Latest from todayNews AnalysisHidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fixResearcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy classes also accept non-HTTP URLs, a behavior developers are responsible to guard against — but not likely to expect.By Lucian ConstantinDec 10, 20256 minsApplication SecuritySecuritySoftware Development News Apache Tika hit by critical vulnerability thought to be patched months agoBy John E. DunnDec 8, 20253 minsApplication SecurityDevelopment ToolsVulnerabilitiesHow-To Key questions CISOs must ask before adopting AI-enabled cyber solutionsBy Neal WeinbergDec 2, 20259 minsApplication SecurityArtificial IntelligenceData and Information Security NewsFortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment By John E. Dunn Nov 20, 20255 minsApplication SecurityVulnerabilitiesZero-Day Vulnerabilities OpinionSelling to the CISO: An open letter to the cybersecurity industryBy Tyler Farrar Nov 20, 20256 minsApplication SecurityCSO and CISOTechnology Industry NewsSpam flooding npm registry with token stealers still isn’t under controlBy Howard Solomon Nov 14, 20257 minsApplication SecurityDevelopment ToolsOpen Source NewsRogue MCP servers can take over Cursor’s built-in browserBy Lucian Constantin Nov 13, 20256 minsApplication SecurityDevSecOpsVulnerabilities News AnalysisAI-powered bug hunting shakes up bounty industry — for better or worseBy John Leyden Oct 31, 20256 minsApplication SecurityArtificial IntelligenceDevSecOps FeatureNetwork security devices endanger orgs with ’90s era flawsBy Lucian Constantin Oct 20, 202512 minsApplication SecurityDevSecOpsTechnology Industry ArticlesnewsGitHub Copilot prompt injection flaw leaked sensitive data from private reposHidden comments in pull requests analyzed by Copilot Chat leaked AWS keys from users’ private repositories, demonstrating yet another way prompt injection attacks can unfold.By Lucian Constantin Oct 8, 2025 5 minsApplication SecurityArtificial IntelligenceDevSecOpsnewsOracle E-Business Suite users targeted in extortion campaignCl0p-linked threat actors are targeting Oracle E-Business Suite users with spear-phishing emails claiming theft of sensitive ERP data. By Taryn Plumb Oct 2, 2025 7 minsApplication SecurityRansomwareSecurityfeatureAI coding assistants amplify deeper cybersecurity risksAlthough capable of reducing trivial mistakes, AI coding copilots leave enterprises at risk of increased insecure coding patterns, exposed secrets, and cloud misconfigurations, research reveals.By John Leyden Sep 25, 2025 10 minsApplication SecurityDevSecOpsSecurity PracticesnewsChaos-Mesh flaws put Kubernetes clusters at risk of full takeoverFour newly discovered vulnerabilities in the fault simulation platform can lead to OS command injection and cluster takeover, even from unprivileged pods.By Lucian Constantin Sep 16, 2025 3 minsApplication SecurityCloud SecurityVulnerabilitiesbrandpostSponsored by VeracodeVeracode Static Analysis: The Right Scan, At The Right Time, In The Right PlaceVeracode Static Analysis: Meeting the Modern AppSec ChallengeBy Veracode May 14, 2020 1 minApplication SecuritySecuritynewsWarning: Hackers have inserted credential-stealing code into some npm libraries‘This is a new frontier’ of malware in open source repositories, says one expert.By Howard Solomon Sep 16, 2025 6 minsApplication SecurityMalwareOpen Sourceevents promotionHow the Marine Corps slashed IT delays by shifting to DevOps and agile development Operation StormBreaker helped the Marine Corps deliver secure, modern digital services to Marines and their families.By Shane O'Neill for CSO Events Sep 15, 2025 8 minsAgile DevelopmentDevSecOpsDevopsfeature6 hot cybersecurity trendsGenerative AI enthusiasm may be cooling, but agentic AI in the SOC — and the need to defend AI infrastructure — are increasingly top of mind for security leaders today.By Neal Weinberg Sep 10, 2025 11 minsAuthenticationPhishingRansomwarefeatureAgentic AI: A CISO’s security nightmare in the making?Autonomous, adaptable, and interconnected, agentic AI systems are both a productivity and a cybersecurity risk multiplier. To secure their activity, traditional security models might not be enough.By Bob Violino Sep 2, 2025 10 minsApplication SecurityBusiness IT AlignmentData and Information SecuritynewsWave of npm supply chain attacks exposes thousands of enterprise developer credentialsAttacks on the NX build system and React packages highlight escalating threats to enterprise software development pipelines.By Gyana Swain Aug 28, 2025 1 minApplication SecurityJavaScriptnews analysisAttackers steal data from Salesforce instances via compromised AI live chat toolOne of their goals was to access other credentials to compromise other environments.By Lucian Constantin Aug 26, 2025 5 