News
Application security and coding requirements
-
June 20, 2025
20
Jun'25
Election workers’ data stolen in cyber breach of Oxford City Council
Oxford City Council election workers had personal information stolen by cyber attackers in an attack over the weekend of 7-8 June. The council has stated that most disrupted systems are back online
-
June 11, 2025
11
Jun'25
June Patch Tuesday brings a lighter load for defenders
Barely 70 vulnerabilities make the cut for Microsoft’s monthly security update, but an RCE flaw in WEBDAV and an EoP issue in Windows SMB Client still warrant close attention
-
June 11, 2025
11
Jun'25
Cyber Bill at risk of becoming a missed opportunity, say MPs
An APPG report warns that the government’s flagship cyber security legislation is too narrow in its scope and risks missing opportunities to embed resilience at the heart of the British economy
-
June 06, 2025
06
Jun'25
CISOs must translate cyber threats into business risk
To manage risk effectively and secure board-level buy-in, CISOs must stop talking about technology and start speaking the language of business, according to a senior Check Point executive
-
June 05, 2025
05
Jun'25
How GitLab is tapping AI in DevSecOps
GitLab CISO Josh Lemos explains how the company is weaving AI, through its Duo tool, into the entire software development lifecycle to enhance efficiency and automate incident response
-
June 04, 2025
04
Jun'25
Infosecurity 2025: SMEs feel on their own in the face of cyber attacks
Project findings to be presented at Infosecurity Europe 2025 highlight vulnerability of SMEs to cyber attack
-
May 30, 2025
30
May'25
Dutch businesses lag behind in cyber resilience as threats escalate
While non-IT business professionals in the middle of their careers face the most disruption from AI, professionals in the IT services sector and their employers must prepare for change
-
May 16, 2025
16
May'25
Security tests reveal serious vulnerability in government’s One Login digital ID system
A ‘red teaming’ exercise to simulate cyber attacks on the government’s flagship digital identity system has found that One Login can be compromised without detection
-
May 14, 2025
14
May'25
Enisa launches European vulnerability database
The EU’s new vulnerability database is designed to offer a broader, more transparent source of information on new cyber vulnerabilities
-
May 14, 2025
14
May'25
New security paradigm needed for IT/OT convergence
Industry leaders and policymakers highlight growing cyber threats from the integration of IT and operational technology systems, calling for collaboration and regulatory frameworks to protect critical systems, among other measures
-
May 13, 2025
13
May'25
May Patch Tuesday brings five exploited zero-days to fix
Microsoft fixes five exploited, and two publicly disclosed, zero-days in the fifth Patch Tuesday update of 2025
-
May 08, 2025
08
May'25
UK government websites to replace passwords with secure passkeys
Government websites are to replace difficult-to-remember passwords with highly secure passkeys that will protect against phishing and cyber attackers
-
May 07, 2025
07
May'25
Meta awarded $167m in court battle with spyware mercenaries
WhatsApp owner Meta is awarded millions of dollars in damages and compensation after its service was exploited by users of mercenary spyware developer NSO’s infamous Pegasus mobile malware
-
May 07, 2025
07
May'25
Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring
Research from Sans Institute reveals European organisations are leading a global shift in hiring priorities, driven by regional regulatory frameworks
-
April 30, 2025
30
Apr'25
Current SaaS delivery model a risk management nightmare, says CISO
JPMorgan Chase security chief Patrick Opet laments the state of SaaS security in an open letter to the industry and calls on software providers to do more to enhance resilience
-
April 29, 2025
29
Apr'25
Kaspersky calls for cyber immunity amid growing cyber threats
The rise of professional cyber crime groups and state-sponsored actors targeting critical infrastructure requires a move towards inherently secure ‘cyber immune’ systems, says Kaspersky CEO Eugene Kaspersky
-
April 23, 2025
23
Apr'25
Amid uncertainty, Armis becomes newest CVE numbering authority
Amid an uncertain future for vulnerability research, exposure management company Armis has been given the authority to assign CVE IDs to newly discovered vulnerabilities
