News

Application security and coding requirements

• April 09, 2025 09 Apr'25

  Microsoft’s April 2025 bumper Patch Tuesday corrects 124 bugs

  Microsoft is correcting 124 vulnerabilities in its March Patch Tuesday, one of which is being actively exploited in the wild, and 11 of which are ‘critical’

• April 07, 2025 07 Apr'25

  NIST calls time on older vulnerabilities amid surging disclosures

  The National Institute of Standards and Technology is deferring future updates to thousands of cyber vulnerabilities discovered prior to 2018 amid surging volumes of new submissions

• April 04, 2025 04 Apr'25

  Norway and Nordic financial sector ramps up cyber security

  Finans Norge sets up cyber security unit CTSU to support the finance sector in Norway amid increasing threats

• March 25, 2025 25 Mar'25

  ETSI launches first post-quantum encryption standard

  European telco standards body launches its first post-quantum cryptography cyber standard, covering the security of critical data and communications

• March 18, 2025 18 Mar'25

  Seaco charts course for unified security strategy

  Shipping container leasing giant consolidates security tools onto a single platform, leveraging AI and extended detection and response to improve security operations

• March 12, 2025 12 Mar'25

  iPhone, iPad update fixes critical WebKit flaw

  iPhone and iPad users are advised to update their devices as Apple addresses an out-of-bounds write issue in the WebKit browser engine that appears to have been exploited in targeted cyber attacks

• March 11, 2025 11 Mar'25

  March Patch Tuesday brings 57 fixes, multiple zero-days

  The third Patch Tuesday of 2025 brings fixes for 57 flaws and a hefty number of zero-days

• March 11, 2025 11 Mar'25

  UK government under-prepared for catastrophic cyber attack, hears PAC

  The Commons Public Accounts Committee heard government IT leaders respond to recent National Audit Office findings that the government’s cyber resilience is under par

• March 11, 2025 11 Mar'25

  Singapore IT leaders boost AI security defences

  Study reveals a surge in perceived importance of artificial intelligence for cyber security in Singapore, but declining investment in traditional measures raises concerns as sophisticated cyber attacks intensify

• March 06, 2025 06 Mar'25

  Going beyond search: Elastic’s observability and security play

  Elastic’s chief product officer Ken Exner talks up the company’s expansion into observability and security and how it balances innovation with community contributions and monetisation

• March 04, 2025 04 Mar'25

  Aussie businesses ramp up security spending

  Australian organisations are set to spend A$6.2bn on security and risk management in 2025, a 14.4% jump from the previous year, driven by the rise of AI and a growing threat landscape

• February 27, 2025 27 Feb'25

  CVE volumes head towards 50,000 in 2025, analysts claim

  Many trends, notably a big shift to open source tools, are behind an expected boom in the number of disclosed vulnerabilities

• February 20, 2025 20 Feb'25

  Watchdog approves Sellafield physical security, but warns about cyber

  The Office for Nuclear Regulation has taken Sellafield out of special measures for physical security, but harbours cyber security concerns

• February 14, 2025 14 Feb'25

  Lenovo CSO: AI adoption fuels security paranoia

  Doug Fisher, Lenovo’s chief security officer, outlines the company’s approach to security and AI governance, and the importance of having a strong security culture to combat cyber threats amplified by the use of AI

• February 14, 2025 14 Feb'25

  Government renames AI Safety Institute and teams up with Anthropic

  Addressing the Munich Security Conference, UK government technology secretary Peter Kyle announces a change to the name of the AI Safety Institute and a tie-up with AI company Anthropic

• February 12, 2025 12 Feb'25

  Microsoft’s February 2025 Patch Tuesday corrects 57 bugs, three critical

  Microsoft is correcting 57 vulnerabilities in its February Patch Tuesday, two of which are being actively exploited in the wild, and three of which are ‘critical’

• February 11, 2025 11 Feb'25

  Google: Cyber crime meshes with cyber warfare as states enlist gangs

  A report from the Google Threat Intelligence Group depicts China, Russia, Iran and North Korea as a bloc using cyber criminal gangs to attack the national security of western countries

• February 07, 2025 07 Feb'25

  US lawmakers move to ban DeepSeek AI tool

  US politicians have introduced a bill seeking to ban the use of the DeepSeek AI tool on government-owned devices, citing national security concerns due to its alleged links to the Chinese state

• January 31, 2025 31 Jan'25

  AI jailbreaking techniques prove highly effective against DeepSeek

  Researchers at Palo Alto have shown how novel jailbreaking techniques were able to fool breakout GenAI model DeepSeek into helping to create keylogging tools, steal data, and make a Molotov cocktail

• January 29, 2025 29 Jan'25

  How government hackers are trying to exploit Google Gemini AI

  Google’s threat intel squad has shared information on how nation state threat actors are attempting to exploit its Gemini AI tool for nefarious ends

• January 22, 2025 22 Jan'25

  APAC businesses face surge in email attacks

  Sophisticated phishing and business email compromise campaigns are increasingly targeting organisations across the Asia-Pacific region, research reveals

• January 15, 2025 15 Jan'25

  Cyber security dovetails with AI to lead 2025 corporate IT investment

  Cyber security and GenAI top enterprise IT investment plans for 2025, whether singly or together, according to research from Enterprise Strategy Group

• January 15, 2025 15 Jan'25

  Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities

  The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity – including eight zero-day flaws

• December 18, 2024 18 Dec'24

  Top 10 cyber security stories of 2024

  Data breaches, data privacy and protection, and the thorny issue of open source security were all hot topics this year. Meanwhile, security companies frequently found themselves hitting the headlines, and not always for good reasons. Here are ...

