CNIL’s €1.7M fine against Nexpublica highlights recurring challenges in public-sector application security and GDPR Article 32 compliance.

The case emphasizes risk-based security obligations, audit follow-through, and the expectation that professional software providers proactively address known weaknesses—especially when processing sensitive health and disability data.

Would welcome practitioner insights on improving assurance models and accountability in public-sector software supply chains.

Follow @technadu for objective cybersecurity analysis.

Source: https://cyberinsider.com/france-fines-nexpublica-e1-7m-for-failure-to-secure-sensitive-data/

#InfoSec #ApplicationSecurity #GDPR #RiskManagement #PublicSectorSecurity #PrivacyEngineering

Become a vendor at New England's leading application security conference. Since its start in 2012, OWASP BASC has consistently welcomed at least 150 attendees.

Sponsoring this event offers a remarkable chance to engage with top experts in application security and to expand your visibility within the OWASP Community in New England and beyond. For more information, please check out our sponsorship kit at www.basconf.org

#appsec #owasp #basc2026 #basc #applicationsecurity

Seize the opportunity to speak at the leading application security conference in New England!

This is a unique chance to deliver your insights to fellow professionals and impart your knowledge. Our participants are eager to gain fresh insights, and you could be the one to enlighten them.

Submit your presentation or workshop today at https://www.basconf.org

#appsec #owasp #basc2026 #applicationsecurity

Set your new year's goal to speak at the premier application security conference in New England. Share your expertise and present in front of your peers. This is your chance to teach something new to our attendees. The Call for Talks & Workshops for OWASP BASC is now open! Remember, the last day to submit your proposal is January 11th, 2026. Don’t miss out on this opportunity—submit your talk at www.basconf.org.

#appsec #owasp #basc2026 #applicationsecurity

Check out ˗ˏˋ ⭒ https://lnkd.in/gE2wUqgc ⭒ ˎˊ˗ to see my intro whilst you listen.

I'm thus re-naming this work as "CVE Keeper - Security at x+1; rethinking vulnerability management beyond CVSS & scanners". I must also thank @andrewpollock for reviewing several of my verbose drafts. 🫡

So, Security at x+1; rethinking vulnerability management beyond CVSS & scanners -

Most vulnerability tooling today is optimized for disclosure and alert volume, not for making correct decisions on real systems. CVEs arrive faster than teams can evaluate them, scores are generic, context arrives late, and we still struggle to answer the only question that matters: does this actually put my system at risk right now?

Over the last few years working close to CVE lifecycle automation, I’ve been designing an open architecture that treats vulnerability management as a continuous, system-specific reasoning problem rather than a static scoring task. The goal is to assess impact on the same day for 0-days using minimal upstream data, refine accuracy over time as context improves, reason across dependencies and compound vulnerabilities, and couple automation with explicit human verification instead of replacing it.

This work explores:

⤇ 1• Same-day triage of newly disclosed and 0-day vulnerabilities
⤇ 2• Dependency-aware and compound vulnerability impact assessment
⤇ 3• Correlating classical CVSS with AI-specific threat vectors
⤇ 4• Reducing operational noise, unnecessary reboots, and security burnout
⤇ 5• Making high-quality vulnerability intelligence accessible beyond enterprise teams

The core belief is simple: most security failures come from misjudged impact, not missed vulnerabilities. Accuracy, context, and accountability matter more than volume.

I’m sharing this to invite feedback from folks working in CVE, OSV, vulnerability disclosure, AI security, infra, and systems research. Disagreement and critique are welcome. This problem affects everyone, and I don’t think incremental tooling alone will solve it.

P.S.

• Super appreciate everyone that's spent time reviewing my drafts and reading all my essays lol. I owe you 🫶🏻
• ... and GoogleLM. These slides would have taken me forever to make otherwise.

Take my CVE-data User Survey to allow me to tailor your needs into my design - lnkd.in/gcyvnZeE
See more at - lnkd.in/gGWQfBW5
lnkd.in/gE2wUqgc

#VulnerabilityManagement #Risk #ThreatModeling #CVE #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntelligence #ApplicationSecurity #SecurityOperations #ZeroDay #RiskManagement #DevSecOps #CVE #CVEAnalysis #VulnerabilityDisclosure #SecurityData #CVSS #VulnerabilityAssessment #PatchManagement #AI #AIML #AISecurity #MachineLearning #AIThreats #AIinSecurity #SecureAI #OSS #Rust #ZeroTrust #Security

https://www.linkedin.com/feed/update/urn:li:activity:7409399623087370240

Last month of the year! Set up a new year goal to speak at a conference. Apply to speak at the only application security conference in New England. Present in front of your peers. Teach something new to our attendees. Last day to submit is Jan 11th 2026. Submit your talk at www.basconf.org

#appsec #owasp #basc2026 #applicationsecurity

🎄✨ For those starting their holiday break, take the opportunity to watch this gem from our 2024 archives!

🎥 "From code to security, Mastering the art of AppSec" by Justin Landry

Dive into the world of application security with Justin Landry as he guides us from code to security. An essential masterclass for anyone interested in AppSec! 🔐💻

👉 Watch now: https://www.youtube.com/watch?v=V4OO4fu5W2M

#AppSec #Cybersecurity #ApplicationSecurity #InfoSec

🎄✨ Pour ceux qui commencent leurs vacances du temps des fêtes, profitez-en pour revoir cette vidéo de nos archives 2024!

