Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

News 16 May 2025
News brief: Patch critical SAP, Samsung and chat app flaws now

Check out the latest security news from the Informa TechTarget team. Continue Reading
By
- Sharon Shea, Executive Editor
News 13 May 2025
Microsoft tackles 5 Windows zero-days on May Patch Tuesday

The company addresses 72 unique CVEs this month, but several AI features bundled in a larger-than-usual update could bog down some networks. Continue Reading
By
- Tom Walat, Site Editor

Definition 14 May 2025
What is penetration testing?

A penetration test, also called a 'pen test,' is a simulated cyberattack on a computer system, network or application to identify and highlight vulnerabilities in an organization's security posture. Continue Reading
By
- Kinza Yasar, Technical Writer
- Puneet Mehta, SDG
News 13 May 2025
Microsoft tackles 5 Windows zero-days on May Patch Tuesday

The company addresses 72 unique CVEs this month, but several AI features bundled in a larger-than-usual update could bog down some networks. Continue Reading
By
- Tom Walat, Site Editor
Tip 07 May 2025
10 leading open source application security testing tools

Security testing enables companies to discover and remediate vulnerabilities and weaknesses in apps before malicious actors find them. Continue Reading
By
- Colin Domoney
News 02 May 2025
Independent lab crowns new WAAP product among its leaders

An API security specialist's newly launched WAAP product outranked more established WAF competitors during independent benchmark testing. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 24 Apr 2025
Software supply chain security AI agents take action

Three software supply chain security vendors join the AI agent trend that is sweeping tech, as AI-generated code threatens to overwhelm human security pros. Continue Reading
By
- Beth Pariseau, Senior News Writer
Opinion 22 Apr 2025
3 EUC security topics I'll be looking for at RSAC 2025

There will be a ton of security topics that RSA Conference-goers can check out, but IT admins should be aware of three common themes surrounding email and endpoints. Continue Reading
By
- Gabe Knuth, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 22 Apr 2025
Docker plans Model Context Protocol security boost

Docker said it plans new tools integrating the emerging agentic AI standard protocol into existing workflows, including security controls. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 18 Apr 2025
Try these strategies to modernize Windows workloads

Legacy applications create tough choices for admins who must balance business needs and security. This article covers these challenges and modernization strategies. Continue Reading
By
- Dwayne Rendell, Triskele Labs
News 18 Apr 2025
Availity eyes GitLab Duo with Amazon Q for code refactoring

The healthcare network's release engineering team is testing the new AI agent pairing to help with code consolidation, modernization and risk mitigation. Continue Reading
By
- Beth Pariseau, Senior News Writer
Definition 16 Apr 2025
What is Pretty Good Privacy and how does it work?

Pretty Good Privacy, or PGP, was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Peter Loshin, Former Senior Technology Editor
- Rob Wright, Senior News Director
News 09 Apr 2025
Exploited Windows zero-day addressed on April Patch Tuesday

Microsoft delivers fixes for 121 vulnerabilities with 11 rated critical this month. Admins will have extra mitigation work to correct three flaws. Continue Reading
By
- Tom Walat, Site Editor
Tip 04 Apr 2025
Generative AI security best practices to mitigate risks

When tackling AI security issues, enterprises should minimize shadow IT risks, establish an AI governance council and train employees on the proper use of AI tools. Continue Reading
By
- Irwin Lazar, Metrigy Research
News 02 Apr 2025
Model Context Protocol fever spreads in cloud-native world

The Anthropic-led spec for AI agent tool connections gains further momentum this week, with support from cloud-native infrastructure vendors such as Kubiya and Solo.io. Continue Reading
By
- Beth Pariseau, Senior News Writer
Opinion 01 Apr 2025
How ESET is using AI PCs to boost endpoint security

While AI PCs show legitimate promise, the rock-solid use cases haven't been as prominent. However, security vendor ESET is showing more concrete applications of this technology. Continue Reading
By
- Gabe Knuth, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 28 Mar 2025
Follow Patch Tuesday best practices for optimal results

Microsoft releases most security updates on Patch Tuesday, a day that brings anxiety to many sys admins. Learn how to develop a strategy to test and deploy these fixes. Continue Reading
By
- Brien Posey
Opinion 27 Mar 2025
What the $32B Google-Wiz deal says about cloud-native security

Google's acquisition of Wiz for $32 billion highlights the importance of cloud-native security as organizations transition to microservices and containerization. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 21 Mar 2025
Does using DeepSeek create security risks?