-
April 22, 2025
22
Apr'25
AI-powered APIs proving highly vulnerable to attack
The growth of AI is proving a double-edged sword for API security, presenting opportunities for defenders to enhance their resilience, but also more risks from AI-powered attacks, according to report
-
April 21, 2025
21
Apr'25
Top APAC firms recognised at innovation awards
Citic Telecom, CapitaLand Investment and DBS Bank were among the region’s top industry innovators recognised for their digital transformation efforts at the Computer Weekly Innovation Awards APAC 2025
-
April 21, 2025
21
Apr'25
CW Innovation Awards: Transforming cyber security with AI
Facing rising cyber threats and a shortage of experts, Citic Telecom International CPC developed an AI-powered penetration testing tool to automate security audits and reduce costs
-
April 16, 2025
16
Apr'25
CISA extends Mitre CVE contract at last moment
The US Cybersecurity and Infrastructure Security Agency has ridden to the rescue of the under-threat Mitre CVE Programme, approving a last-minute, 11-month contract extension to preserve the project’s vital security vulnerability work
-
April 16, 2025
16
Apr'25
CVE Foundation pledges continuity after Mitre funding cut
With news that Mitre’s contract to run the world-renowned CVE Programme is abruptly terminating, a breakaway group is setting up a non-profit foundation to try to ensure the project’s continuity
-
April 16, 2025
16
Apr'25
Security leaders grapple with AI-driven threats
Experts warn of AI’s dual role in both empowering and challenging cyber defences, and called for intelligence sharing and the need to strike a balance between AI-driven innovation and existing security practices
-
April 15, 2025
15
Apr'25
Mitre warns over lapse in CVE coverage
Mitre, the operator of the world-renowned CVE repository, has warned of significant impacts to global cyber security standards, and increased risk from threat actors, as it emerges its US government contract will lapse imminently
-
April 11, 2025
11
Apr'25
Warranty fraud fuels hidden army of hardware hackers
Widespread warranty fraud is not only costing companies billions but also creating a breeding ground for advanced hardware exploits, warns hardware hacker and researcher Bunnie Huang at Black Hat Asia 2025
-
April 10, 2025
10
Apr'25
Google bets on unifying security tools to ease CISO pain
At Google Cloud Next in Las Vegas, Google launches its Unified Security platform with the goal of bringing together disparate security solutions to help cyber leaders and practitioners address their most keenly felt pain points
-
April 09, 2025
09
Apr'25
Microsoft’s April 2025 bumper Patch Tuesday corrects 124 bugs
Microsoft is correcting 124 vulnerabilities in its March Patch Tuesday, one of which is being actively exploited in the wild, and 11 of which are ‘critical’
-
April 07, 2025
07
Apr'25
NIST calls time on older vulnerabilities amid surging disclosures
The National Institute of Standards and Technology is deferring future updates to thousands of cyber vulnerabilities discovered prior to 2018 amid surging volumes of new submissions
-
April 04, 2025
04
Apr'25
Norway and Nordic financial sector ramps up cyber security
Finans Norge sets up cyber security unit CTSU to support the finance sector in Norway amid increasing threats
-
March 25, 2025
25
Mar'25
ETSI launches first post-quantum encryption standard
European telco standards body launches its first post-quantum cryptography cyber standard, covering the security of critical data and communications
-
March 18, 2025
18
Mar'25
Seaco charts course for unified security strategy
Shipping container leasing giant consolidates security tools onto a single platform, leveraging AI and extended detection and response to improve security operations
-
March 12, 2025
12
Mar'25
iPhone, iPad update fixes critical WebKit flaw
iPhone and iPad users are advised to update their devices as Apple addresses an out-of-bounds write issue in the WebKit browser engine that appears to have been exploited in targeted cyber attacks
-
March 11, 2025
11
Mar'25
March Patch Tuesday brings 57 fixes, multiple zero-days
The third Patch Tuesday of 2025 brings fixes for 57 flaws and a hefty number of zero-days
-
March 11, 2025
11
Mar'25
UK government under-prepared for catastrophic cyber attack, hears PAC
