Application Security News and Articles
SESSION
Session 2B: Web Security
Authors, Creators & Presenters: Maria Hellenthal (CISPA Helmholtz Center for Information Security), Lena Gotsche (CISPA Helmholtz Center for Information Security), Rafael Mrowczynski (CISPA Helmholtz Center ...
Tenable researchers discovered seven vulnerabilities, including ones affecting the latest GPT model.
The post Researchers Hack ChatGPT Memories and Web Search Features appeared first on SecurityWeek.
Your data tells a story — if you know how to connect the dots. Every organization holds thousands of identity touchpoints: employee credentials, customer accounts, vendor portals, cloud logins. Each one is a potential doorway for attackers. But ...
A few years ago, Puppeteer stealth was one of the most popular tools in the automation and scraping ecosystem. Built as a plugin system on top of Puppeteer, it made automated browsers harder to detect by patching obvious fingerprinting artifacts. ...
Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass authentication, compromise vulnerable installations, and elevate privileges to ...
A visual, developer-friendly explainer on how SCIM brings automated lifecycle management to AI agents and agentic applications—onboarding, access sync, auditing, and deprovisioning.
The post How SCIM Helps Automate User Provisioning for AI ...
4 min readRenee Guttmann has led security at some of the world’s most recognized brands, including Coca-Cola, Royal Caribbean, Time Warner, and Campbell Soup Company. Over a career that spans multiple decades, she’s built and rebuilt ...
Ping Identity announced “Identity for AI,” a new solution designed to secure the world of AI agents. As organizations embrace agentic AI to boost productivity and commerce, Ping Identity is redefining how enterprises enable this new ...
The investment will fuel the development of Truffle’s enterprise-grade secrets detection, verification, and remediation platform.
The post Truffle Security Raises $25 Million for Secret Scanning Engine appeared first on SecurityWeek.
Team Cymru announced RADAR, a new real-time discovery module designed to give threat analysts visibility into all internet-facing infrastructure, whether known or unknown, without waiting on asset inventories, third-party scans, or ...
Incident responders from Mandiant have wrapped up their investigation into the SonicWall cloud backup service hack, and the verdict is in: the culprit is a state-sponsored threat actor (though the specific nation wasn’t disclosed). “[The ...
AI is the New Insider Threat: Rethinking Enterprise Security in the Digital Age
madhav
Thu, 11/06/2025 - 13:02
Artificial intelligence (AI) is no longer just a passive tool. It’s an active insider interpreting data, executing workflows, ...
Agentic AI speeds operations, but requires clear goals, least privilege, auditability, red‑teaming, and human oversight to manage opacity, misalignment, and misuse.
The post Follow Pragmatic Interventions to Keep Agentic AI in Check appeared ...
The post Stop Checking The Box and Switch Your SAT Perspective appeared first on Security Boulevard.
Prowler launched Prowler Lighthouse AI, an intelligent security assistant and MCP Server, that brings autonomous AI directly into DevSecOps workflows. Available immediately, Prowler’s AI innovations combine agentic reasoning with automation ...
Hackers drained more cryptocurrency from Balancer by exploiting a rounding function and performing batch swaps.
The post DeFi Protocol Balancer Starts Recovering Funds Stolen in $128 Million Heist appeared first on SecurityWeek.
The Department of Justice has indicted thirty-one people over the high-tech rigging of high-stakes poker games.
In a typical legitimate poker game, a dealer uses a shuffling machine to shuffle the cards randomly before dealing them to all the ...
The ransomware attack discovered in August occurred as early as May when a state employee mistakenly downloaded malicious software.
The post Nevada Ransomware Attack Started Months Before It Was Discovered, Per Report appeared first on SecurityWeek.
Automated pentesting is now one of the most hyped topics in cybersecurity, with AI systems promising to replace human hackers. But how much is real, and how much is marketing hype?
This webinar provides a practical guide to automating offensive ...
MojoAuth experienced a temporary service disruption on October 21, 2025, caused by an AWS regional outage. This post-incident report outlines the timeline, root cause, mitigation steps, and permanent improvements we’ve implemented to enhance ...
