News

Application security and coding requirements

December 18, 2025 18 Dec'25
AI safeguards improving, says UK government-backed body

Inaugural AI Security Institute report claims that safeguards in place to ensure AI models behave as intended seem to be improving
December 11, 2025 11 Dec'25
Microsoft expands bug bounty scheme to include third-party software

The company is to offer bug bounty awards for people who report security vulnerabilities in third-party and open source software impacting Microsoft services
December 09, 2025 09 Dec'25
Microsoft patched over 1,100 CVEs in 2025

The final Patch Tuesday update of the year brings 56 new CVEs, bringing the year-end total to more than 1,100
December 09, 2025 09 Dec'25
Why bug bounty schemes have not led to secure software

Computer Weekly speaks to Katie Moussouris, security entrepreneur and bug bounty pioneer, about the life of security researchers, bug bounties and the artificial intelligence revolution

December 08, 2025 08 Dec'25
NCSC warns of confusion over true nature of AI prompt injection

Malicious prompt injections to manipulate GenAI large language models are being wrongly compared to classical SQL injection attacks. In reality, prompt injection may be a far worse problem, says the UK’s NCSC
December 05, 2025 05 Dec'25
Cyber teams on alert as React2Shell exploitation spreads

Exploitation of an RCE flaw in a widely used open source library is spreading quickly, with China-backed threat actors in the driving seat
December 03, 2025 03 Dec'25
Post Office avoids £1m fine over botched website upgrade data breach

The Information Commissioner’s Office considered fining the Post Office £1m for a 2024 data breach that let subpostmasters down again
December 03, 2025 03 Dec'25
Women in Cybersecurity Middle East marks five years of impact at Black Hat MEA

As AI reshapes the regional cyber security landscape, diversity and skills development remain at the heart of building a resilient digital workforce
December 02, 2025 02 Dec'25
AWS targets vulnerable code with security agent

At AWS re:Invent 2025, the cloud giant unveiled a security agent designed to bridge the gap between development speed and security validation, along with the general availability of Security Hub analytics
December 02, 2025 02 Dec'25
Strategic shift pays off as Okta bids to ease agentic AI risk

Nine months after restructuring its go-to-market, Okta is buoyed by a growing recognition of how crucial identity has become thanks to the spread of AI agents

November 26, 2025 26 Nov'25
London councils endure wave of cyber attacks, shared IT services hit

Four London councils – Kensington and Chelsea; Hackney; Westminster; and Hammersmith and Fulham – have suffered cyber attacks, disrupting services and prompting NCSC-supported investigation
November 26, 2025 26 Nov'25
US breach reinforces need to plug third-party security weaknesses

Cyber breach at US financial sector tech provider highlights the risk of third-party vulnerabilities in finance ecosystems
November 12, 2025 12 Nov'25
Microsoft users warned over privilege elevation flaw

An elevation of privilege vulnerability in Windows Kernel tops the list of issues to address in the latest monthly Patch Tuesday update
November 11, 2025 11 Nov'25
Google: Don’t get distracted by AI, focus on real cyber threats

While hackers are using artificial intelligence to optimise attacks, many of the most damaging breaches still rely on old-school methods, says a top security analyst from Google
November 07, 2025 07 Nov'25
Popular LLMs dangerously vulnerable to iterative attacks, says Cisco

Cisco researchers probed some of the most widely used public GenAI LLMs and found many of them were dangerously susceptible to so-called multi-turn cyber attacks producing undesirable outputs
November 06, 2025 06 Nov'25
Cisco beefs up secure AI enterprise network architecture

IT and networking giant builds on enterprise network architecture with systems designed to simplify operations across campus and branch deployments such as network configuration
November 05, 2025 05 Nov'25
Darktrace: Developer tools under constant attack

Attackers are using automated tools to target development environments within seconds of them going live, warns Darktrace’s global field chief information security officer
November 05, 2025 05 Nov'25
Bugcrowd brings Mayhem AI to bear on ethical hacking community

Bugcrowd acquires scaleup Mayhem Security to enhance the ingenuity of its human hackers with AI-backed software testing capabilities
November 03, 2025 03 Nov'25
CrowdStrike: Europe second only to North America for cyber attacks

Europe faces rising cyber threats from criminals and nation-states, according to CrowdStrike. Ransomware attacks now take just 24 hours, with 22% of global victims being European
October 31, 2025 31 Oct'25
Cyber agencies co-sign Exchange Server security guide

US and allied cyber agencies team up to try to nudge users to pay more attention to securing Microsoft Exchange Server
October 27, 2025 27 Oct'25
BDO Unibank taps Zscaler to secure cloud migration

Zscaler’s deal with the Philippine bank comes as it is expanding its platform’s capabilities and footprint across Asia
October 22, 2025 22 Oct'25
Building security and trust in AI agents

AI agents require standardised guidelines, clear human responsibility and a shared language between developers and policymakers to be secure and trusted, experts say
October 07, 2025 07 Oct'25
Nato chooses Oracle to secure battlefield communications

Nato has chosen Oracle and Druid to secure private 5G networks for cyber defence, war gaming and research, using Oracle Cloud and edge technology
October 06, 2025 06 Oct'25
Oracle patches E-Business suite targeted by Cl0p ransomware

Oracle pushes a patch for a dangerous zero-day under active exploitation by one of the most notorious ransomware gangs around
September 30, 2025 30 Sep'25
Apple’s first iOS 26 security update fixes memory corruption flaw

