Web Application Security News

Scroll down for all the latest web application security news and information.

Browse other Application Security topics

Don’t miss out!

Subscribe to our weekly newsletter for the latest in industry news, expert insights, dedicated information security content and online events.

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

News25 Apr 2025

ELENOR-corp Ransomware Targets Healthcare Sector

News24 Apr 2025

Blue Shield of California Data Breach Affects 4.7 Million Members

News24 Apr 2025

A misconfigured tracking tool has exposed protected health information of 4.7 million Blue Shield members to Google Ads

Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily

News22 Apr 2025

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

News17 Apr 2025

MITRE will be able to keep running the CVE program for at least the next 11 months

Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack

News16 Apr 2025

Scalper Bots Fueling DVSA Driving Test Black Market

News16 Apr 2025

Chaos Reigns as MITRE Set to Cease CVE and CWE Operations

News16 Apr 2025

Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database

Organizations Found to Address Only 21% of GenAI-Related Vulnerabilities

News15 Apr 2025

Major WordPress Plugin Flaw Exploited in Under 4 Hours

News14 Apr 2025

Don’t miss out!

Subscribe to our weekly newsletter for the latest in industry news, expert insights, dedicated information security content and online events.

Webinars coming up

Closing the Browser Security Gap: Defending Against Modern Web-Based Threats

22 May 2025, 14:00 BST , 09:00 EDT

White papers

Gcore Radar: DDoS Attack Trends Q3 to Q4, 2023

White Paper20 Mar 2024

5 Ways to Strengthen Your Active Directory Password Policy

White Paper30 Oct 2023

Pipedream Chernovite's emerging malware targeting Industrial Control Systems

White Paper19 Aug 2022

On-demand webinars

How to Proactively Remediate Rising Web Application Threats
30 May 2024 Webinar
Experiencing a DDoS Simulation to Enhance Defenses
2 May 2024 Webinar
How to Pair Threat Hunting and Exploit Intelligence for Better Cybersecurity
21 Feb 2024 Webinar
Mastering Software Supply Chain Security with Strategic Defense Mechanisms
30 Nov 2023 Webinar
The Infosecurity Magazine End of Year Xmas Quiz (Feat. The Beer Farmers)
15 Dec 2022 Webinar
How a Threat Response Unit Unmasks a Hacker
1 Dec 2022 Webinar
Updating Your Active Directory Security to the Modern Threat Environment
27 Oct 2022 Webinar
How to Secure Your Applications Against API Attacks
8 Sep 2022 Webinar
Attack Surface Management: Discover and Secure Your Unknown Internet Exposure at Scale
30 Jun 2022 Webinar
Supply Chain Cybersecurity: How to Mitigate Third-Party Risks?
16 Jun 2022 Webinar

What’s hot on Infosecurity Magazine?

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

News25 Apr 2025

US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures

News25 Apr 2025

Royal Mail Investigates Data Breach Affecting Supplier

News2 Apr 2025

ELENOR-corp Ransomware Targets Healthcare Sector

News24 Apr 2025

ETSI Unveils New Baseline Requirements for Securing AI

News24 Apr 2025

SuperCard X Enables Contactless ATM Fraud in Real-Time

News22 Apr 2025

It’s Time to Stop Accepting Losses in Cybersecurity

Opinion21 Apr 2025

M&S Grapples with Cyber Incident Affecting In-Store Services

News23 Apr 2025

M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

News25 Apr 2025

Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors

News23 Apr 2025

Microsoft Reports 92% Adoption Rate for Phishing-Resistant MFA Among Corporate Users

News22 Apr 2025

Dutch Warn of “Whole of Society” Russian Cyber-Threat

News23 Apr 2025

Safeguarding Critical Supply Chain Data Through Effective Risk Assessment

Webinar10 Apr 2025

Cyber Resilience in the AI Era: New Challenges and Opportunities

Webinar25 Mar 2025

How to Implement Attack Surface Management in the AI and Cloud Age

Webinar3 Apr 2025

How to Tackle Rising Cloud Identity Attacks

Webinar27 Mar 2025

How CISO's Can Survive and Thrive in a Complex Cyber Landscape

Webinar18 Feb 2025

AI Agents and the Evolving Landscape of Digital Identity

Webinar27 Mar 2025

Bayer CISO Kevin Jones Securing Innovative Practices in the Life Science Industry

Interview15 Apr 2025

Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks

News24 Apr 2025

Zero Trust’s Reality Check: Addressing Implementation Challenges

News Feature19 Mar 2025

How the Channel is Evolving in the Cybersecurity Sector

News Feature18 Apr 2025

FBI Reveals “Staggering” $16.6bn Lost to Cybercrime in 2024

News23 Apr 2025

How CISO's Can Survive and Thrive in a Complex Cyber Landscape

Webinar18 Feb 2025

Podcasts

Eleanor Dallaway and Camille talk about Camille’s journey from Capitol Hill to Google as global head of product security strategy.
29 Apr 2022 Podcast
IntoSecurity Chats Episode 1 - Katie Moussouris
3 Mar 2021 Podcast
Into Security Podcast - Episode 1
15 May 2019 Podcast

Digital Certificate Lifespans to Fall to 47 Days by 2029

News14 Apr 2025

WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit

News9 Apr 2025

Precision-Validated Phishing Elevates Credential Theft Risks

News9 Apr 2025

New phishing method targets high-value accounts using real-time email validation

Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw

News4 Apr 2025

CrushFTP Vulnerability Exploited Following Disclosure Issues

News3 Apr 2025

Stripe API Skimming Campaign Unveils New Techniques for Theft

News2 Apr 2025

Gray Bots Surge as Generative AI Scraper Activity Increases

News2 Apr 2025

Steam Surges to Top of Most Spoofed Brands List in Q1

News2 Apr 2025

Gaming community Steam appeared most often in phishing emails and texts detected by Guardio in Q1 2025

WP Ultimate CSV Importer Flaws Expose 20,000 Websites to Attacks

News1 Apr 2025

NCSC Urges Users to Patch Next.js Flaw Immediately

News31 Mar 2025

The UK’s National Cyber Security Agency has called on Next.js users to patch CVE-2025-29927

Events coming up

Infosecurity Europe 2025

Event3 – 5 Jun 2025

Roundtable @ Infosecurity Europe: The Invisible Frontline, Proactive Approaches to Browser Defense

Magazine Event11:00 – 12:30 BST, 3 Jun 2025

Next-gen infosec

How to Prevent Data Leakages

Next-Gen11 Aug 2023

Top Cloud Misconceptions that Could Damage Your Organization

Next-Gen4 Aug 2023

Improve Asset Visibility in OT Security With Hybrid AI-Cloud Approaches

Next-Gen21 Jul 2023