minsAccess ControlApplication SecuritySupply ChainnewsCritical Docker Desktop flaw allows container escapeMissing authentication on the Docker Engine management API for Docker Desktop on Windows and Mac allows attackers to break out from containers and potentially execute malicious code on the underlying host system.By Lucian Constantin Aug 26, 2025 4 minsApplication SecurityDevSecOpsfeatureASPM buyer’s guide: 7 products to help secure your applicationsSelecting the right application security posture management (ASPM) platform requires a deep understanding of your organization’s application estate and issues, as well as the widely ranging capabilities each ASPM solution offers.By David Strom Aug 20, 2025 11 minsApplication SecurityCloud SecurityEnterprise Buyer’s Guides Show more Show less View all Resources whitepaper F5 Webinar Featuring Forrester: Navigating the New Era of App Delivery and Security Businesses are rapidly evolving, transitioning from monolithic apps to microservices and AI apps, and from data centers to hybrid multicloud deployments. The post F5 Webinar Featuring Forrester: Navigating the New Era of App Delivery and Security appeared first on Whitepaper Repository –. By F5 10 Dec 2025Application ManagementApplication SecurityCloud whitepaper F5 Webinar Featuring Forrester: Navigating the New Era of App Delivery and Security By F5 10 Dec 2025Application ManagementApplication SecurityCloud whitepaper Optimize application development By Red Hat 12 Nov 2025Application ManagementApplication SecurityBusiness Operations View all Podcasts podcastsSponsored by VeracodeA Hard Look at Software SecurityIn Season 2 of our podcast series, we’ll discuss the implications and mandates generated by Veracode’s most recent State of Software Security report. Our industry experts will pick up from Season 1’s highlights to take a closer look at application security today. Listeners will learn more about: The impact security debt is having across industries The changing attitudes and priorities put around application security How the average number of days to fix software flaws has almost tripled since the last report The case for scanning early and often 12 episodesApplication Security Ep. 12 Frequency matters: the case for scanning early and often, part 2 Jun 20, 202314 mins Application SecurityData and Information SecuritySecurity Ep. 08 Unresolved flaws: security debt grows deeper Jun 20, 202311 mins Application SecurityData and Information SecuritySecurity Video on demand video What’s ahead for cybersecurity in 2019: TECH(talk) J.M. Porup, senior writer at CSO online, joins Juliet on this week’s episode of TECH(talk) to discuss trends in ransomware, IoT security and enterprise cybersecurity roles. Feb 1, 2019 25 minsCyberattacksRansomwareTechnology Industry 6 security reasons to upgrade to Windows 10 Jul 25, 2018 1 mins Application SecurityPrivacyWindows Don’t ignore application security | Salted Hash Ep 35 Jul 23, 2018 18 mins Application SecuritySecurityVulnerabilities The difference between red team engagements and vulnerability assessments | Salted Hash Ep 34 Jul 3, 2018 16 mins Application SecurityCybercrimeData Breach See all videos Explore a topicBusiness ContinuityBusiness OperationsCareersCloud SecurityComplianceCritical InfrastructureCybercrimeIdentity and Access ManagementIndustryIT LeadershipNetwork SecurityPhysical SecurityPrivacyRisk ManagementView all topics Show me morePopularArticlesPodcastsVideos how-to How to justify your security investments By Chritstoph SchuhwerkDec 11, 20256 mins C-SuiteCSO and CISOIT Leadership news Fortinet admins urged to update software to close FortiCloud SSO holes By Howard SolomonDec 10, 20254 mins Access ControlIdentity and Access ManagementSingle Sign-on news Making cybercrime illegal won't stop it; making cybersec research legal may By Maxwell CooterDec 10, 20255 mins CybercrimeGovernmentIndustry podcast CISO Reality: Record Pay, Rising Pressure, and Retention Risk By Joan GoodchildDec 10, 202527 mins CSO and CISOSecurity Infrastructure podcast Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense By Joan GoodchildDec 3, 202527 mins Artificial IntelligenceCSO and CISOPhishing podcast The Future of Cybersecurity Leadership: AI, Governance & Education | Kevin Powers, Boston College Nov 19, 202523 mins CyberattacksCybercrimeRisk Management video CISO Reality: Record Pay, Rising Pressure, and Retention Risk By Joan GoodchildDec 10, 202527 mins CSO and CISOSecurity Infrastructure video Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense By Joan GoodchildDec 3, 202527 mins Artificial IntelligenceCSO and CISOPhishing video The Future of Cybersecurity Leadership: AI, Governance & Education | Kevin Powers, Boston College Nov 19, 202523 mins CyberattacksCybercrimeRisk Management