Application Security

Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks 

Application Security, Vulnerabilities, vulnerability /

Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks  2024-07-02 at 16:31 By Ionut Arghire EVA Information Security has shared details on three CocoaPods vulnerabilities impacting millions of macOS and iOS applications. The post Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks  appeared first on SecurityWeek. This article […]

React to this headline:

Loading spinner

Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks  Read More »

PortSwigger Scores Hefty $112 Million Investment

Application Security, Brighton Park, Burp Suite, Funding/M&A, penetration testing, PortSwigger /

PortSwigger Scores Hefty $112 Million Investment 2024-07-01 at 21:46 By SecurityWeek News The British company behind the popular Burp Suite pen-test utilities has banked a massive $112 million investment from Brighton Park Capital. The post PortSwigger Scores Hefty $112 Million Investment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

PortSwigger Scores Hefty $112 Million Investment Read More »

US, Allies Warn of Memory Unsafety Risks in Open Source Software

Application Security, CISA, guidance, open source, source code /

US, Allies Warn of Memory Unsafety Risks in Open Source Software 2024-06-27 at 17:01 By Ionut Arghire Most critical open source software contains code written in a memory unsafe language, US, Australian, and Canadian government agencies warn. The post US, Allies Warn of Memory Unsafety Risks in Open Source Software appeared first on SecurityWeek. This

React to this headline:

Loading spinner

US, Allies Warn of Memory Unsafety Risks in Open Source Software Read More »

‘Phantom’ Source Code Secrets Haunt Major Organizations

Application Security, Data leak, source code /

‘Phantom’ Source Code Secrets Haunt Major Organizations 2024-06-27 at 13:01 By Ionut Arghire Aqua Security shows that code in repositories remains accessible even after being deleted or overwritten, continuing to leak secrets. The post ‘Phantom’ Source Code Secrets Haunt Major Organizations appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

‘Phantom’ Source Code Secrets Haunt Major Organizations Read More »

Low code, high stakes: Addressing SQL injection

Application Security, attacks, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, human error, News, Nokod Security, opinion, software development, SQL injection /

Low code, high stakes: Addressing SQL injection 2024-06-17 at 08:01 By Help Net Security Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source of web application vulnerabilities. Reasons include human error, new technologies

React to this headline:

Loading spinner

Low code, high stakes: Addressing SQL injection Read More »

59% of public sector apps carry long-standing security flaws

Application Security, cybersecurity, News, report, survey, Veracode /

59% of public sector apps carry long-standing security flaws 2024-05-30 at 07:07 By Help Net Security Applications developed by public sector organizations have more security debt than those created by the private sector, according to Veracode. Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 59%

React to this headline:

Loading spinner

59% of public sector apps carry long-standing security flaws Read More »

Critical Flaw in AI Python Package Can Lead to System and Data Compromise

AI, Application Security, Artificial Intelligence, vulnerability /

Critical Flaw in AI Python Package Can Lead to System and Data Compromise 2024-05-17 at 17:01 By Eduard Kovacs A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers. The post Critical Flaw in AI Python Package Can Lead to System and Data Compromise appeared first on

React to this headline:

Loading spinner

Critical Flaw in AI Python Package Can Lead to System and Data Compromise Read More »

Security tools fail to translate risks for executives

Application Security, Artificial Intelligence, CISO, cybersecurity, Dynatrace, News, Next DLP, report, survey /

Security tools fail to translate risks for executives 2024-05-08 at 08:01 By Help Net Security Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace. The results indicate that CISOs encounter challenges in aligning security teams with the C-suite, resulting in organizational gaps in understanding cyber risk.

React to this headline:

Loading spinner

Security tools fail to translate risks for executives Read More »

Adobe Adds Content Credentials and Firefly to Bug Bounty Program

Adobe, Adobe Firefly, Application Security, bug bounty program, Patch Tuesday, Vulnerabilities /

Adobe Adds Content Credentials and Firefly to Bug Bounty Program 2024-05-01 at 18:33 By Ionut Arghire Adobe is providing incentives for bug bounty hackers to report security flaws in its implementation of Content Credentials and Adobe Firefly. The post Adobe Adds Content Credentials and Firefly to Bug Bounty Program appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Adobe Adds Content Credentials and Firefly to Bug Bounty Program Read More »

A closer look at Apiiro’s SHINE partner program

API security, Apiiro, Application Security, cybersecurity, Don't miss, Hot stuff, Risk Management, Video /

A closer look at Apiiro’s SHINE partner program 2024-05-01 at 16:46 By Help Net Security In this Help Net Security video, Adam LaGreca, Founder of 10KMedia, sat down with John Leon, VP of Partnerships at Apiiro, discusses the company’s new technology partner program SHINE. The name stands for the program’s guiding principles – Seamless, Holistic,

React to this headline:

Loading spinner

A closer look at Apiiro’s SHINE partner program Read More »

SAP Applications Increasingly in Attacker Crosshairs, Report Shows

Application Security, CISA KEV, Flashpoint, Onapsis, SAP, Vulnerabilities /

SAP Applications Increasingly in Attacker Crosshairs, Report Shows 2024-04-18 at 19:46 By Ionut Arghire Malicious hackers are targeting SAP applications at an alarming pace, according to warnings from Onapsis and Flashpoint. The post SAP Applications Increasingly in Attacker Crosshairs, Report Shows appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

SAP Applications Increasingly in Attacker Crosshairs, Report Shows Read More »

Miggo Security Gets $7.5 Million Seed Funding to Build ADR Technology

Application Security, Funding/M&A, Miggo Security, seed-stage, YL Ventures /

Miggo Security Gets $7.5 Million Seed Funding to Build ADR Technology 2024-04-17 at 18:31 By Kevin Townsend YL Ventures leads an early stage funding round for Miggo Security, a Tel Aviv startup working on application detection and response technology. The post Miggo Security Gets $7.5 Million Seed Funding to Build ADR Technology appeared first on

React to this headline:

Loading spinner

Miggo Security Gets $7.5 Million Seed Funding to Build ADR Technology Read More »

NightVision Raises $5.4 Million for Application Security Testing

Application Security, DAST, Funding/M&A, NightVision, seed-stage /

NightVision Raises $5.4 Million for Application Security Testing 2024-04-15 at 18:16 By Ionut Arghire NightVision, an early stage startup in the application security testing space, has raised $5.4 million in seed funding. The post NightVision Raises $5.4 Million for Application Security Testing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

NightVision Raises $5.4 Million for Application Security Testing Read More »

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages

Application Security, vulnerability /

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages 2024-04-12 at 14:31 By Ionut Arghire A critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications. The post ‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages Read More »

The next wave of mobile threats

Application Security, BYOD, cybersecurity, digital transformation, Don't miss, Hot stuff, Jamf, mobile security, remote working, strategy, threats, Video /

The next wave of mobile threats 2024-04-12 at 07:01 By Help Net Security According to McAfee, apps, whether for communication, productivity, or gaming, are among the biggest threats to mobile security. Technavio expects the global mobile security software market to grow by $2.75 billion between 2020 and 2025, expanding at a CAGR of 9.68%. In

React to this headline:

Loading spinner

The next wave of mobile threats Read More »

Stopping security breaches by managing AppSec posture

Application Security, Compliance, cybersecurity, Don't miss, Hot stuff, human error, OpsMx, policy, software development, Video /

Stopping security breaches by managing AppSec posture 2024-04-11 at 06:01 By Help Net Security Many security vulnerabilities result from human error, and the majority of these are reflected in the application layer. These errors may occur at any stage in the software development life cycle, from code to cloud. In this Help Net Security video,

React to this headline:

Loading spinner

Stopping security breaches by managing AppSec posture Read More »

Security Flaw in WP-Members Plugin Leads to Script Injection

Application Security, CVE-2024-1852, Vulnerabilities, Wordfence, WordPress, WP-Members /

Security Flaw in WP-Members Plugin Leads to Script Injection 2024-04-02 at 18:46 By Ionut Arghire A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Security Flaw in WP-Members Plugin Leads to Script Injection Read More »

6 keys to navigating security and app development team tensions

Application Security, cybersecurity, data security, DevSecOps, Don't miss, Hot stuff, News, Probely, tips /

6 keys to navigating security and app development team tensions 2024-04-02 at 06:01 By Help Net Security There will always be a natural tension between cybersecurity teams and developers. After all, it’s the developer’s role to “develop.” They want and are paid to create and ship new applications and features that help move the organization

React to this headline:

Loading spinner

6 keys to navigating security and app development team tensions Read More »

Veracode Buys Longbow Security for Automated Root Cause Analysis Tech

Application Security, Funding/M&A, Longbow Security, M&A Tracker, seed-stage, Veracode /

Veracode Buys Longbow Security for Automated Root Cause Analysis Tech 2024-04-01 at 23:46 By Ryan Naraine Veracode announces a deal to acquire Longbow Security, a Texas seed-stage startup working on automated root cause analysis technology. The post Veracode Buys Longbow Security for Automated Root Cause Analysis Tech appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Veracode Buys Longbow Security for Automated Root Cause Analysis Tech Read More »

Drozer: Open-source Android security assessment framework

Android, Application Security, Don't miss, GitHub, Hot stuff, mobile security, News, open source, penetration testing, software, WithSecure /

Drozer: Open-source Android security assessment framework 2024-03-27 at 06:32 By Mirko Zorz Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applications and devices by taking on the role of

React to this headline:

Loading spinner

Drozer: Open-source Android security assessment framework Read More »

Scroll to Top