🎥 "From code to security, Mastering the art of AppSec" par Justin Landry
Plongez dans l'univers de la sécurité applicative avec Justin Landry qui nous guide du code à la sécurité. Une masterclass essentielle pour quiconque s'intéresse à l'AppSec! 🔐💻

👉 Regardez maintenant : https://www.youtube.com/watch?v=V4OO4fu5W2M

#AppSec #Cybersecurity #ApplicationSecurity #InfoSec #Hacking

Our Ross Donald took a look at Eurostar’s public AI chatbot and found four security issues, including guardrail bypass, prompt injection, weak conversation binding, and HTML injection.

The chatbot UI suggested strong controls, but server side enforcement was incomplete. By modifying chat history and IDs, it was possible to influence model behaviour and extract internal details.

This research shows that familiar web and API security failures still apply, even when an LLM sits in the middle.

📌 https://www.pentestpartners.com/security-blog/eurostar-ai-vulnerability-when-a-chatbot-goes-off-the-rails/

#CyberSecurity #AIsecurity #LLM #ApplicationSecurity #AI #Chatbot #Eurostar

✅ Strengthen defenses with application whitelisting.
📋 Only allow known-good apps to run, reducing the risk of malware infections.
👉 https://zurl.co/VidvW

#CyberSecurity #ApplicationSecurity #ITSecurity #Zevonix

Become a vendor at New England's leading application security conference. Since its start in 2012, OWASP BASC has consistently welcomed at least 150 attendees.

Sponsoring this event offers a remarkable chance to engage with top experts in application security and to expand your visibility within the OWASP Community in New England and beyond. For more information, please check out our sponsorship kit at www.basconf.org

#appsec #owasp #basc2026 #basc #applicationsecurity

#AIagents can boost productivity - but without safeguards, they also introduce real risk.

To prevent catastrophic failures, you must secure the ReAct loop with:
• Provenance
• Critics
• Scoped Tools
• Threat Modeling
• Bounded Autonomy

Dive deeper with this #InfoQ article by Sriram Madapusi Vasudevan, Senior Software Engineer at AWS ⇨ https://bit.ly/48Tzi4x

#SoftwareArchitecture #AIarchitecture #ApplicationSecurity

Want to enhance your professional brand next year? Apply to be a speaker at New England's premier application security conference! Share your insights and expertise with peers eager to learn about new methodologies and strategies.

The Call for Talks & Workshops for the OWASP Boston Application Security Conference (BASC) is now open until January 11th, 2026.
Submit your proposal at https://www.basconf.org and help advance global application security practices. #applicationsecurity #owasp

Become a vendor at the premier application security conference in New England and seize the opportunity to expand your network and knowledge within this dynamic field.
For those interested in exploring the myriad benefits of sponsorship, we invite you to delve into our comprehensive sponsorship kit available at https://www.basconf.org.

Join us in advancing the field of application security and make your mark on this influential platform.

#appsec #owasp #basc2026 #basc #applicationsecurity

Set your new year's goal to speak at the premier application security conference in New England. Share your expertise and present in front of your peers. This is your chance to teach something new to our attendees. The Call for Talks & Workshops for OWASP BASC is now open! Remember, the last day to submit your proposal is January 11th, 2026. Don’t miss out on this opportunity—submit your talk at www.basconf.org.

#appsec #owasp #basc2026 #applicationsecurity

React has released fixes for newly identified React Server Components vulnerabilities discovered during community analysis of a previously disclosed critical flaw.

The issues include pre-authentication denial-of-service conditions and a constrained source code exposure scenario. React maintainers emphasized that follow-on disclosures are a common outcome of deeper scrutiny after high-impact patches.

How do you approach variant analysis and regression testing in application security?
Share insights, engage with peers, and follow us for continued coverage.

Source: https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.html

#infosec #applicationsecurity #reactjs #websecurity #opensource #vulnerabilityresearch #technadu

Become a vendor at New England’s premier app sec conference! OWASP BASC 2026 brings together 150+ security pros. Boost your brand, connect with experts, and support OWASP.
Check out the opportunities here: www.basconf.org

#appsec #owasp #basc2026 #basc #applicationsecurity

Last month of the year! Set up a new year goal to speak at a conference. Apply to speak at the only application security conference in New England. Present in front of your peers. Teach something new to our attendees. Last day to submit is Jan 11th 2026. Submit your talk at www.basconf.org

#appsec #owasp #basc2026 #applicationsecurity

Fraud & Application Security: Ignoring each other is costing your business !
https://securityautopsy.com/fraud-application-security-ignoring-each-other-is-costing-your-business/

#Infosec #Security #Cybersecurity #CeptBiro #Fraud #ApplicationSecurity #Hackfest

Become a vendor at New England's leading application security conference. Since its start in 2012, OWASP BASC has consistently welcomed at least 150 attendees.

Sponsoring this event offers a remarkable chance to engage with top experts in application security and to expand your visibility within the OWASP Community in New England and beyond. For more information, please check out our sponsorship kit at www.basconf.org

#appsec #owasp #basc2026 #basc #applicationsecurity