Application Security
Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
Palo Alto Networks has disclosed the details of its analysis of Google Cloud Platform’s Vertex AI.
Application Security
After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities.
Cloud Security
Phil Venables, former CISO of Google Cloud and now a venture partner at Ballistic Ventures, has joined Native’s board of directors.
Cloud Security
Google has completed its $32 billion acquisition of the cloud security giant, which will maintain its brand.
Application Security
Foxit Software has rolled out a critical-severity patch to cover a dangerous remote code execution flaw in its flagship PDF Reader and PDF Editor...
Application Security
The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA)...
Application Security
Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...
Application Security
After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...
Application Security
Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...
Application Security
Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...
Application Security
Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...
Application Security
Enterprise security vendor Proofpoint on Monday announced plans to acquire Illusive Networks, a startup that helped pioneer deception technology to help detect data breaches. Financial...
Cloud Security
Apple has scrapped plans to ship a controversial child pornography protection tool for iCloud Photos, a concession to privacy rights advocates who warned it...
Cloud Security
Digital risk protection company CloudSEK claims that another cybersecurity firm is behind a recent data breach resulting from the compromise of an employee’s Jira...
Audits
Apple on Wednesday announced plans to beef up data security protections on its flagship devices with the addition of new encryption tools for iCloud...
Application Security
The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into...
Application Security
High-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values...
Cloud Security
Cloud Security
Researchers at firmware and hardware security company Eclypsium have identified several potentially serious vulnerabilities in baseboard management controller (BMC) firmware made by AMI (American...
Application Security
Balance Theory, a seed-stage startup working on technology to help security teams collaborate and manage data flows securely, has closed a $3 million funding...
Cloud Security
IBM recently patched a vulnerability in IBM Cloud Databases for PostgreSQL that could have exposed users to supply chain attacks.
Application Security
Pangea Cyber, an early stage startup working on technology in the API security services space, has banked $26 million in a new funding round...
Application Security
Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code.
(Etay Maor)
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.
(Nadir Izrael)