Application Security News and Articles
A comprehensive guide for developers on implementing passwordless authentication. Explore various methods, improve security, and enhance user experience. Learn to kill the password!
The post Kill the Password: A Developer’s Guide to ...
AI infrastructure is expensive, complex, and often caught between competing priorities. On one side, security teams want strong isolation and boundaries. On the other, engineers push for performance, density, and cost savings. With GPUs in short ...
Recently, Forrester released the 2025 “The Cloud Native Application Protection Solutions Landscape” report. NSFOCUS Cloud Native Application Protection Solution (hereinafter referred to as “NSFOCUS CNAPP”) has been selected among ...
A report from intelligence agencies in the U.S., UK, and elsewhere outlined how three Chinese tech firms are supply China's intelligence services with products and services that are being used in global campaigns by the state-sponsored APT group ...
Maritime transport, the backbone of global trade, is adapting to shifting economic, political, and technological conditions. Advances in technology have improved efficiency, bringing innovations such as remote cargo monitoring, advanced energy ...
When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They were manually tracking blogs, RSS feeds, and social media channels, but it took too long to ...
AI has moved to the top of the CISO agenda. Three in five CISOs see generative AI as a security risk, with many worried about sensitive data leaking through public tools. At the same time, most organizations are not blocking AI outright. Instead, ...
Why is Secrets Management a Strategic Imperative? Why are global businesses increasingly focusing on secrets management? Intricate digital and growing cyber threats have led to an urgent need for better security protocols. And secrets management ...
The process of de-identifying test databases can be approached in a variety of ways, and we’re often asked how our approach differs as compared to others. In this article, we’ll explore how our approach differs from that of “Data Product ...
Creators, Authors and Presenters: Rohit Bansal, Zach Pritchard
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the ...
GPT-5’s arrival on the scene adds an important new dimension to the landscape, so we have updated our analysis to include it.
The post The Coding Personalities of Leading LLMs—GPT-5 update appeared first on Security Boulevard.
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Warlock ransomware, which emerged in June 2025. Beginning in July, Warlock operators have primarily targeted internet-exposed, unpatched on-premises Microsoft ...
Our research uncovered multiple critical vulnerabilities in Base44, an AI-powered platform that lets you turn any idea into a fully functional custom app. These flaws ranged from an open redirect that leaked access tokens, to stored cross-site ...
Summary
“The Defenders Log” Episode 1 features host David Redekop and guest Chet Wisniewski discussing the dynamic world of cybersecurity. Wisniewski, with decades of experience, traces his journey from early BBS and phone network exploration ...
DigiCert revealed today that over the last month it has thwarted two separate distributed denial of service (DDoS) attacks that peaked at more than 2.4 and 3.7 terabits per second (Tbps). Carlos Morales, senior vice president and general manager ...
via the cosmic humor & dry-as-the-desert wit of Randall Munroe, creator of XKCD
Permalink
The post Randall Munroe’s XKCD ‘Where Babies Come From’ appeared first on Security Boulevard.
AI-powered phishing attacks leverage ConnectWise ScreenConnect for remote access, underscoring their sophistication.
The post Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect appeared first on SecurityWeek.
Google says the hackers systematically exported corporate data, focusing on secrets such as AWS and Snowflake keys.
The post Hundreds of Salesforce Customers Hit by Widespread Data Theft Campaign appeared first on SecurityWeek.
On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the exfiltrated credentials and reconstructed a fuller ...
Google researchers say China-linked UNC6384 combined social engineering, signed malware, and adversary-in-the-middle attacks to evade detection.
The post China-Linked Hackers Hijack Web Traffic to Deliver Backdoor appeared first on SecurityWeek.