The Chinese AI chatbot, despite its efficiency and customizability, raises serious concerns about data privacy, censorship and security vulnerabilities for business users. Continue Reading
By
- Nihad Hassan
Tip 20 Mar 2025
13 API security best practices to protect your business

APIs are the backbone of most modern applications, and companies must build in API security from the start. Follow these guidelines to design, deploy and protect your APIs. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Michael Cobb
Feature 20 Mar 2025
3 types of deepfake detection technology and how they work

Think you're talking to your boss on Zoom? You might want to think again. Deepfake technology has already cost enterprises millions of dollars. Here's how to fight fire with fire. Continue Reading
By
- Alissa Irei, Senior Site Editor
Opinion 20 Mar 2025
How to sideload iOS apps and why it's dangerous

IT professionals might think the hassle of jailbreaking a device deters users from sideloading iOS apps. Learn the other methods users turn to and why it's still dangerous. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Kyle Johnson, Technology Editor
Tip 19 Mar 2025
The Microsoft patch management guide for admins

Microsoft recently added WSUS to its deprecation list. Now that the battle-tested patch management tool's days are numbered, what are the alternatives from the company? Continue Reading
By
- Adam Fowler
Definition 18 Mar 2025
What is security by design?

Security by design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices. Continue Reading
By
- Paul Kirvan
- Ivy Wigmore
Answer 18 Mar 2025
How do competition laws affect Apple's sideloading policies?

The EU's Digital Markets Act has caused Apple to allow sideloading in certain regions. This change could have broader effects on Apple's operations, mobile security and IT teams. Continue Reading
By
- Sean Michael Kerner
News 17 Mar 2025
GitHub Actions supply chain attack spotlights CI/CD risks

Experts say a GitHub Actions vulnerability should renew enterprises' attention to securing build pipelines the same way they secure production environments. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 17 Mar 2025
5 fundamental strategies for REST API authentication

Implementing an effective REST API authentication strategy can help protect users and their data while maintaining a seamless data exchange across boundaries. Continue Reading
By
- Priyank Gupta, Sahaj Software
Definition 17 Mar 2025
What is a buffer overflow? How do these types of attacks work?

A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold. Continue Reading
By
- Katie Terrell Hanna
- Michael Cobb
Tip 14 Mar 2025
How to secure AI infrastructure: Best practices

AI tools are creating an even greater attack surface for malicious hackers to penetrate. But there are steps you can take to ensure your organization's AI foundation remains safe. Continue Reading
By
- Jerald Murphy, Nemertes Research
Tip 13 Mar 2025
How to build an application security program

A well-defined application security program that includes multilayer software testing, SBOMs, and documentation and standards is vital to protect apps from threat actors. Continue Reading
By
- Colin Domoney
News 11 Mar 2025
March Patch Tuesday fixes 6 Windows zero-day exploits

All the vulnerabilities that had been actively exploited in the wild will get resolved quickly by deploying the Windows cumulative update for this month. Continue Reading
By
- Tom Walat, Site Editor
Feature 11 Mar 2025
Incident response for web application attacks

Web app security is like learning to ride a bike -- expect to struggle before getting it right. But don't be disheartened; learn from prior incidents to improve controls. Continue Reading
By
- Kyle Johnson, Technology Editor
- Manning Publications Co.
Definition 11 Mar 2025
What is a rootkit?

