Infosecurity Magazine

Web Application Security News

Scroll down for all the latest web application security news and information.

Latest News and Features

Malware Discovered in 19 Visual Studio Code Extensions

News

A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in dependency folders

Pro-Russia Hackers Target US Critical Infrastructure in New Wave

News

Log4Shell Downloaded 40 Million Times in 2025

News

Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025

News

December’s Patch Tuesday sees the release of patches for over 50 CVEs including three zero-days

React.js Hit by Maximum-Severity 'React2Shell' Vulnerability

News

New GhostFrame Phishing Framework Hits Over One Million Attacks

News

Yearn Finance yETH Pool Hit by $9M Exploit

News

ShadyPanda's Seven-Year Campaign Infects 4.3M Chrome and Edge Users

News

Scattered Lapsus$ Hunters Take Aim At Zendesk Users

News

New phishing domains point to a campaign from the notorious Scattered Lapsus$ Hunters collective

Cyber-Attack Disrupts OnSolve CodeRED Emergency Notification System

News

White Papers

Gcore Radar: DDoS Attack Trends Q3 to Q4, 2023

White Paper

5 Ways to Strengthen Your Active Directory Password Policy

White Paper

Pipedream Chernovite's emerging malware targeting Industrial Control Systems

White Paper

On-Demand Webinars

  • Modernise Application Delivery for the New Era
  • Closing the Browser Security Gap: Defending Against Modern Web-Based Threats
  • How to Proactively Remediate Rising Web Application Threats
  • Experiencing a DDoS Simulation to Enhance Defenses
  • How to Pair Threat Hunting and Exploit Intelligence for Better Cybersecurity
  • Mastering Software Supply Chain Security with Strategic Defense Mechanisms
  • The Infosecurity Magazine End of Year Xmas Quiz (Feat. The Beer Farmers)
  • How a Threat Response Unit Unmasks a Hacker
  • Updating Your Active Directory Security to the Modern Threat Environment
  • How to Secure Your Applications Against API Attacks

Podcasts

  • Eleanor Dallaway and Camille talk about Camille’s journey from Capitol Hill to Google as global head of product security strategy.
  • IntoSecurity Chats Episode 1 - Katie Moussouris
  • Into Security Podcast - Episode 1

More news and features

Smishing Triad Impersonation Campaigns Expand Globally

News

Flaws Expose Risks in Fluent Bit Logging Agent

News

CISA Issues New Guidance on Bulletproof Hosting Threat

News

Eternidade Stealer Trojan Fuels Aggressive Brazil Cybercrime

News

Trustwave SpiderLabs has observed new banking Trojan Eternidade Stealer targeting Brazil using WhatsApp for propagation and data theft

China-Aligned UTA0388 Uses AI Tools in Global Phishing Campaigns

News

NCSC Set to Retire Web Check and Mail Check Tools

News

The UK’s National Cyber Security Centre has urged users of its Web Check and Mail Check services to find alternatives

“I Paid Twice” Phishing Campaign Targets Booking.com

News

Hacktivist-Driven DDoS Dominates Attacks on Public Sector

News

UNK_SmudgedSerpent Targets Academics With Political Lures

News

A previously unknown cyber actor UNK_SmudgedSerpent has been observed targeting academics with phishing and malware, merging techniques from Iranian groups

CISA and NSA Outline Best Practices to Secure Exchange Servers

News

Blogs

Energy Operations: Managing Password Security and Continuity

Blog

Securing AI for Cyber Resilience: Building Trustworthy and Secure AI Systems

Blog

Next-Gen Infosec

How to Prevent Data Leakages

Next-Gen

Top Cloud Misconceptions that Could Damage Your Organization

Next-Gen

Improve Asset Visibility in OT Security With Hybrid AI-Cloud Approaches

Next-Gen