Application Security

The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows.

Tech firm reveals that data on one of its file servers was accessed by attackers.

Amazon Redshift customers can use Baffle’s Data Privacy Cloud to secure the data pipeline as source data is migrated to Redshift and used for data analytics.

Companies such as GItLab, which today increased its payment for critical bugs by 75%, are raising bounties and bonuses to attract top-notch researchers.

The danger of anyone being able to spin up new applications is that few are thinking about security. Here's why everyone is responsible for the security of low-code/no-code applications.

Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category.

Attackers targeted Chinese pro-democracy groups using a vulnerability fixed in September along with a second vulnerability fixed early in the year, Google says.

A wave of phony emails from an FBI mail server originated from an issue with the agency's Law Enforcement Enterprise Portal.

New security tools are proactively protecting APIs built with GraphQL, before attacks against them become more commonplace.

Alan Paller, founder of the famed SANS Institute, passed away on Nov. 9.

ClusterFuzzLite is a stripped-down version of continuous fuzzing tool ClusterFuzz that integrates CI tools.

Enterprises are more dependent than ever on open source software and need to manage the risk posed by vulnerabilities in components and third-party vendors.

The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally been added to their projects.

Russian cybercrime group known as T505 is targeting SolarWinds Server-U systems that haven't been patched for a remote code execution vulnerability fixed this summer.

AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.