A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system. Continue Reading
By
- Scott Robinson, New Era Technology
- Mary E. Shacklett, Transworld Data
- Linda Rosencrance
News 28 Feb 2025
Microsoft targets AI deepfake cybercrime network in lawsuit

Microsoft alleges that defendants used stolen Azure OpenAI API keys and special software to bypass content guardrails and generate illicit AI deepfakes for payment. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 28 Feb 2025
Why and how to create Azure service principals

Service principals are a convenient and secure way to protect Azure resources. Follow this step-by-step guide to create a service principal that defends vital Azure workloads. Continue Reading
By
- Stuart Burns
News 27 Feb 2025
FBI: Lazarus Group behind $1.5 billion Bybit heist

Researchers say the heist, in which North Korean state-sponsored hackers stole funds from a cold wallet, is the biggest theft in the history of the cryptocurrency industry. Continue Reading
By
- Arielle Waldman, News Writer
Definition 27 Feb 2025
What is a domain controller?

A domain controller is a server that processes requests for authentication from users and computers within a computer domain. Continue Reading
By
- Gavin Wright
- Peter Loshin, Former Senior Technology Editor
Tip 26 Feb 2025
How to improve third-party API integration security

External API integrations are critical, but so is managing third-party API risks to maintain customer trust, remain compliant and ensure long-term operational resilience. Continue Reading
By
- Jerald Murphy, Nemertes Research
Tip 25 Feb 2025
WAF vs. RASP for web app security: What's the difference?

Web application firewalls use a negative security model, while runtime application self-protection tools use a positive security model. Which is better at keeping apps secure? Continue Reading
By
- Colin Domoney
Definition 21 Feb 2025
What is application allowlisting?

Application allowlisting, previously known as 'application whitelisting,' is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Brien Posey
- Peter Loshin, Former Senior Technology Editor
Tip 21 Feb 2025
3 ways to retool UC platform security architecture models

Hybrid workers moving between home and office environments create a UC security gap. But adopting modern tools to augment traditional security policies can mitigate risks. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 20 Feb 2025
Zero-CVE Chainguard Images gain customization option

Chainguard opens its container image builder factory to let users mix and match hardened container components while preserving a zero-vulnerability SLA. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 20 Feb 2025
Penetration testing vs. vulnerability scanning: What's the difference?

Confused by the distinctions between penetration testing and vulnerability scanning? You're not alone. Learn the key differences between the two and when to use each. Continue Reading
By
- Kyle Johnson, Technology Editor
- Andrew Froehlich, West Gate Networks
Tutorial 18 Feb 2025
Deploy a read-only domain controller for security, speed

A read-only domain controller requires a fair amount of work for a proper deployment, but it can be a great option for quicker logins for users in branch offices. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Feature 18 Feb 2025
TikTok bans explained: Everything you need to know

The United States government takes aim at the viral video sharing application TikTok. Continue Reading
By
- Ben Lutkevich, Site Editor
News 12 Feb 2025
Docker Inc. CEO swap has analysts anticipating a sale

Industry watchers see the takeover by a former Oracle exec as the precursor to merging with a broader software development portfolio at a larger company. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 12 Feb 2025
Fortinet discloses second authentication bypass vulnerability

Fortinet disclosed CVE-2025-24472 in an updated advisory that confused some in the infosec community because it stated that 'reports show this is being exploited in the wild.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 11 Feb 2025
Microsoft plugs two zero-days for February Patch Tuesday

The company corrects active exploits in vulnerable Windows systems, one of which could give the attacker complete control if successful. Continue Reading
By
- Tom Walat, Site Editor
Tip 11 Feb 2025
How to build an API security strategy

Lax API protections make it easier for threat actors to steal data, inject malware and perform account takeovers. An API security strategy helps combat this. Continue Reading
By
- Colin Domoney
News 11 Feb 2025
Apple zero day used in 'extremely sophisticated attack'

CVE-2025-24200 is a zero-day vulnerability that bypasses Apple's USB Restricted Mode in iPhones and iPads and was exploited in the wild against 'specific targeted individuals.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Feb 2025
DevSecOps platform tucks in API security as AI apps heat up

Harness merges with its sister company, Traceable, for API security, which has broadening appeal as organizations develop generative and agentic AI applications. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 10 Feb 2025
Trimble Cityworks zero-day flaw under attack, patch now

CVE-2025-0994 is a high-severity deserialization vulnerability that enables remote code execution in unpatched versions of Cityworks enterprise asset management software. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 Feb 2025
Unpatched.ai: Who runs the vulnerability discovery platform?

