News

Application security and coding requirements

• June 12, 2026 12 Jun'26

  Oracle fixes PeopleSoft flaw exploited by ShinyHunters

  A zero-day vulnerability affecting Oracle’s PeopleSoft products is being exploited by a ShinyHunters campaign targeting schools and universities

• June 11, 2026 11 Jun'26

  Established enterprise patching models dead in the water, says report

  Vulnerability discovery and exploitation was surging dramatically even before Anthropic decided to unleash its frontier Mythos model. As such, an Action1 report finds old approaches to patching are no longer fit for purpose

• June 09, 2026 09 Jun'26

  Microsoft smashes record for biggest ever Patch Tuesday update

  Microsoft has obliterated the record for the largest ever Patch Tuesday drop, with its June 2026 update addressing approximately 200 flaws and three zero-days

• June 08, 2026 08 Jun'26

  Infosecurity Europe 2026: AI turbo-charging cyber crime and response

  AI is accelerating cyber attacks by criminals and hostile states, with attackers faster, more persistent and increasingly collaborative, say experts speaking at Infosecurity Europe 2026

• June 02, 2026 02 Jun'26

  Scottish residents granted permission for group action against Capita

  People of Scotland given the go-ahead on group proceedings regarding the 2023 Capita cyber breach, in which the personal information of millions of people was stolen from Capita systems after a major cyber attack

• June 01, 2026 01 Jun'26

  AI agents help Cato slash ‘time-to-protect’ from new CVEs

  The application of agentic AI to vulnerability management workflows has slashed mitigation times in experimental conditions, claims Sase specialist Cato Networks

• May 29, 2026 29 May'26

  Microsoft hits out over irresponsible vulnerability disclosure

  Microsoft goes on the offensive after a disgruntled security researcher unleashed a series of zero-days without checking in first

• May 27, 2026 27 May'26

  Glassworm botnet that targeted OS devs smashed to pieces

  CrowdStrike, Google and the Shadowserver Foundation worked together to take down a botnet that poisoned over 300 GitHub repositories, risking widespread supply chain compromise

• May 19, 2026 19 May'26

  Vulnerability exploitation now primary origin of data breaches

  Verizon’s annual cyber report reveals a major change in how data breaches originate, highlighting the impact of artificial intelligence

• May 12, 2026 12 May'26

  Microsoft releases rare zero-day free Patch Tuesday update

  No zero-day flaws were addressed in May’s Patch Tuesday update but as usual there is much for admins to chew over in the coming days

• May 11, 2026 11 May'26

  ServiceNow Knowledge 2026: FedEx digital chief unpacks agentic AI’s potential

  Speaking to Computer Weekly at ServiceNow Knowledge 2026, Vishal Talwar, FedEx’s executive vice-president and CDIO, lays out the company’s mission to scale artificial intelligence responsibly

• May 11, 2026 11 May'26

  The Netherlands leads in quantum technology but lags on quantum security

  The Dutch government has invested €615m to build a world-class quantum technology ecosystem, but many institutions have not started any quantum-specific preparations to protect themselves against the security threat

• May 08, 2026 08 May'26

  ESET: Don’t fear the ‘AI Terminator’, but prepare for agent risks

  While fully autonomous hacking bots remain a distant reality, an ESET expert warns that AI is quietly supercharging phishing schemes and creating new vulnerabilities inside organisations

• May 06, 2026 06 May'26

  ServiceNow Knowledge 2026: McDermott proclaims fully automated cyber defence

  Chief executive’s conference keynote launches agentic artificial intelligence cyber security features for enterprise software player’s centralised platform

• May 05, 2026 05 May'26

  CSA: Take AI cyber threats to the boardroom

  Current cyber risk assumptions may no longer be valid given the speed of advanced AI, warns the chief executive of Singapore’s Cyber Security Agency

• May 04, 2026 04 May'26

  UK’s NCSC warns of ‘wave of patches’

  Vulnerability discovery and mitigation continues to exercise the top minds at Britain’s NCSC as cyber experts continue to debate the impact of frontier AI models such as Mythos

