Application Security

Twitter is charged with using emails and phone numbers ostensibly collected for account security to sell targeted ads.

Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.

Researchers discover 3-year-old critical firmware vulnerability, running in popular cloud servers used to power hyperscalers and cloud providers alike.

Open source software community initiative utilizes blockchain technology.

Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.

But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.

The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.

Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.

Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.

System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.

Last month attackers quickly reverse-engineered VMware patches to launch RCE attacks. CISA warns it's going to happen again.

Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.

Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.