Infosecurity Magazine

Web Application Security News

Scroll down for all the latest web application security news and information.

Latest News and Features

Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat

News

Bitcoin Depot Reports $3.6m Crypto Theft After System Breach

News

Critical Vulnerability in Ninja Forms Exposes WordPress Sites

News

Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately

GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration

News

GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data

Maryland Man Charged Over $53m Uranium Finance Crypto Hack

News

Cybercriminals Exploit Tax Season With New Phishing Tactics

News

Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code

News

Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds

News

Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study

Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage

News

Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities

News

White Papers

Gcore Radar: DDoS Attack Trends Q3 to Q4, 2023

White Paper

5 Ways to Strengthen Your Active Directory Password Policy

White Paper

Pipedream Chernovite's emerging malware targeting Industrial Control Systems

White Paper

On-Demand Webinars

  • How To Enhance Security Operations with AI-Powered Defenses
  • Securing M365 Data and Identity Systems Against Modern Adversaries
  • Modernise Application Delivery for the New Era
  • Closing the Browser Security Gap: Defending Against Modern Web-Based Threats
  • How to Proactively Remediate Rising Web Application Threats
  • Experiencing a DDoS Simulation to Enhance Defenses
  • How to Pair Threat Hunting and Exploit Intelligence for Better Cybersecurity

Podcasts

  • Eleanor Dallaway and Camille talk about Camille’s journey from Capitol Hill to Google as global head of product security strategy.
  • IntoSecurity Chats Episode 1 - Katie Moussouris
  • Into Security Podcast - Episode 1

More news and features

New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware

News

Trivy Supply Chain Attack Expands With New Compromised Docker Images

News

Crypto Scam "ShieldGuard" Dismantled After Malware Discovery

News

ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data

Average Number of Daily API Attacks Up 113% Annually

News

Security Flaw in AWS Bedrock Code Interpreter Raises Alarms

News

Researchers Uncover ‘LeakyLooker’ Vulnerabilities in Google Looker Studio

News

Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign

News

Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials, Google Cloud Finds

News

Google Cloud report details a sharp rise in attackers exploiting software vulnerabilities, including React2Shell

Ericsson Breach Exposes Data of 15k Employees and Customers

News

Ericsson data breach affects 15k employees/customers after third-party service provider compromise

Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stolen Data

News

Blogs

Microsoft 365 Tenant Security: How to Stay in Control of Your Data

Blog

The Death of the SIEM: Why Modern Security Demands a New Data Strategy

Blog

Next-Gen Infosec

How to Prevent Data Leakages

Next-Gen

Top Cloud Misconceptions that Could Damage Your Organization

Next-Gen

Improve Asset Visibility in OT Security With Hybrid AI-Cloud Approaches

Next-Gen