There is limited information on the AI-powered vulnerability discovery platform that emerged in December after it reported Microsoft vulnerabilities Continue Reading
By
- Arielle Waldman, News Writer
Tip 04 Feb 2025
How to properly implement Exchange Extended Protection

This security feature can better protect Exchange Server deployments to prevent a wide range of attacks and safeguard sensitive data transmitted over the network. Continue Reading
By
- Helen Searle-Jones, Tritech Group
Definition 04 Feb 2025
What is Internet Key Exchange (IKE)?

Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN). Continue Reading
By
- Gavin Wright
- Andrew Zola
- Alexander S. Gillis, Technical Writer and Editor
News 04 Feb 2025
WatchTowr warns abandoned S3 buckets pose supply chain risk

WatchTowr researchers found that they could reregister abandoned Amazon S3 buckets and detail alarming ways that threat actors could exploit the attack surface. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Feb 2025
NSFocus: DeepSeek AI hit with 'well planned' DDoS attacks

Cybersecurity vendor NSFocus said AI startup DeepSeek endured multiple waves of DDoS attacks from attackers since its reasoning model was released Jan. 20. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 31 Jan 2025
What is DOS (Disk Operating System)?

A DOS, or disk operating system, is an operating system (OS) that runs from a disk drive. The term can also refer to a particular family of disk operating systems, most commonly MS-DOS (Microsoft DOS). Continue Reading
By
- Rahul Awati
- Michael Cobb
Definition 30 Jan 2025
What is blockchain? Definition, examples and how it works

Blockchain is a distributed ledger technology (DLT) that's shared across a network of computers to keep a digital record of transactions. Continue Reading
By
- Kinza Yasar, Technical Writer
- Nick Barney, Technology Writer
- Mary K. Pratt
News 30 Jan 2025
Wiz reveals DeepSeek database exposed API keys, chat history

Wiz expressed concern about security shortcomings with AI tools and services amid the rapid adoption and rising popularity of offerings like DeepSeek-R1. Continue Reading
By
- Arielle Waldman, News Writer
News 29 Jan 2025
Google details adversarial AI activity on Gemini

Google identified APTs from more than 20 nations misusing its Gemini AI chatbot but noted that threat actors were unsuccessful in finding novel techniques or vulnerabilities. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 Jan 2025
Apple zero-day vulnerability under attack on iOS devices

Apple said the zero-day vulnerability, tracked as CVE-2025-24085, affects its CoreMedia framework and 'may have been actively exploited against versions of iOS before iOS 17.2.' Continue Reading
By
- Rob Wright, Senior News Director
News 24 Jan 2025
AMD processor vulnerability inadvertently leaked early

The flaw was revealed when hardware manufacturer Asus published a patch for an 'AMD Microcode Signature Verification Vulnerability' to a gaming motherboard update page. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 23 Jan 2025
Eclypsium finds security issues in Palo Alto Networks NGFWs

Eclypsium researchers stressed how essential supply chain security is as threat actors increasingly target and exploit vulnerabilities in firewalls, VPNs and other edge devices. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Jan 2025
Threat actors abusing Microsoft Teams in ransomware attacks

Sophos researchers observed two separate threat campaigns in which attackers used Microsoft Teams to pose as IT support personnel and gain access to victims' systems. Continue Reading
By
- Arielle Waldman, News Writer
News 16 Jan 2025
Tech industry experts digest cybersecurity executive order

IT pros assess a last-minute cybersecurity executive order with new directives on a broad swath of topics, from cybercriminal sanctions to AI and identity management. Continue Reading
By
- Beth Pariseau, Senior News Writer
- Arielle Waldman, News Writer
News 16 Jan 2025
ESET details UEFI Secure Boot bypass vulnerability

ESET researchers last year discovered an unsigned binary in a third-party UEFI application that could have been abused to bypass the Secure Boot process. Continue Reading
By
- Arielle Waldman, News Writer
News 14 Jan 2025
January Patch Tuesday resolves 3 Hyper-V zero-days

