Latest from todayFeature14 old software bugs that took way too long to squashAs these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time.By Josh Fruhlinger and John LeydenMar 5, 202617 minsApplication SecurityVulnerabilities Opinion Why application security must start at the load balancerBy Vishnu GatlaFeb 27, 20268 minsApplication SecuritySecurityFeature The new paradigm for raising up secure software engineersBy Ericka ChickowskiFeb 18, 202610 minsApplication SecurityDevSecOpsSecurity FeatureSoftware developers: Prime cyber targets and a rising risk vector for CISOsBy John Leyden Feb 9, 20269 minsApplication SecurityDevSecOpsSecurity OpinionShai-Hulud & Co.: The supply chain as the Achilles heelBy Patrick Münch Feb 3, 20267 minsApplication SecurityDevSecOpsSecurity OpinionThe culture you can’t see is running your security operationsBy Maman Ibrahim and Gavriel Schneider Jan 19, 202611 minsApplication SecurityCyberattacksData Breach News AnalysisServiceNow BodySnatcher flaw highlights risks of rushed AI integrationsBy Lucian Constantin Jan 19, 20268 minsApplication SecurityTechnology IndustryVulnerabilities OpinionFor application security: SCA, SAST, DAST and MAST. What next?By Sunil Gentyala Jan 13, 202610 minsApplication SecurityDevSecOpsSecurity FeatureCISOs’ top 10 cybersecurity priorities for 2026By Mary K. Pratt Jan 12, 202611 minsApplication SecurityCSO and CISOThreat and Vulnerability Management Articlesnews analysisCritical RCE flaw allows full takeover of n8n AI workflow platform‘A compromised n8n instance doesn’t just mean losing one system — it means handing attackers the keys to everything,’ security researchers wrote of the 10.0 severity vulnerability.By Lucian Constantin Jan 7, 2026 5 minsApplication SecurityArtificial IntelligenceVulnerabilitiesnewsCritical vulnerability in IBM API Connect could allow authentication bypassRated 9.8 out of 10 in severity, the flaw could allow a remote attacker to gain unauthorized access to applications.By Lynn Greiner Dec 31, 2025 5 minsAPIsApplication SecurityDevelopment Toolsnews analysisManaging agentic AI risk: Lessons from the OWASP Top 10Agentic AI is being adopted fast by enterprises, propelled by an explosion of use cases, but security, as always, is lagging. The OWASP Top 10 for Agentic AI can help close that gap.By Maria Korolov Dec 19, 2025 8 minsApplication SecurityArtificial IntelligenceGenerative AInews analysisHidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fixResearcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy classes also accept non-HTTP URLs, a behavior developers are responsible to guard against — but not likely to expect.By Lucian Constantin Dec 10, 2025 6 minsApplication SecuritySecuritySoftware DevelopmentbrandpostSponsored by VeracodeVeracode Static Analysis: The Right Scan, At The Right Time, In The Right PlaceVeracode Static Analysis: Meeting the Modern AppSec ChallengeBy Veracode May 14, 2020 1 minApplication SecuritySecuritynewsApache Tika hit by critical vulnerability thought to be patched months agoThe scope of an old PDF parsing flaw has been widened to include more Tika modules.By John E. Dunn Dec 8, 2025 3 minsApplication SecurityDevelopment ToolsVulnerabilitieshow-toKey questions CISOs must ask before adopting AI-enabled cyber solutionsFrom assessing your organizational risk tolerance to vetting the vendor’s long-term viability, AI-powered capabilities present complexities and nuances that require a deep commitment to determining fit.By Neal Weinberg Dec 2, 2025 9 minsApplication SecurityArtificial IntelligenceData and Information SecuritynewsFortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment CISA has ordered agencies to patch the FortiWeb web application firewall within seven days after news of exploits emerged.By John E. Dunn Nov 20, 2025 5 minsApplication SecurityVulnerabilitiesZero-Day VulnerabilitiesopinionSelling to the CISO: An open letter to the cybersecurity industryThe industry has stopped rewarding what works in favor of what sells. But as security leaders with very real risks on the line, we need reliable solutions more than we need revolutionary sales pitches.By Tyler Farrar Nov 20, 2025 6 minsApplication SecurityCSO and CISOTechnology IndustrynewsSpam flooding npm registry with token stealers still isn’t under controlGoal is to steal Tea tokens by inflating package downloads, possibly for profit when the system can be monetized.By Howard Solomon Nov 14, 2025 7 minsApplication SecurityDevelopment ToolsOpen SourcenewsRogue MCP servers can take over Cursor’s built-in browserA new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.By Lucian Constantin Nov 13, 2025 6 minsApplication SecurityDevSecOpsVulnerabilitiesnews analysisAI-powered bug hunting