• December 10, 2024 10 Dec'24

  Dangerous CLFS and LDAP flaws stand out on Patch Tuesday

  Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol

• December 10, 2024 10 Dec'24

  iOS vuln leaves user data dangerously exposed

  Jamf threat researchers detail an exploit chain for a recently patched iOS vulnerability that enables a threat actor to steal sensitive data, warning that many organisations are still neglecting mobile updates

• December 04, 2024 04 Dec'24

  Nordics move to deepen cyber security cooperation

  Nordic countries are increasing collaboration on cyber security amid more sophisticated and aggressive attacks

• November 27, 2024 27 Nov'24

  Scientists demonstrate Pixelator deepfake image verification tool

  With the age of deepfake imagery upon us, a team led by York St John University researchers has created a tool to help people ‘navigate the fine line between reality and fabrication’

• November 26, 2024 26 Nov'24

  Russian threat actors poised to cripple power grid, UK warns

  UK government escalates cyber rhetoric in a speech at a Nato event, saying Russian advanced persistent threats stand ready to conduct cyber attacks that could ‘turn off the lights for millions’

• November 20, 2024 20 Nov'24

  Apple addresses two iPhone, Mac zero-days

  Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks

• November 12, 2024 12 Nov'24

  Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024

  High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update

• November 12, 2024 12 Nov'24

  Zero-day exploits increasingly sought out by attackers

  Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023

• October 28, 2024 28 Oct'24

  Inside Google Cloud’s secure AI framework

  Google Cloud’s secure AI framework that’s integrated into its Vertex AI platform offers practical tools and guidance to manage the lifecycle, data governance and operational risks of AI

• October 25, 2024 25 Oct'24

  Dutch critical infrastructure at risk despite high leadership confidence

  Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise

• October 22, 2024 22 Oct'24

  Danish government reboots cyber security council amid AI expansion

  Denmark’s government relaunches digital security initiative to protect business sectors and society at large

• October 21, 2024 21 Oct'24

  Can AI be secure? Experts discuss emerging threats and AI safety

  International cyber security experts call for global cooperation and proactive strategies to address the security challenges posed by artificial intelligence

• October 14, 2024 14 Oct'24

  How Zoom is charting its course towards an AI-first platform

  Zoom CEO Eric Yuan talks up his vision for the future of work, the company's transition to an AI-powered platform and what it is doing to stay ahead of rivals

• October 09, 2024 09 Oct'24

  Five zero-days to be fixed on October Patch Tuesday

  Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform

• October 04, 2024 04 Oct'24

  Cups Linux printing bugs open door to DDoS attacks, says Akamai

  The Cups Linux printing vulnerabilities disclosed at the end of September would seem to have a nasty sting in their tail, according to researchers at Akamai

• September 27, 2024 27 Sep'24

  Printing vulnerability affecting Linux distros raises alarm

  Security pros need to get in front of a series of vulnerabilities affecting the Cups Linux printing service after an apparently botched disclosure process saw technical details published in advance of a patch

• September 25, 2024 25 Sep'24

  CrowdStrike apologises to US government for global mega-outage

  CrowdStrike executive Adam Meyers appears before a US government committee to explain the series of errors that led directly to one of the biggest IT outages in history

• September 25, 2024 25 Sep'24

  Splunk and Cisco integration moving apace

  Splunk is rapidly integrating with Cisco’s technology to enable seamless transitions between their platforms while delivering advanced threat detection capabilities

• September 23, 2024 23 Sep'24

  Microsoft shares progress on Secure Future Initiative

  Microsoft has published a progress report on its Secure Future Initiative, launched last year in the wake of multiple security incidents, and made a series of commitments to improve its internal cyber culture

• September 17, 2024 17 Sep'24

  First CyberBoost Catalyse startup cohort named

  The first group of companies named to a cyber incubator programme run by Plexal and the National University of Singapore includes two growing UK businesses

• September 13, 2024 13 Sep'24

  Cyber workforce must almost double to meet global talent need

  Research from ISC2 finds global cyber workforce needs additional 4.8 million people to fully secure businesses

• September 11, 2024 11 Sep'24

  How Sonar is elevating code quality in the age of AI

  Sonar’s code quality platform helps developers maintain secure, high-quality code amid the rise of artificial intelligence-based coding assistants, now expanding into the Asian market

• September 10, 2024 10 Sep'24

  JFrog and GitHub unveil open source security integrations

  Secure software specialist JFrog is working with code development service GitHub to integrate the onboard capabilities of its Software Supply Chain Platform service into GitHub’s platform

• September 09, 2024 09 Sep'24

  Multiple Veeam vulns spark concern among defenders

  Veeam users are urged to patch a series of vulnerabilities in the firm’s Backup & Replication product to get out ahead of potential exploitation by ransomware gangs

• September 04, 2024 04 Sep'24

  PyPI loophole puts thousands of packages at risk of compromise

  Thousands of PyPI packages are at risk of an attack technique dubbed Revival Hijack, which exploits a loophole in the platform’s package naming feature

• August 29, 2024 29 Aug'24

  Study highlights secure software supply chain best practices

  Security trends report from open source firm shows the approaches IT leaders take to secure their software supply chain