News
Application security and coding requirements
-
October 07, 2025
07
Oct'25
Nato chooses Oracle to secure battlefield communications
Nato has chosen Oracle and Druid to secure private 5G networks for cyber defence, war gaming and research, using Oracle Cloud and edge technology
-
October 06, 2025
06
Oct'25
Oracle patches E-Business suite targeted by Cl0p ransomware
Oracle pushes a patch for a dangerous zero-day under active exploitation by one of the most notorious ransomware gangs around
-
September 30, 2025
30
Sep'25
Apple’s first iOS 26 security update fixes memory corruption flaw
Apple issues an update for its brand new iOS 26 mobile operating system, fixing a potentially dangerous vulnerability affecting iPhones, iPads and other Mac devices
-
September 26, 2025
26
Sep'25
Over half of India-based companies suffer security breaches
Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year
-
September 26, 2025
26
Sep'25
How Mediacorp stops livestreams from freezing at key moments
Singapore’s national broadcaster has achieved a 99.5% crash-free rate for its mobile apps by using observability tools to find and fix issues in real time, ensuring a smoother experience for users
-
September 25, 2025
25
Sep'25
Co-op declares cyber attack damage cost £206m
Co-op reveals £206m costs from April cyber attack, with revenues hit, member data stolen and shelves emptied, exposing major retail supply chain vulnerabilities
-
September 25, 2025
25
Sep'25
Netherlands establishes cyber resilience network to strengthen public-private digital defence
Network will connect organisations in a cyber crime defence initiative that goes way beyond information sharing
-
September 23, 2025
23
Sep'25
SolarWinds warns over dangerous RCE flaw
A newly uncovered RCE flaw in SolarWinds’ helpdesk product bypasses two previously issued fixes, and users should prioritise updates as exploitation is likely to occur
-
September 19, 2025
19
Sep'25
Pentera expands in APAC, taps AI to outsmart attackers
The penetration testing specialist is expanding its presence in the Asia-Pacific region and deploying AI-driven capabilities as it eyes acquisitions and a potential IPO
-
September 17, 2025
17
Sep'25
Google Cloud unveils open protocol for agentic payments
Google’s Agent Payments Protocol is an open standard developed with more than 60 global partners to create a secure standard for AI-driven transactions
-
September 10, 2025
10
Sep'25
Jaguar Land Rover admits data has been compromised in cyber attack
The car maker revealed that data was stolen in the cyber attack that began on 31 August, as its production line continues to be affected
-
September 09, 2025
09
Sep'25
Splunk.conf: Splunk urges users to eat their ‘cyber veggies’
The dawn of AI-enabled cyber attacks makes it even more important for defenders to bring their A-game, particularly when it comes to getting the basics right
-
August 26, 2025
26
Aug'25
Three new Citrix NetScaler zero-days under active exploitation
Citrix patches three new vulnerabilities in its NetScaler lines warning of active zero-day exploitation by an undisclosed threat actor
-
August 21, 2025
21
Aug'25
Moscow exploiting seven-year-old Cisco flaw, says FBI
US authorities warn of an uptick in state-sponsored exploitation of a seven-year-old vulnerability in Cisco's operating system software
-
August 20, 2025
20
Aug'25
Commvault users told to patch two RCE exploit chains
Storage firm Commvault fixes four vulnerabilities that, when combined, create a pair of RCE exploit chains that could be used to target on-premise customers with ransomware and other nasties
-
August 18, 2025
18
Aug'25
Okta: AI adoption fuels problems for identity management
Okta research indicates the emergence and growth of novel security problems, connected with the spread of AI agents and non-human identities
-
August 12, 2025
12
Aug'25
Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list
Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update
-
August 06, 2025
06
Aug'25
Black Hat USA: Startup breaks secrets management tools
Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms
-
August 04, 2025
04
Aug'25
Proliferation of on-premise GenAI platforms is widening security risks
Research finds increased adoption of unsanctioned generative artificial intelligence platforms is magnifying risk and causing a headache for security teams
-
July 30, 2025
30
Jul'25
Apple pushes almost 30 security fixes in mobile update
Apple pushes what will likely be the last major security update to its current iPhone and iPad operating systems, fixing 29 vulnerabilities in its mobile ecosystem
-
July 30, 2025
30
Jul'25
AI-enabled security pushes down breach costs for UK organisations
Organisations that are incorporating AI and automation into their cyber security practice are seeing improved outcomes when incidents occur, according to an IBM study
-
July 25, 2025
25
Jul'25
Interview: Cambridge Consultants CEO Monty Barlow scans for tech surprises
Cambridge Consultants is a technology and consulting business unit of Capgemini. Its chief executive, Monty Barlow, talks about its heritage and vision for the future of digital technology
-
July 23, 2025
23
Jul'25
Interview: Is there an easier way to refactor applications?
