News
Application security and coding requirements
-
April 07, 2025
07
Apr'25
NIST calls time on older vulnerabilities amid surging disclosures
The National Institute of Standards and Technology is deferring future updates to thousands of cyber vulnerabilities discovered prior to 2018 amid surging volumes of new submissions
-
April 04, 2025
04
Apr'25
Norway and Nordic financial sector ramps up cyber security
Finans Norge sets up cyber security unit CTSU to support the finance sector in Norway amid increasing threats
-
March 25, 2025
25
Mar'25
ETSI launches first post-quantum encryption standard
European telco standards body launches its first post-quantum cryptography cyber standard, covering the security of critical data and communications
-
March 18, 2025
18
Mar'25
Seaco charts course for unified security strategy
Shipping container leasing giant consolidates security tools onto a single platform, leveraging AI and extended detection and response to improve security operations
-
March 12, 2025
12
Mar'25
iPhone, iPad update fixes critical WebKit flaw
iPhone and iPad users are advised to update their devices as Apple addresses an out-of-bounds write issue in the WebKit browser engine that appears to have been exploited in targeted cyber attacks
-
March 11, 2025
11
Mar'25
March Patch Tuesday brings 57 fixes, multiple zero-days
The third Patch Tuesday of 2025 brings fixes for 57 flaws and a hefty number of zero-days
-
March 11, 2025
11
Mar'25
UK government under-prepared for catastrophic cyber attack, hears PAC
The Commons Public Accounts Committee heard government IT leaders respond to recent National Audit Office findings that the government’s cyber resilience is under par
-
March 11, 2025
11
Mar'25
Singapore IT leaders boost AI security defences
Study reveals a surge in perceived importance of artificial intelligence for cyber security in Singapore, but declining investment in traditional measures raises concerns as sophisticated cyber attacks intensify
-
March 06, 2025
06
Mar'25
Going beyond search: Elastic’s observability and security play
Elastic’s chief product officer Ken Exner talks up the company’s expansion into observability and security and how it balances innovation with community contributions and monetisation
-
March 04, 2025
04
Mar'25
Aussie businesses ramp up security spending
Australian organisations are set to spend A$6.2bn on security and risk management in 2025, a 14.4% jump from the previous year, driven by the rise of AI and a growing threat landscape
-
February 27, 2025
27
Feb'25
CVE volumes head towards 50,000 in 2025, analysts claim
Many trends, notably a big shift to open source tools, are behind an expected boom in the number of disclosed vulnerabilities
-
February 20, 2025
20
Feb'25
Watchdog approves Sellafield physical security, but warns about cyber
The Office for Nuclear Regulation has taken Sellafield out of special measures for physical security, but harbours cyber security concerns
-
February 14, 2025
14
Feb'25
Lenovo CSO: AI adoption fuels security paranoia
Doug Fisher, Lenovo’s chief security officer, outlines the company’s approach to security and AI governance, and the importance of having a strong security culture to combat cyber threats amplified by the use of AI
-
February 14, 2025
14
Feb'25
Government renames AI Safety Institute and teams up with Anthropic
Addressing the Munich Security Conference, UK government technology secretary Peter Kyle announces a change to the name of the AI Safety Institute and a tie-up with AI company Anthropic
-
February 12, 2025
12
Feb'25
Microsoft’s February 2025 Patch Tuesday corrects 57 bugs, three critical
Microsoft is correcting 57 vulnerabilities in its February Patch Tuesday, two of which are being actively exploited in the wild, and three of which are ‘critical’
-
February 11, 2025
11
Feb'25
Google: Cyber crime meshes with cyber warfare as states enlist gangs
A report from the Google Threat Intelligence Group depicts China, Russia, Iran and North Korea as a bloc using cyber criminal gangs to attack the national security of western countries
-
February 07, 2025
07
Feb'25
US lawmakers move to ban DeepSeek AI tool
US politicians have introduced a bill seeking to ban the use of the DeepSeek AI tool on government-owned devices, citing national security concerns due to its alleged links to the Chinese state
-
January 31, 2025
31
Jan'25
AI jailbreaking techniques prove highly effective against DeepSeek
Researchers at Palo Alto have shown how novel jailbreaking techniques were able to fool breakout GenAI model DeepSeek into helping to create keylogging tools, steal data, and make a Molotov cocktail
-
January 29, 2025
29
Jan'25
How government hackers are trying to exploit Google Gemini AI
Google’s threat intel squad has shared information on how nation state threat actors are attempting to exploit its Gemini AI tool for nefarious ends
-
January 22, 2025
22
Jan'25
APAC businesses face surge in email attacks
Sophisticated phishing and business email compromise campaigns are increasingly targeting organisations across the Asia-Pacific region, research reveals
-
January 15, 2025
15
Jan'25
Cyber security dovetails with AI to lead 2025 corporate IT investment
Cyber security and GenAI top enterprise IT investment plans for 2025, whether singly or together, according to research from Enterprise Strategy Group
-
January 15, 2025
15
Jan'25
Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities
The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity – including eight zero-day flaws
-
December 18, 2024
18
Dec'24
Top 10 cyber security stories of 2024
Data breaches, data privacy and protection, and the thorny issue of open source security were all hot topics this year. Meanwhile, security companies frequently found themselves hitting the headlines, and not always for good reasons. Here are ...