shakes up bounty industry — for better or worseAI tools are democratizing and accelerating vulnerability discovery — and taxing vulnerability management programs with false positives and ‘AI slop.’By John Leyden Oct 31, 2025 6 minsApplication SecurityArtificial IntelligenceDevSecOpsfeatureNetwork security devices endanger orgs with ’90s era flawsBuilt to defend enterprise networks, network edge security devices are becoming liabilities, with an alarming rise in zero-day exploits of what experts describe as basic vulnerabilities. Can the security device industry correct course?By Lucian Constantin Oct 20, 2025 12 minsApplication SecurityDevSecOpsTechnology Industry Show more Show less View all Resources whitepaper eBook: Solve AI Data Delivery Bottlenecks Solve AI data delivery bottlenecks to unlock better outcomes The post eBook: Solve AI Data Delivery Bottlenecks appeared first on Whitepaper Repository –. By F5 Inc. 24 Jan 2026Application SecurityArtificial IntelligenceCloud whitepaper F5 Webinar Featuring Forrester: Navigating the New Era of App Delivery and Security By F5 23 Jan 2026Application ManagementApplication SecurityCloud View all Podcasts podcastsSponsored by VeracodeA Hard Look at Software SecurityIn Season 2 of our podcast series, we’ll discuss the implications and mandates generated by Veracode’s most recent State of Software Security report. Our industry experts will pick up from Season 1’s highlights to take a closer look at application security today. Listeners will learn more about: The impact security debt is having across industries The changing attitudes and priorities put around application security How the average number of days to fix software flaws has almost tripled since the last report The case for scanning early and often 12 episodesApplication Security Ep. 12 Frequency matters: the case for scanning early and often, part 2 Jun 20, 202314 mins Application SecurityData and Information SecuritySecurity Ep. 08 Unresolved flaws: security debt grows deeper Jun 20, 202311 mins Application SecurityData and Information SecuritySecurity Video on demand video Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense In this episode of Cyber Sessions, Visa CISO Subra Kumaraswamy takes us inside the company’s 24/7 Cyber Fusion Centers, where AI-driven defenses block 90 million attacks and 11 million phishing emails each month. He shares how his team achieves “zero breach, zero disruption” across 200+ countries—and what lessons other security leaders can learn from Visa’s global approach to resilience. By Joan Goodchild Dec 15, 2025 26 minsApplication SecurityCSO and CISO What’s ahead for cybersecurity in 2019: TECH(talk) Feb 1, 2019 25 mins CyberattacksRansomwareTechnology Industry 6 security reasons to upgrade to Windows 10 Jul 25, 2018 1 mins Application SecurityPrivacyWindows Don’t ignore application security | Salted Hash Ep 35 Jul 23, 2018 18 mins Application SecuritySecurityVulnerabilities See all videos Explore a topicBusiness ContinuityBusiness OperationsCareersCloud SecurityComplianceCritical InfrastructureCybercrimeIdentity and Access ManagementIndustryIT LeadershipNetwork SecurityPhysical SecurityPrivacyRisk ManagementView all topics Show me morePopularArticlesPodcastsVideos news Trump’s cyber strategy emphasizes offensive operations, deregulation, AI By Cynthia BrumfieldMar 6, 20266 mins GovernmentGovernment ITSecurity news ClickFix attackers using new tactic to evade detection, says Microsoft By Howard SolomonMar 6, 20265 mins MalwarePhishingSocial Engineering news Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short By Taryn PlumbMar 6, 20266 mins BusinessCSO and CISOEnterprise podcast CSO Executive Sessions ASEAN: From Compliance to Cyber Resilience-Securing Patient Trust in Southeast Asia’s Hospitals By Estelle QuekFeb 24, 202623 mins CyberattacksCybercrimeRansomware podcast How Intelligence and AI Are Changing Cyber Defense | Erin Whitmore, Former CIA By Joan GoodchildFeb 4, 202628 mins CyberattacksCybercrime podcast Inside the SMB Threat Landscape: AT&T’s Senthil Ramakrishnan on Why Small Businesses Are Cybercrime’s Favorite Target By Joan GoodchildJan 13, 202623 mins CybercrimeSmall and Medium Business video CSO Executive Sessions ASEAN: From Compliance to Cyber Resilience-Securing Patient Trust in Southeast Asia’s Hospitals By Estelle QuekFeb 24, 202623 mins CSO and CISOElectronic Health RecordsRansomware video How Intelligence and AI Are Changing Cyber Defense | Erin Whitmore, Former CIA By Joan GoodchildFeb 4, 202628 mins CyberattacksCybercrime video Inside the SMB Threat Landscape: AT&T’s Senthil Ramakrishnan on Why Small Businesses Are Cybercrime’s Favorite Target By Joan GoodchildJan 13, 202623 mins CybercrimeSmall and Medium Business