Application Security News and Articles
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
Permalink
The post Randall Munroe’s XKCD ‘Thread Meeting’ appeared first on Security Boulevard.
An analysis of Tenable telemetry data shows that the vulnerabilities being exploited by Chinese state-sponsored actors remain unremediated on a considerable number of devices, posing major risk to the organizations that have yet to successfully ...
3 min readThis malicious campaign demonstrates how long-lived token theft can become the first step in a much broader breach.
The post When Salesforce Becomes a De Facto Credential Repository: Lessons from the Drift OAuth Breach appeared first on ...
Explore the top automated pentesting tools of 2025. Learn how modern platforms detect business logic flaws, deliver true positives, and scale continuous security testing, so security teams can replace manual pentests with faster, more accurate ...
FireMon Insights가 알려주는 방화벽 정책의 위험과 해결책 방화벽 관리는 네트워크 보안의 숨은 영웅이자 때로는 골칫거리입니다. 방화벽은 네트워크 보안의 최전선 역할을 하지만, 방화벽 ...
Creators, Authors and Presenters: Ankur Tyagi, Mayuresh Dani
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the ...
Noteworthy stories that might have slipped under the radar: communications of dozens of Iranian ships disrupted, only apps from verified developers will run on Android devices, and AI used across multiple phases of malicious attacks.
The post In ...
Authorities say VerifTools sold fake driver’s licenses and passports worldwide, enabling fraudsters to bypass KYC checks and access online accounts.
The post VerifTools Fake ID Operation Dismantled by Law Enforcement appeared first on SecurityWeek.
Introducing the Data Vending Machine, schema caching in Structural, strengthened synthesis in Textual, + Object and Array generators in Fabricate!
The post Tonic.ai product updates: August 2025 appeared first on Security Boulevard.
One Unexpected SOC 2 Challenge: Overcoming Cultural Resistance to Security-First Thinking When companies start their SOC 2 journey, most expect the technical checklist: configure access controls, deploy logging, and gather evidence. But what ...
Google says the same OAuth token compromise that enabled Salesforce data theft also let hackers access a small number of Workspace accounts via the Salesloft Drift integration.
The post Google Confirms Workspace Accounts Also Hit in ...
The credit reporting firm did not name the third-party application involved in the incident, only noting that it was used for its US consumer support operations.
The post TransUnion Data Breach Impacts 4.4 Million appeared first on SecurityWeek.
State officials confirm ransomware forced office closures, disrupted services, and led to data theft, as Nevada works with CISA and law enforcement to restore critical systems.
The post Nevada Confirms Ransomware Attack Behind Statewide Service ...
US Treasury sanctions Russian and Chinese entities tied to North Korea’s use of fake IT workers, who exploited stolen identities, AI, and malware to funnel millions back to Pyongyang.
The post US Sanctions Russian National, Chinese Firm Aiding ...
Storm-0501 has been leveraging cloud-native capabilities for data exfiltration and deletion, without deploying file-encrypting malware.
The post Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks appeared ...
Back in Part 1, we walked through how attackers are using Microsoft 365’s Direct Send feature to spoof internal emails, making those messages look like they’re coming from a trusted domain.
The post Microsoft and IRONSCALES Crack Down on the ...
A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply ...
This lab highlights how sensitive paths hidden in source code can lead directly to admin functionality — and without proper access control…Continue reading on System Weakness »
This lab highlights how sensitive paths hidden in source code can lead directly to admin functionality — and without proper access control…Continue reading on Medium »
Halo Security announced platform enhancements designed to give security teams flexibility and control within the platform. The new features include custom dashboards, configurable reports, and improved automation capabilities that give ...