We speak to the inventor of OpenRewrite about how enterprise IT can manage code across thousands of source code repros
-
July 21, 2025
21
Jul'25
Patch ToolShell SharePoint zero-day immediately, says Microsoft
The active exploitation of a dangerous zero-day vulnerability chain in Microsoft SharePoint – which was disclosed over the weekend – is underway. Immediate action is advised
-
July 16, 2025
16
Jul'25
Hackbots biggest cloud security risk, slashing attack times to minutes
With cyber criminals using automated tools to steal data in minutes, organisations must focus on runtime protection and automated responses to combat the rising threat from AI and misconfigured cloud assets
-
July 15, 2025
15
Jul'25
Current approaches to patching unsustainable, report says
Organisations are struggling to prioritise vulnerability patching appropriately, leading to situations where everything is a crisis, which helps nobody, according to a report
-
July 15, 2025
15
Jul'25
NCSC sets up Vulnerability Research Initiative
The NCSC is expanding its vulnerability research project to draw in external expertise
-
July 14, 2025
14
Jul'25
Brits clinging to Windows 10 face heightened risk, says NCSC
Businesses and consumers alike may not feel the need to upgrade to Windows 11 as its predecessor approaches end-of-life, but they are putting their own security at risk, says the NCSC
-
July 08, 2025
08
Jul'25
July Patch Tuesday brings over 130 new flaws to address
Microsoft patched well over 100 new common vulnerabilities and exposures on the second Tuesday of the month, but its latest update is mercifully light on zero-days
-
July 08, 2025
08
Jul'25
Proofpoint bets on APAC growth amid spike in AI-driven threats
With cyber attacks spiking in non-English-speaking markets such as Japan, the security firm is boosting its regional presence to combat a wave of AI-generated threats
-
July 07, 2025
07
Jul'25
Digital warfare is blurring civilian front lines
Singapore’s defence cyber chief warns that the traditional lines between military conflict and civilian life are blurring, with adversaries now targeting civilian systems and using AI to put the threat landscape on steroids
-
July 02, 2025
02
Jul'25
Google fixes type confusion flaw in Chrome browser
An actively exploited type confusion vulnerability in the Google Chrome web browser needs immediate attention from users
-
July 02, 2025
02
Jul'25
Dutch study uncovers cognitive biases undermining cyber security board decisions
Dutch research reveals how cognitive biases can lead to catastrophic security decisions
-
June 20, 2025
20
Jun'25
Election workers’ data stolen in cyber breach of Oxford City Council
Oxford City Council election workers had personal information stolen by cyber attackers in an attack over the weekend of 7-8 June. The council has stated that most disrupted systems are back online
-
June 11, 2025
11
Jun'25
June Patch Tuesday brings a lighter load for defenders
Barely 70 vulnerabilities make the cut for Microsoft’s monthly security update, but an RCE flaw in WEBDAV and an EoP issue in Windows SMB Client still warrant close attention
-
June 11, 2025
11
Jun'25
Cyber Bill at risk of becoming a missed opportunity, say MPs
An APPG report warns that the government’s flagship cyber security legislation is too narrow in its scope and risks missing opportunities to embed resilience at the heart of the British economy
-
June 06, 2025
06
Jun'25
CISOs must translate cyber threats into business risk
To manage risk effectively and secure board-level buy-in, CISOs must stop talking about technology and start speaking the language of business, according to a senior Check Point executive
-
June 05, 2025
05
Jun'25
How GitLab is tapping AI in DevSecOps
GitLab CISO Josh Lemos explains how the company is weaving AI, through its Duo tool, into the entire software development lifecycle to enhance efficiency and automate incident response
-
June 04, 2025
04
Jun'25
Infosecurity 2025: SMEs feel on their own in the face of cyber attacks
Project findings to be presented at Infosecurity Europe 2025 highlight vulnerability of SMEs to cyber attack
-
May 30, 2025
30
May'25
Dutch businesses lag behind in cyber resilience as threats escalate
The Netherlands is facing a growing cyber security crisis, with a staggering 66% of Dutch businesses lacking adequate cyber resilience, according to academic research.
-
May 16, 2025
16
May'25
Security tests reveal serious vulnerability in government’s One Login digital ID system
A ‘red teaming’ exercise to simulate cyber attacks on the government’s flagship digital identity system has found that One Login can be compromised without detection
-
May 14, 2025
14
May'25
Enisa launches European vulnerability database
The EU’s new vulnerability database is designed to offer a broader, more transparent source of information on new cyber vulnerabilities
-
May 14, 2025
14
May'25
New security paradigm needed for IT/OT convergence
Industry leaders and policymakers highlight growing cyber threats from the integration of IT and operational technology systems, calling for collaboration and regulatory frameworks to protect critical systems, among other measures
-
May 13, 2025
13
May'25
May Patch Tuesday brings five exploited zero-days to fix
Microsoft fixes five exploited, and two publicly disclosed, zero-days in the fifth Patch Tuesday update of 2025
-
May 08, 2025
08
May'25
UK government websites to replace passwords with secure passkeys
Government websites are to replace difficult-to-remember passwords with highly secure passkeys that will protect against phishing and cyber attackers
-
May 07, 2025
07
May'25
Meta awarded $167m in court battle with spyware mercenaries
WhatsApp owner Meta is awarded millions of dollars in damages and compensation after its service was exploited by users of mercenary spyware developer NSO’s infamous Pegasus mobile malware
-
May 07, 2025
07
May'25
Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring
Research from Sans Institute reveals European organisations are leading a global shift in hiring priorities, driven by regional regulatory frameworks
-
April 30, 2025
30
Apr'25
Current SaaS delivery model a risk management nightmare, says CISO
JPMorgan Chase security chief Patrick Opet laments the state of SaaS security in an open letter to the industry and calls on software providers to do more to enhance resilience
-
April 29, 2025
29
Apr'25
Kaspersky calls for cyber immunity amid growing cyber threats
The rise of professional cyber crime groups and state-sponsored actors targeting critical infrastructure requires a move towards inherently secure ‘cyber immune’ systems, says Kaspersky CEO Eugene Kaspersky
-
April 23, 2025
23
Apr'25
Amid uncertainty, Armis becomes newest CVE numbering authority
Amid an uncertain future for vulnerability research, exposure management company Armis has been given the authority to assign CVE IDs to newly discovered vulnerabilities