• April 24, 2026 24 Apr'26

  Wiz founder: Hack yourself with AI, before the bad guys do

  At Google Cloud Next, Wiz co-founder Yinon Costica called on security defenders to use AI to steal a march on threat actors, and launched agentic capabilities for cyber teams

• April 22, 2026 22 Apr'26

  Google launches Gemini Agent Platform, eighth-generation TPUs

  With more AI agents moving to production, Google Cloud is targeting governance, multi-cloud data architecture and purpose-built silicon to help enterprises orchestrate agentic workflows

• April 22, 2026 22 Apr'26

  A tsunami of flaws: When frontier AI and Patch Tuesday collide

  Microsoft’s April Patch Tuesday drop was the second-largest in history, falling just shy of an October 2025 record. What is behind the spike in vulnerability disclosures, and is there a connection to Anthropic’s bug-hunting Claude Mythos AI model?

• April 17, 2026 17 Apr'26

  Surging CVE disclosures force NIST to shake up workflows

  NIST announces big changes to the way it categorises and manages CVEs, which are set to have a big impact on how organisations manage patching and remediation

• April 17, 2026 17 Apr'26

  Bank cyber teams on red alert as Anthropic promises them Mythos next week

  Artificial intelligence supplier promises UK banks opportunity to review AI model, which has already revealed thousands of security flaws

• April 15, 2026 15 Apr'26

  UK businesses must face up to AI threat, says government

  Technology secretary Liz Kendall urges Britain’s business community to sit up and pay attention to emerging AI threats, following the debut of Anthropic’s new frontier model, Mythos

• April 14, 2026 14 Apr'26

  April Patch Tuesday brings zero-days in Defender, SharePoint Server

  Microsoft’s latest Patch Tuesday update may be one of the largest in history, with more than 160 issues in scope

• March 27, 2026 27 Mar'26

  Lloyds admits coding fault exposed customer transactions

  The bank has responded to the Treasury Committee’s request for information on a major data breach in its banking app

• March 25, 2026 25 Mar'26

  Emergency Microsoft, Oracle patches point to wider cyber issues

  Emergency out-of-band patches from Microsoft and Oracle signal underlying security issues around update cycles and patching, and identity security and zero-trust, says the community

• March 25, 2026 25 Mar'26

  Why AI agents are one prompt away from ransomware

  As AI adoption advances beyond chatbots, security leaders are up against rogue AI agents mirroring threat actors and a generational skills gap as security operations teams become overly dependent on AI

• March 24, 2026 24 Mar'26

  Cyber pros must grasp the vibe coding nettle, says NCSC chief

  At RSA in San Francisco, NCSC chief exec Richard Horne says security professionals have an opportunity and a responsibility to get in front of the security issues raised by the popularity of ‘vibe coding’

• March 19, 2026 19 Mar'26

  AI makes debut in Bridewell cyber security in CNI report

  Regulation has superseded cyber threats as the main driver of cyber security spending, and AI has made its debut for attack and defence, according to a CNI-focused report from Bridewell

• March 19, 2026 19 Mar'26

  Gartner: Ditch ‘big transformation’ cyber strategies for continuous improvement

  As artificial intelligence reshapes the enterprise, CISOs must abandon risky big bang security transformation initiatives in favour of incremental changes to build cyber resilience

• March 16, 2026 16 Mar'26

  Companies House restarts online services following cyber breach

  Companies House was forced to pull its WebFiling service offline at the weekend after it emerged that a flawed update was putting data at risk of exposure

• March 10, 2026 10 Mar'26

  Microsoft patches zero-days in .NET and SQL Server

  Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft’s March Patch Tuesday update

• March 10, 2026 10 Mar'26

  WA auditor general flags weak Microsoft 365 security controls across state entities

  Western Australia’s Office of the Auditor General has uncovered weaknesses in M365 configurations across seven government agencies, leading to compromised accounts and data breaches

• March 09, 2026 09 Mar'26

  APT36 unleashes AI-generated ‘vibeware’ to flood targets

  The Pakistani threat group has been using AI to rewrite malicious code across multiple programming languages, prioritising scale over sophistication to evade detection, security researchers have found

