixes two high-severity denial-of-service vulnerabilities in Meraki devices and Enterprise Chat and Email.
The post Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks appeared first on SecurityWeek.
Google’s patches for Quick Share for Windows vulnerabilities leading to remote code execution were incomplete and could be easily bypassed.
The post Google Released Second Fix for Quick Share Flaws After Patch Bypass appeared first on SecurityWeek.
1touch.io launched the next-generation Enterprise Data Security Posture Management (DSPM) platform, a solution designed specifically for hybrid, multi-cloud, on-premises, and mainframe environments. By integrating continuous data discovery, ...
Corgea launches BLAST (Business Logic Application Testing), its AI-driven cybersecurity platform designed to address the risks associated with hidden code vulnerabilities, human error, and security flaws introduced by AI-assisted coding tools. ...
Bluefin announced the addition of network tokenization capabilities to its ShieldConex Tokenization as a Service and Orchestration platforms, enabling merchants to directly provision network-issued payment tokens from card brands such as Visa, ...
