application security

Siemens Polarion, a flagship application lifecycle management (ALM) solution adopted by some of the world’s most security-conscious enterprises, has come under intense scrutiny following the disclosure of several high-impact cybersecurity vulnerabilities. The revelations, identified and...

The recent disclosure of a security vulnerability in Siemens’ Mendix OIDC SSO modules has sent ripples across industries that rely on low-code platforms for rapid digital transformation, especially where secure authentication is paramount. Siemens—a global leader in industrial automation...

Shifting perceptions about application security (AppSec) are fundamentally transforming how organizations safeguard the software that powers modern business. No longer the exclusive purview of centralized security teams, AppSec is now woven deep into the fabric of development, procurement, and...

The recent disclosure of CVE-2025-32702 has sent ripples through the software development community, raising critical questions about the ongoing security of one of the most widely used integrated development environments: Visual Studio. This vulnerability, identified as a Remote Code Execution...

Microsoft’s relentless evolution of Windows 11 has ushered in sweeping changes to the platform’s security, feature set, and underlying architecture. While every major update promises advancement, each new build increasingly resembles a spring cleaning expedition—sweeping out legacy components...

Breaking through the learning curve of securing application networks in Azure is a challenge that virtually every Windows professional or DevOps engineer will encounter. The importance of robust cloud security has only magnified as businesses migrate mission-critical workloads and sensitive data...

The End of an Era: Microsoft Entra ID’s Move Away from Service Principal-Less Authentication In a rapidly evolving digital landscape, Microsoft’s approach to identity and access management has been a compass for the industry. With the news that Microsoft Entra ID will officially retire service...

Unpacking the Security Risks in Growatt Cloud Applications In the rapidly evolving landscape of energy management, cloud-based software platforms have become indispensable tools for monitoring and controlling renewable energy systems. Among them, Growatt Cloud Applications stand out as a popular...

The world of Azure application security isn’t just about spinning up services—it’s about building a tightly secured, well-orchestrated network infrastructure. One must think of it as constructing a high-security building: every room (or subnet) has a purpose, every door (or endpoint) has a key...

Microsoft is stepping up its security game by planning to integrate Defender Application Control for Business (WDAC) into Windows Server 2025. This new feature is poised to empower organizations to manage trusted applications and drivers effectively, fortifying their defenses against...

Microsoft's May 2024 Patch Tuesday updates have addressed critical vulnerabilities in .NET 6.0.31 (KB5039843) and .NET 7.0.20 (KB5039844), among other products. These updates are crucial for enhancing the security and stability of systems running these frameworks. .NET 6.0.31 (KB5039843) This...

I have been struggling with this for some time... At our company, like I assume at every enterprise, management believe that we (they) have implemented "least privilege principle", i.e. every software and every user has only those rights and privileges that are really needed for the task to be...

Original release date: January 8, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to Link Removed...

Original release date: November 10, 2015 Systems Affected Web servers that allow web shells Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert...

Severity Rating: Critical Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if an attacker sends a...

AntiXSS 4.3.0 helps you to protect your applications from cross-site scripting attacks. Link Removed

Resolves a vulnerability in the Microsoft Foundation Class (MFC) Library that could allow remote code execution if a user is logged on with administrative user rights and opens an application that is built by using the MFC Library. More...

A lot of people here asking what is the best way to secure ones windows PC, what is the best antivirus out there etc. There is no best for a single person, since we are all different and so are our needs. There have been many threads just showing you different security products, but i...

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that...

Revision Note: V1.1 (August 31, 2010) Added a link to Microsoft Knowledge Base Article 2264107 to provide an automated Microsoft Fix it solution for the workaround, Disable loading of libraries from WebDAV and remote network shares.Summary: Microsoft is aware that research has been published...