Application security – Securitydive

Hackers Abuse Google Tasks Notifications in Sophisticated Phishing Attacks

Attackers abused Google Cloud Application Integration to send phishing emails from legitimate Google domains Emails mimicked Google notifications, redirecting victims through trusted services Nearly 3,200 businesses targeted; most victims in U.S. manufacturing, tech, and finance sectors Over 3,000 organizations fell victim to a sophisticated phishing campaign in December 2025 that weaponized Google’s legitimate application infrastructure…

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

admin2 months ago03 mins

The cybersecurity industry is on high alert following the disclosure of a critical React vulnerability that can be exploited by a remote, unauthenticated attacker for remote code execution. React (React.js) is an open source JavaScript library designed for creating application user interfaces. Maintained by Meta and a large community of companies and individual developers from…

F5 introduces post-quantum cryptography tools for application security

admin7 months ago05 mins

Application security firm F5 Inc. today announced a series of new post-quantum cryptography readiness solutions as part of its Application Delivery and Security Platform to help organizations prepare for the cybersecurity threats posed by quantum computing. F5’s new PQC solutions are designed to safeguard sensitive data and maintain performance across hybrid, multicloud and legacy environments at a…

New Mandatory rules for all UPI apps rolled by Govt. of India

admin8 months ago04 mins

The primary goal is to enhance user confidence and security by ensuring that customers always see the verified, official name of the payment recipient. This change aims to reduce fraud and errors in any type of digital transactions. The National Payments Corporation of India (NPCI), which oversees digital payment systems such as Bharat Bill Pay,…

Lazarus Group targets South Korean supply chains via software flaws

admin9 months ago9 months ago06 mins

Kaspersky’s Global Research and Analysis Team (GReAT) has identified a new cyber campaign led by the Lazarus Group targeting supply chains in South Korea through combined watering hole attacks and exploitation of vulnerabilities in third-party software. The campaign, dubbed “Operation SyncHole,” was observed targeting at least six organisations across the software, IT, financial, semiconductor, and…

NetFoundry Raises $12 Million for Network Security Solutions

admin9 months ago06 mins

The zero-trust networking startup NetFoundry Inc. said today it has received its first cash injection from venture capitalists, raising $12 million in funding. SYN Ventures was the sole participant in the round, and the cash will be used to help support the startup’s mission to simplify, secure and accelerate innovation in enterprise software. NetFoundry is the creator…

Palo Alto Networks Expedition Tool Vulnerability Exposes Cleartext Firewall Passwords

admin1 year ago03 mins

Palo Alto Networks has disclosed multiple critical security vulnerabilities in its Expedition migration tool, including a concerning OS command injection flaw that enables attackers to execute arbitrary commands and access sensitive firewall credentials. The command injection vulnerability (CVE-2025-0107) allows authenticated attackers to run arbitrary OS commands as the www-data user, potentially exposing usernames, cleartext passwords, device…

VMware Patches High-Severity Code Execution Flaw in Fusion

admin1 year ago02 mins

VMware on Tuesday pushed out a security update for its Fusion hypervisor to address a high-severity vulnerability that exposes uses to code execution exploits. The root cause of the issue, tracked as CVE-2024-38811 (CVSS 8.8/10), is an insecure environment variable, VMware notes in an advisory. “VMware Fusion contains a code execution vulnerability due to the usage of an…

Zoom Critical Vulnerabilities Let Attackers Escalate Privileges

admin1 year ago1 year ago02 mins

The vulnerabilities highlight significant risks for users across various platforms, including Windows, macOS, Linux, iOS, and Android. Zoom Video Communications has disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients. These vulnerabilities, identified in multiple security bulletins, potentially allow attackers to escalate privileges on affected systems. The vulnerabilities highlight significant risks…

Current Scenario of Mobile Security Challenges & its Future Direction

admin2 years ago2 years ago08 mins

Each smart phone is always connected to the internet and applications are downloaded from different sources. Hence securing all these applications is a monumental task as each application has its own security vulnerabilities. In an interview with securitydive.in, Clement SAAD, CEO, Pradeo, uncovered some of the startling revelations and explained how serious challenge it is…