Application Security

GitHub Announces General Availability of Security Campaigns

Application Security, GitHub, security campaigns, source code /

GitHub Announces General Availability of Security Campaigns 2025-04-10 at 14:21 By Eduard Kovacs GitHub security campaigns make it easier for developers and security teams to collaborate on fixing vulnerabilities in their applications. The post GitHub Announces General Availability of Security Campaigns appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source […]

React to this headline:

Loading spinner

GitHub Announces General Availability of Security Campaigns Read More »

Call Records of Millions Exposed by Verizon App Vulnerability

Application Security, call records, Featured, Mobile & Wireless, Verizon, vulnerability /

Call Records of Millions Exposed by Verizon App Vulnerability 2025-04-04 at 19:00 By Eduard Kovacs A patch has been released for a serious information disclosure vulnerability affecting a Verizon call filtering application. The post Call Records of Millions Exposed by Verizon App Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Call Records of Millions Exposed by Verizon App Vulnerability Read More »

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack

Application Security, GitHub actions, supply chain, Supply Chain Security /

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack 2025-04-04 at 12:49 By Ionut Arghire Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack. The post Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack Read More »

Only 2-5% of application security alerts require immediate action

Application Security, cybersecurity, Don't miss, News, Ox Security, report, survey, vulnerability management /

Only 2-5% of application security alerts require immediate action 2025-03-31 at 07:51 By Help Net Security The large volume of security alerts, many created by automated tools, is overwhelming security and development teams, according to the 2025 Application Security Benchmark report by Ox Security. The report is based on an analysis of over 101 million

React to this headline:

Loading spinner

Only 2-5% of application security alerts require immediate action Read More »

The rise of DAST 2.0 in 2025

Application Security, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, security testing, StackHawk /

The rise of DAST 2.0 in 2025 2025-03-18 at 18:02 By Help Net Security Static Application Security Testing (SAST) found favor among security teams as an easy way to deploy security testing without really engaging developers. With the ability to analyze source code early in the software delivery lifecycle, SAST solutions offered a more proactive

React to this headline:

Loading spinner

The rise of DAST 2.0 in 2025 Read More »

Google Releases Major Update for Open Source Vulnerability Scanner

Application Security, Google, open source, OSV-Scanner, scanner /

Google Releases Major Update for Open Source Vulnerability Scanner 2025-03-18 at 18:02 By Ionut Arghire Google has integrated OSV-SCALIBR features into OSV-Scanner, its free vulnerability scanner for open source developers. The post Google Releases Major Update for Open Source Vulnerability Scanner appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Google Releases Major Update for Open Source Vulnerability Scanner Read More »

Popular GitHub Action Targeted in Supply Chain Attack

Application Security, Featured, GitHub, GitHub actions, supply chain, Supply Chain Security /

Popular GitHub Action Targeted in Supply Chain Attack 2025-03-17 at 12:04 By Eduard Kovacs The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack. The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Popular GitHub Action Targeted in Supply Chain Attack Read More »

Sola Security Deposits Hefty $30M Seed Funding

Application Security, DevSecOps, Funding/M&A, nocode, seed funding, Sola Security /

Sola Security Deposits Hefty $30M Seed Funding 2025-03-11 at 14:08 By SecurityWeek News The financing was provided by S Capital and investor Mike Moritz, S32, Glilot Capital Partners, and several angel investors. The post Sola Security Deposits Hefty $30M Seed Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Sola Security Deposits Hefty $30M Seed Funding Read More »

OpenSSF Releases Security Baseline for Open Source Projects

Application Security, open source, OpenSSF, OSPS Baseline /

OpenSSF Releases Security Baseline for Open Source Projects 2025-02-26 at 13:45 By Eduard Kovacs The Open Source Security Foundation (OpenSSF) has created a structured set of security requirements for open source projects. The post OpenSSF Releases Security Baseline for Open Source Projects appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

OpenSSF Releases Security Baseline for Open Source Projects Read More »

MirrorTab Raises $8.5M Seed Round to Take on Browser-Based Attacks

Application Security, botnet, Enterprise Browser, Fraud Detection, Funding/M&A, MirrorTab, seed-stage /

MirrorTab Raises $8.5M Seed Round to Take on Browser-Based Attacks 2025-02-18 at 19:03 By Ryan Naraine San Francisco startup secures $8.5 million in seed funding led by Valley Capital Partners to tackle browser-based malware attacks. The post MirrorTab Raises $8.5M Seed Round to Take on Browser-Based Attacks appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

MirrorTab Raises $8.5M Seed Round to Take on Browser-Based Attacks Read More »