-
December 10, 2024
10
Dec'24
Dangerous CLFS and LDAP flaws stand out on Patch Tuesday
Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol
-
December 10, 2024
10
Dec'24
iOS vuln leaves user data dangerously exposed
Jamf threat researchers detail an exploit chain for a recently patched iOS vulnerability that enables a threat actor to steal sensitive data, warning that many organisations are still neglecting mobile updates
-
December 04, 2024
04
Dec'24
Nordics move to deepen cyber security cooperation
Nordic countries are increasing collaboration on cyber security amid more sophisticated and aggressive attacks
-
November 27, 2024
27
Nov'24
Scientists demonstrate Pixelator deepfake image verification tool
With the age of deepfake imagery upon us, a team led by York St John University researchers has created a tool to help people ‘navigate the fine line between reality and fabrication’
-
November 26, 2024
26
Nov'24
Russian threat actors poised to cripple power grid, UK warns
UK government escalates cyber rhetoric in a speech at a Nato event, saying Russian advanced persistent threats stand ready to conduct cyber attacks that could ‘turn off the lights for millions’
-
November 20, 2024
20
Nov'24
Apple addresses two iPhone, Mac zero-days
Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks
-
November 12, 2024
12
Nov'24
Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024
High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update
-
November 12, 2024
12
Nov'24
Zero-day exploits increasingly sought out by attackers
Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023
-
October 28, 2024
28
Oct'24
Inside Google Cloud’s secure AI framework
Google Cloud’s secure AI framework that’s integrated into its Vertex AI platform offers practical tools and guidance to manage the lifecycle, data governance and operational risks of AI
-
October 25, 2024
25
Oct'24
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise
-
October 22, 2024
22
Oct'24
Danish government reboots cyber security council amid AI expansion
Denmark’s government relaunches digital security initiative to protect business sectors and society at large
-
October 21, 2024
21
Oct'24
Can AI be secure? Experts discuss emerging threats and AI safety
International cyber security experts call for global cooperation and proactive strategies to address the security challenges posed by artificial intelligence
-
October 14, 2024
14
Oct'24
How Zoom is charting its course towards an AI-first platform
Zoom CEO Eric Yuan talks up his vision for the future of work, the company's transition to an AI-powered platform and what it is doing to stay ahead of rivals
-
October 09, 2024
09
Oct'24
Five zero-days to be fixed on October Patch Tuesday
Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform
-
October 04, 2024
04
Oct'24
Cups Linux printing bugs open door to DDoS attacks, says Akamai
The Cups Linux printing vulnerabilities disclosed at the end of September would seem to have a nasty sting in their tail, according to researchers at Akamai
-
September 27, 2024
27
Sep'24
Printing vulnerability affecting Linux distros raises alarm
Security pros need to get in front of a series of vulnerabilities affecting the Cups Linux printing service after an apparently botched disclosure process saw technical details published in advance of a patch
-
September 25, 2024
25
Sep'24
CrowdStrike apologises to US government for global mega-outage
CrowdStrike executive Adam Meyers appears before a US government committee to explain the series of errors that led directly to one of the biggest IT outages in history
-
September 25, 2024
25
Sep'24
Splunk and Cisco integration moving apace
Splunk is rapidly integrating with Cisco’s technology to enable seamless transitions between their platforms while delivering advanced threat detection capabilities
-
September 23, 2024
23
Sep'24
Microsoft shares progress on Secure Future Initiative
Microsoft has published a progress report on its Secure Future Initiative, launched last year in the wake of multiple security incidents, and made a series of commitments to improve its internal cyber culture
-
September 17, 2024
17
Sep'24
First CyberBoost Catalyse startup cohort named
The first group of companies named to a cyber incubator programme run by Plexal and the National University of Singapore includes two growing UK businesses
-
September 13, 2024
13
Sep'24
Cyber workforce must almost double to meet global talent need
Research from ISC2 finds global cyber workforce needs additional 4.8 million people to fully secure businesses
-
September 11, 2024
11
Sep'24
How Sonar is elevating code quality in the age of AI
Sonar’s code quality platform helps developers maintain secure, high-quality code amid the rise of artificial intelligence-based coding assistants, now expanding into the Asian market
-
September 10, 2024
10
Sep'24
JFrog and GitHub unveil open source security integrations
Secure software specialist JFrog is working with code development service GitHub to integrate the onboard capabilities of its Software Supply Chain Platform service into GitHub’s platform
-
September 09, 2024
09
Sep'24
Multiple Veeam vulns spark concern among defenders
Veeam users are urged to patch a series of vulnerabilities in the firm’s Backup & Replication product to get out ahead of potential exploitation by ransomware gangs
-
September 04, 2024
04
Sep'24
PyPI loophole puts thousands of packages at risk of compromise
Thousands of PyPI packages are at risk of an attack technique dubbed Revival Hijack, which exploits a loophole in the platform’s package naming feature
-
August 29, 2024
29
Aug'24
Study highlights secure software supply chain best practices
Security trends report from open source firm shows the approaches IT leaders take to secure their software supply chain
-
August 28, 2024
28
Aug'24
Global cyber spend to rise 15% in 2025, pushed along by AI
Security spending will increase at pace in 2025, with artificial intelligence, cloud and consultancy services all pushing outlay to new highs, according to Gartner