The number of vulnerabilities corrected for January Patch Tuesday is one of the highest in recent memory and includes three Hyper-V vulnerabilities exploited in the wild. Continue Reading
By
- Tom Walat, Site Editor
News 08 Jan 2025
Critical Ivanti Connect Secure zero-day flaw under attack

Although Ivanti has seen exploitation of CVE-2025-0282 in only Ivanti Connect Secure instances, Ivanti Policy Secure and ZTA gateways are also vulnerable to the flaw. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 08 Jan 2025
Top 15 email security best practices for 2025

Attackers exploit email every day to break into corporate networks, but the risk can be reduced by adhering to these 15 email security best practices. Continue Reading
By
- Sharon Shea, Executive Editor
- Peter Loshin, Former Senior Technology Editor
News 02 Jan 2025
Dozens of Chrome extensions hacked in threat campaign

Although data security vendor Cyberhaven disclosed that its Chrome extension was compromised on Dec. 24, additional research suggests the broader campaign could be months older. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 30 Dec 2024
Navigate the 2025 threat landscape with expert insights

AI technology and company employees can serve as both gateways and buffers against cyberthreats. Learn more from expert thought leaders on how to protect your environment in 2025. Continue Reading
By
- Alicia Landsberg, Senior Managing Editor
News 23 Dec 2024
10 of the biggest cybersecurity stories of 2024

Some of the biggest stories of the year include a massive IT outage, a record-setting ransom payment and devastating breaches at several U.S. telecommunications companies. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 23 Dec 2024
What is a proxy firewall?

A proxy firewall is a network security system that protects network resources by filtering messages at the application layer. Continue Reading
By
- Rahul Awati
Definition 17 Dec 2024
What is passwordless authentication?

Passwordless authentication allows a user to sign into a service without using a password. This is often done using certificates, security tokens, one-time passwords (OTPs) or biometrics. Continue Reading
By
- Kinza Yasar, Technical Writer
- Gavin Wright
- Alexander S. Gillis, Technical Writer and Editor
Tip 16 Dec 2024
7 DevSecOps tools to secure each step of the SDLC

DevSecOps tools come in many shapes and sizes, helping organizations do everything from discovering software vulnerabilities to preventing software supply chain data breaches. Continue Reading
By
- Colin Domoney
News 12 Dec 2024
Aqua Security warns of significant risks in Prometheus stack

The cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Dec 2024
December Patch Tuesday shuts down Windows zero-day

Microsoft addresses 72 vulnerabilities, including 17 rated critical. Administrators should focus on patching the Windows OS to stop a flaw that has been exploited in the wild. Continue Reading
By
- Tom Walat, Site Editor
News 10 Dec 2024
Citrix NetScaler devices targeted in brute force campaign

Citrix advised NetScaler customers to ensure that their devices are fully updated and properly configured to defend against the recent spike in brute force attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Dec 2024
Microsoft enhanced Recall security, but will it be enough?

Microsoft's controversial Recall feature began rolling out to certain Windows Insiders with Copilot+ PCs in November, with more expected to participate this month. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Dec 2024
Attackers exploit vulnerability in Cleo file transfer software

Cleo disclosed and patched the remote code execution vulnerability in late October, but managed file transfer products have proved to be popular targets for threat actors. Continue Reading
By
- Arielle Waldman, News Writer
Definition 09 Dec 2024
What is a session key?

A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. Continue Reading
By
- Rahul Awati
News 06 Dec 2024
Ultralytics YOLO AI model compromised in supply chain attack

While Ultralytics has not released an official security advisory, the company pulled two recent versions of its YOLO11 AI model after reports said they contained a cryptominer. Continue Reading
By
- Arielle Waldman, News Writer
News 05 Dec 2024
Amazon Q, Bedrock updates make case for cloud in agentic AI

Amazon and its partners rev their engines in anticipation of agentic AI with updates that challenge the cost and quality claims of self-hosted infrastructure competitors. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 04 Dec 2024
FOSS security concerns increase amid widespread adoption

A new report from the Linux Foundation, OpenSSF and Harvard University calls for transparency and standardization to address growing security risks in open source software. Continue Reading
By
- Arielle Waldman, News Writer
Definition 27 Nov 2024
What is obfuscation and how does it work?

