Application Security News and Articles
The Iranian-linked Nimbus Manticore, which has run fraudulent job recruiting campaigns primarily in the Middle East, is targeting Western Europe in a new operation that includes using an enhanced backdoor called MiniJunk and sophisticated ...
Creators, Authors and Presenters: Jan Berens, Marcell Szakaly
Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at ...
Applications are prime targets for attackers, and breaches often start with a single vulnerability. Application penetration testing identifies, validates, and helps remediate these weaknesses before they are exploited. Modern PTaaS integrates ...
Using an AI chatbot for customer service? Make sure chatbots and RAG systems protect sensitive information. Learn how to achieve data compliance here.
The post Ensuring data compliance in AI chatbots & RAG systems appeared first on Security ...
In the modern digital world, open source is no longer an optional convenience, it is the bedrock of most software development. A fact still unknown in C-Suites around the world. From DevSecOps pipelines to evolving MLSecOps and full-scale ...
Boyd Gaming has informed the SEC about a data breach affecting the information of employees and other individuals.
The post Hackers Target Casino Operator Boyd Gaming appeared first on SecurityWeek.
In the past few years, the security industry has seen several reports on massive password leaks. The number of exposed credentials in these leaks is staggering: 10 billion, 26 billion, and sometimes even more. The suggestion is clear: a massive ...
SolarWinds has fixed yet another unauthenticated remote code execution vulnerability (CVE-2025-26399) in Web Help Desk (WHD), its popular web-based IT ticketing and asset management solution. While the vulnerability is currently not being ...
When Resultly’s bots started scraping QVC’s website, the retail giant felt the pain immediately. Server crashes, website downtime, angry customers—and an estimated $2 million worth in lost sales, according to QVC’s internal estimates.1 ...
Teleport released AI Session Summaries, a new capability in Teleport Identity Security that enables customers to summarize insights from thousands of hours of session recordings in minutes. Teleport generates session recordings of SSH, ...
The hackers remained undetected for three weeks, deploying China Chopper, remote access scripts, and reconnaissance tools.
The post GeoServer Flaw Exploited in US Federal Agency Hack appeared first on SecurityWeek.
Cybersecurity researchers believe the attack on Collins Aerospace involved a piece of ransomware known as HardBit.
The post European Airport Cyberattack Linked to Obscure Ransomware, Suspect Arrested appeared first on SecurityWeek.
Suspected state-sponsored attackers have exploited a zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway (ESG), the Italian email security company has confirmed. About CVE-2025-59689 CVE-2025-59689 is a command ...
This is a weird story:
The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City.
The agency said on Tuesday that ...
GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing.
The post GitHub Boosting Security in Response to NPM Supply Chain Attacks appeared first on SecurityWeek.
Learn why seamless security and trust by design are vital for digital platforms, driving growth, user loyalty, and long-term success online.
The post Trust by Design: Why Seamless Security Defines the Future of Digital Platforms appeared first on ...
A cross-border cryptocurrency scam has left investors across Europe with losses of more than €100 million. Authorities in several countries worked together to shut down the operation and arrest those behind it. How the scheme worked The ...
Discover how fintech powers scalable digital enterprises with APIs, AI, inclusion, and compliance while driving growth and financial innovation.
The post The Role of Fintech in Powering Scalable Digital Enterprises appeared first on Security ...
Every business relies heavily on email — for internal communication, external correspondence, customer outreach, and managing accounts. But what happens if that critical tool is compromised? When an email account falls into the wrong hands, the ...
Gh0stKCP is a command-and-control (C2) transport protocol based on KCP. It has been used by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted ...
