Infosecurity Magazine

Web Application Security News

Scroll down for all the latest web application security news and information.

Latest News and Features

React.js Hit by Maximum-Severity 'React2Shell' Vulnerability

News

A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, posing severe risks for server-side implementations

New GhostFrame Phishing Framework Hits Over One Million Attacks

News

Yearn Finance yETH Pool Hit by $9M Exploit

News

ShadyPanda's Seven-Year Campaign Infects 4.3M Chrome and Edge Users

News

Infected 4.3 million Chrome and Edge users via extensions; ShadyPanda exploited browser marketplaces

Scattered Lapsus$ Hunters Take Aim At Zendesk Users

News

Cyber-Attack Disrupts OnSolve CodeRED Emergency Notification System

News

A cyber-attack claimed to be the resposibility of INC Ransom group and targeting the OnSolve CodeRED platform has disrupted emergency notification and exposed user data across the US

Smishing Triad Impersonation Campaigns Expand Globally

News

Flaws Expose Risks in Fluent Bit Logging Agent

News

CISA Issues New Guidance on Bulletproof Hosting Threat

News

Eternidade Stealer Trojan Fuels Aggressive Brazil Cybercrime

News

White Papers

Gcore Radar: DDoS Attack Trends Q3 to Q4, 2023

White Paper

5 Ways to Strengthen Your Active Directory Password Policy

White Paper

Pipedream Chernovite's emerging malware targeting Industrial Control Systems

White Paper

On-Demand Webinars

  • Modernise Application Delivery for the New Era
  • Closing the Browser Security Gap: Defending Against Modern Web-Based Threats
  • How to Proactively Remediate Rising Web Application Threats
  • Experiencing a DDoS Simulation to Enhance Defenses
  • How to Pair Threat Hunting and Exploit Intelligence for Better Cybersecurity
  • Mastering Software Supply Chain Security with Strategic Defense Mechanisms
  • The Infosecurity Magazine End of Year Xmas Quiz (Feat. The Beer Farmers)
  • How a Threat Response Unit Unmasks a Hacker
  • Updating Your Active Directory Security to the Modern Threat Environment
  • How to Secure Your Applications Against API Attacks

Podcasts

  • Eleanor Dallaway and Camille talk about Camille’s journey from Capitol Hill to Google as global head of product security strategy.
  • IntoSecurity Chats Episode 1 - Katie Moussouris
  • Into Security Podcast - Episode 1

More news and features

China-Aligned UTA0388 Uses AI Tools in Global Phishing Campaigns

News

Volexity has linked spear phishing operations to China-aligned UTA0388 in new campaigns using advanced tactics and LLMs

NCSC Set to Retire Web Check and Mail Check Tools

News

“I Paid Twice” Phishing Campaign Targets Booking.com

News

Hacktivist-Driven DDoS Dominates Attacks on Public Sector

News

UNK_SmudgedSerpent Targets Academics With Political Lures

News

CISA and NSA Outline Best Practices to Secure Exchange Servers

News

CISA and NSA have released a blueprint to enhance Microsoft Exchange Server security against cyber-attacks

Critical Flaws Found in Elementor King Addons Affect 10,000 Sites

News

Chrome to Make HTTPS Mandatory by Default in 2026

News

PHP Servers and IoT Devices Face Growing Cyber-Attack Risks

News

A rise in attacks on PHP servers, IoT devices and cloud gateways is linked to botnets exploiting flaws, according to new research published by Qualys

Open Source “b3” Benchmark to Boost LLM Security for Agents

News

Blogs

How to Fix OST File cannot be Opened Error

Blog

Elevating SaaS Security with NIST CSF and Agentic AI

Blog

Next-Gen Infosec

How to Prevent Data Leakages

Next-Gen

Top Cloud Misconceptions that Could Damage Your Organization

Next-Gen

Improve Asset Visibility in OT Security With Hybrid AI-Cloud Approaches

Next-Gen