Obfuscation means to make something difficult to understand. Programming code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program. Continue Reading
By
- Rahul Awati
- Ben Lutkevich, Site Editor
News 26 Nov 2024
Russian hackers exploit Firefox, Windows zero-days in wild

RomCom threat actors chain two Firefox and Windows zero-day vulnerabilities together in order to execute arbitrary code in vulnerable Mozilla browsers. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 22 Nov 2024
Volexity details Russia's novel 'Nearest Neighbor Attack'

The security company warned that the new attack style highlights the importance of securing Wi-Fi networks, implementing MFA and patching known vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Nov 2024
WasmCloud makes strides with Wasm component model

After a stall in 2023, this year's WASI Preview 2 pushed server-side WebAssembly forward, turning heads at companies such as American Express -- but it's far from mainstream use. Continue Reading
By
- Beth Pariseau, Senior News Writer
Podcast 21 Nov 2024
Rethinking 'secure by design' amid slippery SecOps shifts

An expert discusses the fallout from a CISA report that raised doubts about the last decade's DevSecOps trend, and where the industry goes from here. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 21 Nov 2024
IT pros revise pipelines for software supply chain security

Software supply chain security has reached an awkward stage for enterprise IT, as platform and security pros grapple with adding upstream tools to existing workflows. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 20 Nov 2024
Apple warns 2 macOS zero-day vulnerabilities under attack

The macOS Sequoia vulnerabilities are the latest to be targeted and exploited by threat actors as cybersecurity vendors report a shift in the landscape. Continue Reading
By
- Arielle Waldman, News Writer
Tip 20 Nov 2024
User provisioning and deprovisioning: Why it matters for IAM

Overprivileged and orphaned user identities pose risks. Cybersecurity teams should be sure user profiles grant only appropriate access -- and only for as long as necessary. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 14 Nov 2024
Infoblox: 800,000 domains vulnerable to hijacking attack

While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Nov 2024
Microsoft halts 2 zero-days on November Patch Tuesday

The company addressed 88 vulnerabilities, including an Exchange Server spoofing flaw and a significant number of SQL Server bugs, this month. Continue Reading
By
- Tom Walat, Site Editor
News 07 Nov 2024
Google DORA issues platform engineering caveats

As with generative AI, the same techniques that can boost enterprise developer productivity can also slow and destabilize overall software delivery. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 05 Nov 2024
Google Cloud to roll out mandatory MFA for all users

Google's three-phase plan for mandatory MFA, which will culminate in late 2025, follows similar efforts from other cloud providers such as AWS and Microsoft. Continue Reading
By
- Arielle Waldman, News Writer
Tip 04 Nov 2024
10 API security testing tools to mitigate risk

Securing APIs properly requires testing throughout their design lifecycle. Explore 10 leading API security testing tools for automated, continuous security testing. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Michael Cobb
Tip 01 Nov 2024
API security testing checklist: 7 key steps

APIs are a common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Michael Cobb
News 31 Oct 2024
Lottie Player NPM package compromised in supply chain attack

Threat actors published compromised versions of the Lottie Player component on NPM, and the malicious code prompted users to access their cryptocurrency wallets. Continue Reading
By
- Arielle Waldman, News Writer
News 30 Oct 2024
Microsoft warns of Midnight Blizzard spear phishing campaign

The tech giant is notifying users affected by a recently observed campaign, which has targeted more than 100 victim organizations globally so far. Continue Reading
By
- Arielle Waldman, News Writer
News 29 Oct 2024
GitHub Copilot Autofix expands as AI snags software delivery

GitHub Copilot Autofix could help vulnerability management keep pace as the volume of AI-generated code swamps delivery processes, but can AI be trusted to rein in AI? Continue Reading
By
- Beth Pariseau, Senior News Writer