Application Security News and Articles
Creator, Author and Presenter: Clint Gibler
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s ...
42% of developer time goes to fixing tech debt instead of building features. Knight Capital lost $460M in one day due to unaddressed code issues. Here's why smart companies fix P0/P1 problems first, and the framework that helped me scale startups ...
Zero Trust isn’t just a strategy. It’s a survival skill. “Never trust, always verify” sounds simple enough, but most organizations discover that applying it to sprawling hybrid networks is anything...
The post How to Embrace Zero Trust ...
IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in ...
PromptLock is only a prototype of LLM-orchestrated ransomware, but hackers already use AI in file encryption and extortion attacks.
The post PromptLock Only PoC, but AI-Powered Ransomware Is Real appeared first on SecurityWeek.
SentinelOne has announced its intent to acquire Observo AI. The deal will serve as an immediate complement and catalyst to SentinelOne’s AI SIEM and data offerings, which are already amongst the company’s fastest growing solutions, delivering ...
A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them.
The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek.
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we look back on the guidance and best practices shared in the ...
The list of impacted cybersecurity firms has been expanded to include BeyondTrust, Bugcrowd, CyberArk, Cato Networks, JFrog, and Rubrik.
The post Salesloft GitHub Account Compromised Months Before Salesforce Attack appeared first on SecurityWeek.
Learn how to secure grants for technology and data security projects by aligning mission impact, funder priorities, and building strong project plans.
The post How to Secure Grants for Technology and Data Security Projects appeared first on ...
The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that ...
Just a few months after Elon Musk’s retreat from his unofficial role leading the Department of Government Efficiency (DOGE), we have a clearer picture of his vision of government powered by artificial intelligence, and it has a lot more to do ...
The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack.
The post Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack appeared first on SecurityWeek.
Beyond ransomware and phishing, hidden cyberthreats are rising — from AI-driven deepfakes and scams to shadow IT, and supply chain attacks.
The post The Cyberthreats No One Talks About but Everyone Faces appeared first on Security Boulevard.
Articles related to cyber risk quantification, cyber risk management, and cyber resilience.
The post Reports Hub Shapes Cyber Risk Insights for Leaders | Kovrr appeared first on Security Boulevard.
Canadian firm Wealthsimple says a data breach impacts the information of some customers, but accounts and funds remain secure.
The post Fintech Firm Wealthsimple Says Supply Chain Attack Resulted in Data Breach appeared first on SecurityWeek.
Significant cybersecurity M&A deals announced by Accenture, CrowdStrike, F5, Okta, and SentinelOne.
The post Cybersecurity M&A Roundup: 27 Deals Announced in August 2025 appeared first on SecurityWeek.
The Linux Kernel Runtime Guard (LKRG) is a kernel module that checks the Linux kernel while it’s running. It looks for signs of tampering and tries to catch attempts to exploit security flaws in the kernel. Because it’s a module and not a ...
Top cybersecurity conferences are introducing new rules that require researchers to formally address ethics in their work. Starting with the 2026 USENIX Security Symposium, all submissions must include a stakeholder-based ethics analysis. Other ...
InterceptSuite is an open-source, cross-platform network traffic interception tool designed for TLS/SSL inspection, analysis, and manipulation at the network level. “InterceptSuite is designed primarily for non-HTTP protocols, although it ...
