Application Security News and Articles
In this series, we examined the vital connection between AI and APIs, highlighting what makes a leader in the API security market through the 2025 KuppingerCole Leadership Compass. Now, we turn to the core strategy of true API security: the ...
Known for her seminal book, A Hacker Manifesto, Wark reframes hacking as a cultural force rooted in play, creativity, and human nature.
The post Hacker Conversations: McKenzie Wark, Author of A Hacker Manifesto appeared first on SecurityWeek.
Credential Integrity Must Be Ongoing Trust used to be something you gave once. A user would log in, pass a password check or multi-factor prompt, and from that point forward, they were considered safe. Unfortunately, that assumption no longer ...
Attack disrupted email, phones, and websites for weeks, but officials say no ransom was paid.
The post Pennsylvania Attorney General Confirms Ransomware Behind Weeks-Long Outage appeared first on SecurityWeek.
Really good research on practical attacks against LLM agents.
“Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous”
Abstract: The growing integration of LLMs into ...
Remote work fuels Shadow IT risks. Learn how to manage USBs and portable storage with encryption, EDR, and policies that balance security with usability.
The post How Strong Device Policies Can Help Solve Your Shadow IT Problem appeared first on ...
British automobile manufacturer Jaguar Land Rover (JLR) is scrambling to restore applications and operations that were impacted by a cyberattack. In a brief notice on Tuesday, the company said it disconnected its systems, which severely impacted ...
Hackers accessed customer contact information and case data from Salesforce instances at Cloudflare, Palo Alto Networks, and Zscaler.
The post Security Firms Hit by Salesforce–Salesloft Drift Breach appeared first on SecurityWeek.
A recent TechRadar Pro article warns of a dramatic rise in deepfake-enabled scams targeting executive leadership—and the numbers are hard to ignore. Over half of cybersecurity professionals surveyed (51%) say their organization has already been ...
In the digital era, data is one of the most valuable assets an organization owns. Customer records, financial transactions, intellectual property, and operational data all power business growth. However, this also makes data a prime target for ...
As artificial intelligence becomes more accessible, a new wave of cybersecurity risk is rising from within: insider threats enhanced by generative AI. According to a recent TechRadar report, security professionals are now more concerned about ...
We are often asked by the business leaders and executives we speak to “will penetration testing disrupt our business operations?”. We frequently hear concerns about downtime, impact to customer services, or unexpected changes to data. These ...
CAPTCHAs are everywhere, and almost universally hated. Whether it's deciphering blurry text or clicking every fire hydrant in a grid, users are routinely interrupted by challenges that are hard to solve and even harder to justify. For most ...
Learn about the Minimum Viable Secure Product (MVSP) approach for Enterprise SSO and CIAM. Balance rapid deployment with essential security for your initial product release.
The post Understanding the Minimum Viable Secure Product appeared first ...
Discover how to effectively manage users in passwordless environments without relying on tokens. Learn about device authentication, biometrics, and risk-based access control.
The post Handling Users without Tokens in Passwordless Environments ...
BruteForceAI is a penetration testing tool that uses LLMs to improve the way brute-force attacks are carried out. Instead of relying on manual setup, the tool can analyze HTML content, detect login form selectors, and prepare the attack process ...
As August 2025 comes to a close, we’re back with the latest roundup of newly released AWS privileged permissions, and once again the scope of cloud security boundaries continues to expand. This month, AWS introduced impactful updates across ...
Many people might not think that playing video games could help build a career in cybersecurity. Yet the skills gained through gaming, even if they don’t seem relevant at first, can be useful in the field. An overlooked pool of skills worth ...
In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats – it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. ...
In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development lifecycle (SDLC) from the very start. He outlines five proactive principles, ...
