Let's face it: AppSec and developers often feel like they're on opposing teams. You're battling endless vulnerabilities while they just want to ship code. Sound familiar? It's a common challenge, but there is a solution. Ever wish they proactively cared about...

SubSnipe is an open-source tool designed to identify vulnerable subdomains at risk of takeover. Created by Florian Walter, the tool offers improved accuracy and efficiency compared to other similar tools by conducting additional verification steps.

As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report,...

Security firm Sygnia revealed that GhostEmperor recently compromised a network, using it as a launchpad to access another victim's systems. This marks the first public report on the group since it was identified by Kaspersky Lab in 2021.

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker...

Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five...

Credential mismanagement was the leading cause of cloud-based attacks in the first half of 2024, according to a Google Cloud report. Weak credentials and misconfigurations were responsible for 75% of network intrusions during this period.

A report by Legit Security highlights concerns around the security posture of the GitHub Actions marketplace, with most custom Actions lacking verification and being maintained by one developer.

Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said...

Interpol's global operation, Jackal III, targeted West African cybercrime groups, including Black Axe. It resulted in 300 arrests across 21 countries, seizure of $3 million, identification of 400 suspects, and the blocking of over 720 bank accounts.