• March 05, 2026 05 Mar'26

  Spyware suppliers exploit more zero-days than nation states

  Exploitation of zero-days by commercial surveillance and spyware developers outpaced exploitation by nation-state actors last year, according to a report

• March 04, 2026 04 Mar'26

  Zero-day in Android phone chips under active attack

  Google and Qualcomm have tag-teamed a serious vulnerability in the chipsets used in Android mobile devices, which has been exploited in the wild as a zero-day

• February 26, 2026 26 Feb'26

  CrowdStrike touts agentic SOC to tackle security woes

  By embedding AI agents across its platform, CrowdStrike is looking to help security teams automate repetitive security tasks, enabling them to focus on complex and stealthier threats that could slip under the radar

• February 25, 2026 25 Feb'26

  Cisco Catalyst SD-WAN users targeted in series of cyber attacks

  The NCSC, Cisa, and other Five Eyes agencies have warned of mass exploitation of vulnerabilities in Cisco Catalyst SD-WAN, which Cisco is attributing to an unknown threat actor called UAT-8616

• February 25, 2026 25 Feb'26

  Application exploitation back in vogue, says IBM cyber unit

  IBM’s X-Force unit observes an uptick in the exploitation of vulnerable public-facing software applications

• February 25, 2026 25 Feb'26

  How AI code generation is pushing DevSecOps to machine speed

  Organisations should adopt shared platforms and automated governance to keep pace with the growing use of generative AI tools that are helping developers produce code at unprecedented volumes

• February 23, 2026 23 Feb'26

  Why crypto agility is key to quantum readiness

  With quantum computing threatening current encryption standards, experts call for organisations to achieve crypto agility by managing the lifecycle of certificates and cryptographic keys through automation

• February 19, 2026 19 Feb'26

  PromptSpy Android malware may exploit Gemini AI

  A newly uncovered malware targeting the Android operating system seems to exploit Google’s Gemini GenAI tool to help it maintain persistence

• February 18, 2026 18 Feb'26

  Flaws in Google and Microsoft products added to Cisa catalogue

  Cisa has added six CVEs to its Kev catalogue this week, including newly disclosed issues in Google Chromium and Dell RecoverPoint for Virtual Machines, and some older flaws as well

• February 17, 2026 17 Feb'26

  Government wages cyber campaign as half the UK’s SMEs are breached

  UK government says half of all small businesses have been cyber breached in the recent past as it urges them to ‘lock the door’

• February 11, 2026 11 Feb'26

  CVE volumes may plausibly reach 100,000 this year

  The number of vulnerabilities to be disclosed in 2026 is almost certain to exceed last year's total, and may be heading towards 100,000, according to analysis

• February 10, 2026 10 Feb'26

  Arctic Wolf targets mid-market security gap in APAC

  Following the launch of its full portfolio in Malaysia, the SOC provider discusses the security challenges facing lean IT teams, the value of supplier neutrality, and its roadmap for AI and ransomware protection

• February 10, 2026 10 Feb'26

  February Patch Tuesday: Microsoft drops six zero-days

  Microsoft releases patches for six zero-day flaws in its latest monthly update, many of them related to security feature bypass issues

• February 10, 2026 10 Feb'26

  Researchers delve inside new SolarWinds RCE attack chain

  Researchers at Huntress and Microsoft have shared findings from their analysis of a new SolarWinds Web Help Desk vulnerability

• February 04, 2026 04 Feb'26

  SolarWinds RCE bug makes Cisa list as exploitation spreads

  Exploitation of CVE-2025-40551, an RCE flaw affecting SolarWinds Web Help Desk, appears to be spreading, with defenders on high alert

• February 03, 2026 03 Feb'26

  Infosecurity Europe launches cyber security startups stream

  Infosecurity Europe 2026 will feature a cyber security startup exhibition zone and a competition for business support, in conjunction with the UK Cyber Flywheel organisation

• February 02, 2026 02 Feb'26

  Canva uses 1Password to secure ID during growth phase

  As it underwent a growth spurt in the early 2020s, graphic design platform Canva turned to 1Password to manage identity across its expanding organisation