Application Security News and Articles
Anchore Enterprise 5.23 adds CycloneDX VEX and VDR support, completing our vulnerability communication capabilities for software publishers who need to share accurate vulnerability context with customers. With OpenVEX support shipped in 5.22 and ...
Learn how Nevada refused to pay ransom after a 2025 cyberattack, restoring systems in 28 days—and what this reveals about ransomware readiness and policy.
The post Doubling Down in Vegas: The High-Stakes Question of Whether to Pay appeared ...
Turn your editor into a quiet, relentless security reviewer.Continue reading on Medium »
Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware infection. Push Security has spotted one of these pages, showing an ...
As businesses grapple with the security challenges of protecting their data in the cloud, several security strategies have emerged to safeguard digital assets and ensure compliance. One such security strategy is called zero-trust ...
Google’s acquisition of Wiz is expected to close in 2026, but there are other reviews that need to be cleared.
The post DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz appeared first on SecurityWeek.
The Congressional Budget Office confirmed it had been hacked, potentially disclosing important government data to malicious actors.
The post The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures appeared ...
Smart buildings face rising IoT cyber threats. Learn how simulations, AI, and red or purple teaming can strengthen defenses and improve incident response.
The post Simulating Cyberattacks to Strengthen Defenses for Smart Buildings appeared ...
An out-of-bounds write flaw in WebGPU tracked as CVE-2025-12725 could be exploited for remote code execution.
The post Chrome 142 Update Patches High-Severity Flaws appeared first on SecurityWeek.
Multiple state-sponsored Russian groups are targeting Ukrainian entities and European countries linked to Ukraine.
The post Destructive Russian Cyberattacks on Ukraine Expand to Grain Sector appeared first on SecurityWeek.
What is Domain Hijacking? Domain hijacking, also referred to as domain theft, refers to the act where the registrant of a domain name has their domain name taken over without their permission. This happens when a hacker somehow gets into the ...
Between 2016 and 2021, the suspects defrauded 4.3 million cardholders in 193 countries of €300 million (~$346 million).
The post 18 Arrested in Crackdown on Credit Card Fraud Rings appeared first on SecurityWeek.
WHAT IS SSL STRIPPING? SSL stripping is an attack in which an unauthorized party downgrades the connection security from HTTPS to HTTP. It takes advantage of weak spots in the process of migrating people from HTTP and HTTPS to HTTPs, allowing the ...
Increase by 61%! Yes, nearly 2/3rd of organizations experienced a cloud security incident in 2025, a significant increase compared to 2024. 85% of organizations now identify security as the biggest challenge in cloud computing. These facts ...
Tufin announced Tufin Orchestration Suite (TOS) R25-2. The R25-2 release delivers expanded visibility, automation, and stronger security controls, enabling organizations to strengthen their security posture while simplifying operations across ...
October 2025 Patch Tuesday was one for the record books in so many ways. There was a big push by Microsoft to fix as many open vulnerabilities as possible in products that were reaching end-of-life (EOL). This included 116 CVEs addressed in ...
Postman announced several updates bringing key enterprise features to its platform, so customers can build AI-ready APIs that meet the most critical enterprise specifications. As software increasingly shifts from applications to AI agents, the ...
In this Help Net Security interview, Rik Mistry, Managing Partner at Interval Group, discusses how to align IT strategy with business goals. He explains how security, governance, and orchestration shape IT operations and why early collaboration ...
When employees stop falling for phishing emails, it is rarely luck. A new study shows that steady, mandatory phishing training can cut risky behavior over time. After one year of continuous simulations and follow-up lessons, employees were half ...
Businesses are increasingly being pulled into lawsuits over how they collect and share user data online. What was once the domain of large tech firms is now a widespread legal risk for companies of all sizes. The latest analysis from cyber ...