The Commons Public Accounts Committee heard government IT leaders respond to recent National Audit Office findings that the government’s cyber resilience is under par
-
March 11, 2025
11
Mar'25
Singapore IT leaders boost AI security defences
Study reveals a surge in perceived importance of artificial intelligence for cyber security in Singapore, but declining investment in traditional measures raises concerns as sophisticated cyber attacks intensify
-
March 06, 2025
06
Mar'25
Going beyond search: Elastic’s observability and security play
Elastic’s chief product officer Ken Exner talks up the company’s expansion into observability and security and how it balances innovation with community contributions and monetisation
-
March 04, 2025
04
Mar'25
Aussie businesses ramp up security spending
Australian organisations are set to spend A$6.2bn on security and risk management in 2025, a 14.4% jump from the previous year, driven by the rise of AI and a growing threat landscape
-
February 27, 2025
27
Feb'25
CVE volumes head towards 50,000 in 2025, analysts claim
Many trends, notably a big shift to open source tools, are behind an expected boom in the number of disclosed vulnerabilities
-
February 20, 2025
20
Feb'25
Watchdog approves Sellafield physical security, but warns about cyber
The Office for Nuclear Regulation has taken Sellafield out of special measures for physical security, but harbours cyber security concerns
-
February 14, 2025
14
Feb'25
Lenovo CSO: AI adoption fuels security paranoia
Doug Fisher, Lenovo’s chief security officer, outlines the company’s approach to security and AI governance, and the importance of having a strong security culture to combat cyber threats amplified by the use of AI
-
February 14, 2025
14
Feb'25
Government renames AI Safety Institute and teams up with Anthropic
Addressing the Munich Security Conference, UK government technology secretary Peter Kyle announces a change to the name of the AI Safety Institute and a tie-up with AI company Anthropic
-
February 12, 2025
12
Feb'25
Microsoft’s February 2025 Patch Tuesday corrects 57 bugs, three critical
Microsoft is correcting 57 vulnerabilities in its February Patch Tuesday, two of which are being actively exploited in the wild, and three of which are ‘critical’
-
February 11, 2025
11
Feb'25
Google: Cyber crime meshes with cyber warfare as states enlist gangs
A report from the Google Threat Intelligence Group depicts China, Russia, Iran and North Korea as a bloc using cyber criminal gangs to attack the national security of western countries
-
February 07, 2025
07
Feb'25
US lawmakers move to ban DeepSeek AI tool
US politicians have introduced a bill seeking to ban the use of the DeepSeek AI tool on government-owned devices, citing national security concerns due to its alleged links to the Chinese state
-
January 31, 2025
31
Jan'25
AI jailbreaking techniques prove highly effective against DeepSeek
Researchers at Palo Alto have shown how novel jailbreaking techniques were able to fool breakout GenAI model DeepSeek into helping to create keylogging tools, steal data, and make a Molotov cocktail
-
January 29, 2025
29
Jan'25
How government hackers are trying to exploit Google Gemini AI
Google’s threat intel squad has shared information on how nation state threat actors are attempting to exploit its Gemini AI tool for nefarious ends
-
January 22, 2025
22
Jan'25
APAC businesses face surge in email attacks
Sophisticated phishing and business email compromise campaigns are increasingly targeting organisations across the Asia-Pacific region, research reveals
-
January 15, 2025
15
Jan'25
Cyber security dovetails with AI to lead 2025 corporate IT investment
Cyber security and GenAI top enterprise IT investment plans for 2025, whether singly or together, according to research from Enterprise Strategy Group
-
January 15, 2025
15
Jan'25
Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities
The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity – including eight zero-day flaws
-
December 18, 2024
18
Dec'24
Top 10 cyber security stories of 2024
Data breaches, data privacy and protection, and the thorny issue of open source security were all hot topics this year. Meanwhile, security companies frequently found themselves hitting the headlines, and not always for good reasons. Here are ...