Application Security News and Articles
Other noteworthy stories that might have slipped under the radar: Co-op lost £206 million due to cyberattack, South Korean credit card company hacked, Maryland Transit Administration ransomware attack.
The post In Other News: LockBit 5.0, ...
We’re excited to share that IRONSCALES has been recognized in Expert Insights’ Cybersecurity Excellence Awards – Fall 2025, earning honors in two key categories: Email Security and Security Awareness Training.
The post IRONSCALES Recognized ...
Creators, Authors and Presenters: Cat Easdon, Dynatrace Research; Patrick Berchtold, Dynatrace
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel. ...
The case caught my eye with the headline in the Oregon Live trumpeting: "Mail theft suspect in Portland made daring 13th-floor balcony escape, later arrested" and saying that the suspect's apartment contained ONE HUNDRED SEVENTY POSTAL KEYS! ...
CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation ...
Sectigo has successfully completed the largest migration of public certificate infrastructure in history, transitioning over half a million SSL/TLS, S/MIME, and code signing certificates from Entrust to Sectigo Certificate Manager. This milestone ...
The operation took place in July and August and focused on scams in which perpetrators build online romantic relationships to extract money from targets or blackmail them with explicit images, Interpol said.
The post Interpol Says 260 Suspects in ...
CISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack — patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ...
Salesforce is facing a possible class action lawsuit from almost two dozen plaintiffs who say the SaaS giant should have had better security around its platform, even though a spate of high-profile data-stealing attacks on third-party partners ...
Microsoft has disabled services to a unit within the Israeli military after a company review had determined its AI and cloud computing products were being used to help carry out mass surveillance of Palestinians.
The post Microsoft Reduces ...
North Korean threat actors pose as recruiters to steal developers’ identities and supply them to fraudulent IT workers.
The post North Korea’s Fake Recruiters Feed Stolen Data to IT Workers appeared first on SecurityWeek.
A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been revealed by the US, UK, Canadian and Australian cybersecurity agencies. The suspected state-sponsored threat ...
Cognex is advising customers to transition to newer versions of its machine vision products.
The post No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking appeared first on SecurityWeek.
Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media ...
The malware now uses a four-stage infection chain, has an additional persistence mechanism, and also targets Firefox browser data.
The post New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions appeared first on SecurityWeek.
Eight days before patches, a threat actor exploited CVE-2025-10035 as a zero-day to create a backdoor admin account.
The post Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
Alan examines why the software supply chain has become the new perimeter in cloud-native security. From SBOMs to SLSA and Sigstore, discover how leaders can defend against attacks that target dependencies, pipelines and trusted updates.
The post ...
Trackforce has launched ReportPro AI within its TrackTik platform, an enhancement to incident reporting designed for guards, supervisors, and compliance teams. By combining real-time language support, instant executive summaries, and transparent ...
8×8 has launched 8×8 Omni Shield Self-Service, a no-code SMS fraud protection tool that helps businesses to detect, monitor, and block threats like Artificially Inflated Traffic (AIT) in real time. Built directly into 8×8 Connect, ...
Discover the most effective privacy tools for protecting your digital life in 2024. From encrypted messaging apps to secure password managers, learn which tools
The post Top 5 Essential Privacy Tools for 2024: Stay Safe Online appeared first on ...