Apple issues an update for its brand new iOS 26 mobile operating system, fixing a potentially dangerous vulnerability affecting iPhones, iPads and other Mac devices
September 26, 2025 26 Sep'25
Over half of India-based companies suffer security breaches

Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year
September 26, 2025 26 Sep'25
How Mediacorp stops livestreams from freezing at key moments

Singapore’s national broadcaster has achieved a 99.5% crash-free rate for its mobile apps by using observability tools to find and fix issues in real time, ensuring a smoother experience for users
September 25, 2025 25 Sep'25
Co-op declares cyber attack damage cost £206m

Co-op reveals £206m costs from April cyber attack, with revenues hit, member data stolen and shelves emptied, exposing major retail supply chain vulnerabilities
September 25, 2025 25 Sep'25
Netherlands establishes cyber resilience network to strengthen public-private digital defence

Network will connect organisations in a cyber crime defence initiative that goes way beyond information sharing
September 23, 2025 23 Sep'25
SolarWinds warns over dangerous RCE flaw

A newly uncovered RCE flaw in SolarWinds’ helpdesk product bypasses two previously issued fixes, and users should prioritise updates as exploitation is likely to occur
September 19, 2025 19 Sep'25
Pentera expands in APAC, taps AI to outsmart attackers

The penetration testing specialist is expanding its presence in the Asia-Pacific region and deploying AI-driven capabilities as it eyes acquisitions and a potential IPO
September 17, 2025 17 Sep'25
Google Cloud unveils open protocol for agentic payments

Google’s Agent Payments Protocol is an open standard developed with more than 60 global partners to create a secure standard for AI-driven transactions
September 10, 2025 10 Sep'25
Jaguar Land Rover admits data has been compromised in cyber attack

The car maker revealed that data was stolen in the cyber attack that began on 31 August, as its production line continues to be affected
September 09, 2025 09 Sep'25
Splunk.conf: Splunk urges users to eat their ‘cyber veggies’

The dawn of AI-enabled cyber attacks makes it even more important for defenders to bring their A-game, particularly when it comes to getting the basics right
August 26, 2025 26 Aug'25
Three new Citrix NetScaler zero-days under active exploitation

Citrix patches three new vulnerabilities in its NetScaler lines warning of active zero-day exploitation by an undisclosed threat actor
August 21, 2025 21 Aug'25
Moscow exploiting seven-year-old Cisco flaw, says FBI

US authorities warn of an uptick in state-sponsored exploitation of a seven-year-old vulnerability in Cisco's operating system software
August 20, 2025 20 Aug'25
Commvault users told to patch two RCE exploit chains

Storage firm Commvault fixes four vulnerabilities that, when combined, create a pair of RCE exploit chains that could be used to target on-premise customers with ransomware and other nasties
August 18, 2025 18 Aug'25
Okta: AI adoption fuels problems for identity management

Okta research indicates the emergence and growth of novel security problems, connected with the spread of AI agents and non-human identities
August 12, 2025 12 Aug'25
Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list

Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update
August 06, 2025 06 Aug'25
Black Hat USA: Startup breaks secrets management tools

Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms
August 04, 2025 04 Aug'25
Proliferation of on-premise GenAI platforms is widening security risks

Research finds increased adoption of unsanctioned generative artificial intelligence platforms is magnifying risk and causing a headache for security teams
July 30, 2025 30 Jul'25
Apple pushes almost 30 security fixes in mobile update

Apple pushes what will likely be the last major security update to its current iPhone and iPad operating systems, fixing 29 vulnerabilities in its mobile ecosystem
July 30, 2025 30 Jul'25
AI-enabled security pushes down breach costs for UK organisations

Organisations that are incorporating AI and automation into their cyber security practice are seeing improved outcomes when incidents occur, according to an IBM study
July 25, 2025 25 Jul'25
Interview: Cambridge Consultants CEO Monty Barlow scans for tech surprises

Cambridge Consultants is a technology and consulting business unit of Capgemini. Its chief executive, Monty Barlow, talks about its heritage and vision for the future of digital technology
July 23, 2025 23 Jul'25
Interview: Is there an easier way to refactor applications?

We speak to the inventor of OpenRewrite about how enterprise IT can manage code across thousands of source code repros
July 21, 2025 21 Jul'25
Patch ToolShell SharePoint zero-day immediately, says Microsoft

The active exploitation of a dangerous zero-day vulnerability chain in Microsoft SharePoint – which was disclosed over the weekend – is underway. Immediate action is advised
July 16, 2025 16 Jul'25
Hackbots biggest cloud security risk, slashing attack times to minutes

With cyber criminals using automated tools to steal data in minutes, organisations must focus on runtime protection and automated responses to combat the rising threat from AI and misconfigured cloud assets
July 15, 2025 15 Jul'25
Current approaches to patching unsustainable, report says

Organisations are struggling to prioritise vulnerability patching appropriately, leading to situations where everything is a crisis, which helps nobody, according to a report
July 15, 2025 15 Jul'25
NCSC sets up Vulnerability Research Initiative

The NCSC is expanding its vulnerability research project to draw in external expertise
July 14, 2025 14 Jul'25
Brits clinging to Windows 10 face heightened risk, says NCSC

Businesses and consumers alike may not feel the need to upgrade to Windows 11 as its predecessor approaches end-of-life, but they are putting their own security at risk, says the NCSC