Semgrep Raises $100M for AI-Powered Code Security Platform

Application Security, Funding/M&A, Menlo Ventures, Opengrep, Semgrep /

Semgrep Raises $100M for AI-Powered Code Security Platform 2025-02-06 at 00:03 By SecurityWeek News San Francisco application security startup raises $100 million in a Series D funding round led by Menlo Ventures.  The post Semgrep Raises $100M for AI-Powered Code Security Platform appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Semgrep Raises $100M for AI-Powered Code Security Platform Read More »

How Agentic AI will be Weaponized for Social Engineering Attacks

agentic AI, Application Security, artificial inteligence, cybercrime /

How Agentic AI will be Weaponized for Social Engineering Attacks 2025-02-05 at 18:30 By Stu Sjouwerman With each passing year, social engineering attacks are becoming bigger and bolder thanks to rapid advancements in artificial intelligence. The post How Agentic AI will be Weaponized for Social Engineering Attacks appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

How Agentic AI will be Weaponized for Social Engineering Attacks Read More »

Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms

abandoned domains, Application Security, AWS, WatchTowr /

Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms 2025-02-05 at 14:50 By Eduard Kovacs 150 abandoned Amazon S3 buckets could have been leveraged to deliver malware or backdoors to governments and Fortune companies. The post Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms Read More »

Oligo Raises $50M to Tackle Application Detection and Response

Application Security, appsec, Funding/M&A, Greenfield Partners, Israel, Oligo, Series B /

Oligo Raises $50M to Tackle Application Detection and Response 2025-01-29 at 17:35 By Ionut Arghire Oligo Security has raised $50 million in Series B funding for its application detection and response (ADR) platform. The post Oligo Raises $50M to Tackle Application Detection and Response appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Oligo Raises $50M to Tackle Application Detection and Response Read More »

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST

Application Security, open source, Opengrep, Supply Chain Security /

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST 2025-01-27 at 17:20 By Kevin Townsend Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool. The post Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST Read More »

CISOs don’t invest enough in code security

Application Security, code, cybersecurity, Cycode, generative AI, News, report, survey /

CISOs don’t invest enough in code security 2025-01-02 at 06:34 By Help Net Security 72% of security leaders agree that the age of AI necessitates a complete reset of how organizations approach application security, according to Cycode. This urgency is reinforced by the fact that 93 billion lines of code were generated in the past

React to this headline:

Loading spinner

CISOs don’t invest enough in code security Read More »

Tackling software vulnerabilities with smarter developer strategies

Application Security, code, cybersecurity, Don't miss, Endor Labs, Features, Hot stuff, News, opinion, software, web application security /

Tackling software vulnerabilities with smarter developer strategies 2024-12-13 at 07:03 By Mirko Zorz In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers how developers can address vulnerabilities in complex systems, ways organizations can better support secure coding practices, and the role of languages

React to this headline:

Loading spinner

Tackling software vulnerabilities with smarter developer strategies Read More »

Choosing the right secure messaging app for your organization

Application Security, Artificial Intelligence, attacks, automation, cybersecurity, Don't miss, Encryption, Features, Hot stuff, messaging, News, opinion, Rakuten Viber /

Choosing the right secure messaging app for your organization 2024-11-27 at 07:18 By Mirko Zorz In this Help Net Security interview, Liad Shnell, CTO at Rakuten Viber, discusses what organizations should look for in secure messaging apps, including encryption, privacy standards, and ease of integration. Shnell also covers the need for a multi-layered approach to

React to this headline:

Loading spinner

Choosing the right secure messaging app for your organization Read More »

Microsoft announces new and improved Windows 11 security features

Application Security, Data Protection, Don't miss, Hot stuff, Microsoft, News, privileged accounts, Windows /

Microsoft announces new and improved Windows 11 security features 2024-11-19 at 21:04 By Zeljka Zorz Microsoft has implemented some and is working on delivering several other security-related features and improvements for Windows 11. Administrator protection will allow users to make system changes on their PCs without having administrator rights (that can be abused by attackers

React to this headline:

Loading spinner

Microsoft announces new and improved Windows 11 security features Read More »

Transforming code scanning and threat detection with GenAI

Application Security, Artificial Intelligence, code, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Qwiet AI, scanning /

Transforming code scanning and threat detection with GenAI 2024-11-18 at 07:33 By Mirko Zorz In this Help Net Security interview, Stuart McClure, CEO of Qwiet AI, discusses the evolution of code scanning practices, highlighting the shift from reactive fixes to proactive risk management. McClure also shares his perspective on the future of AI-driven code scanning,

React to this headline:

Loading spinner

Transforming code scanning and threat detection with GenAI Read More »

Scroll to Top