application vulnerabilities

Just because you work in a security operations center (SOC) doesn’t mean you have to waste your time chasing  dragons. And by “dragons,” we mean the traditional SOC’s difficulty identifying cyberattacks that ...

Recently identified npm packages called "node-request-ip", "request-ip-check" and "request-ip-validator" impersonate handy open source utilities relied upon by developers to retrieve an external IP address but instead target Windows, Linux and macOS users ...

npm packages identified by Sonatype recently are named similar to the vastly popular JavaScript library, lodash. These packages abuse typosquatting and carry within them a modified version of AnyDesk utility to target ...

Recently identified PyPI packages called "netfetcher" and "pyfetcher" impersonate open source libraries and target Windows users with malicious executables that have a zero detection rate among leading antivirus engines. Furthermore, some of ...

The OWASP Top 10 provides a standardized catalog of the most critical security risks to web applications. Compiled by a global community of security experts, this influential document highlights the... The post ...

Public proof-of-concepts (POCs) may be helping cybercriminals more than the organizations they were designed to protect. Sophos’ Active Adversary Playbook 2022 provides an in-depth analysis of cyberattacker behavior, tactics and tools from ...

Google, in collaboration with several open source communities, today unveiled a schema for describing vulnerabilities in open source software that will make it easier to for developers to track security issues that ...

In application security, so often the cause of vulnerabilities can be traced to the development process. It’s the nature of application development and a consequence of moving faster with shorter deadlines. It’s ...

Adobe Systems has released security patches for nine of its products to fix 86 vulnerabilities, the majority of which are rated as critical and important. In addition to Flash Player, Reader and ...

Equifax recently became headline news for all the wrong reasons when it revealed it had been the victim of a data breach that exposed the sensitive financial history and personal data of ...