News
Web application security
-
September 02, 2025
02
Sep'25
JFrog extends DevSecOps playbook to AI governance
The software security specialist is leveraging its capabilities in DevSecOps to address security, data provenance and bias in AI models
-
August 28, 2025
28
Aug'25
UK cyber security centre helps expose China-based cyber campaign
GCHQ cyber security centre and its international partners release details of malicious cyber activity linked to Chinese businesses
-
August 25, 2025
25
Aug'25
How to secure the identity perimeter and prepare for AI agents
Ping Identity CEO Andre Durand explains why identity has become the critical security battleground, how decentralised credentials will reduce data breach risks, and why AI agents will need their own identities to be trusted
-
August 12, 2025
12
Aug'25
Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list
Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update
-
August 12, 2025
12
Aug'25
UK work visa sponsors are target of phishing campaign
Mimecast identifies a phishing campaign targeting UK organisations that sponsor migrant workers and students, opening the door to account compromise and visa fraud
-
August 06, 2025
06
Aug'25
Black Hat USA: Startup breaks secrets management tools
Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms
-
August 06, 2025
06
Aug'25
Companies House ID verification to start in November 2025
Companies House plans to start vetting director identities from mid-November, but its reliance on the troubled One Login digital identity service may be cause for concern
-
August 04, 2025
04
Aug'25
Proliferation of on-premise GenAI platforms is widening security risks
Research finds increased adoption of unsanctioned generative artificial intelligence platforms is magnifying risk and causing a headache for security teams
-
August 01, 2025
01
Aug'25
Securing agentic identities focus of Palo Alto’s CyberArk buy
Palo Alto Networks is entering the identity security space with a multibillion-dollar acquisition, and plans to address growing concerns around protecting identities associated with AI agents
-
July 30, 2025
30
Jul'25
Apple pushes almost 30 security fixes in mobile update
Apple pushes what will likely be the last major security update to its current iPhone and iPad operating systems, fixing 29 vulnerabilities in its mobile ecosystem
-
July 30, 2025
30
Jul'25
AI-enabled security pushes down breach costs for UK organisations
Organisations that are incorporating AI and automation into their cyber security practice are seeing improved outcomes when incidents occur, according to an IBM study
-
July 21, 2025
21
Jul'25
Patch ToolShell SharePoint zero-day immediately, says Microsoft
The active exploitation of a dangerous zero-day vulnerability chain in Microsoft SharePoint – which was disclosed over the weekend – is underway. Immediate action is advised
-
July 21, 2025
21
Jul'25
Singapore under ongoing cyber attack from APT group
Nation-state actor UNC3886 is actively targeting Singapore’s critical national infrastructure in a sophisticated espionage and disruption campaign, with the country mounting a whole-of-government response
-
July 18, 2025
18
Jul'25
NCSC exposes Fancy Bear's Authentic Antics malware attacks
Amid a new round of UK government sanctions targeting Moscow's intelligence apparatus, the NCSC has formally attributed attacks orchestrated with a cleverly-designed malware to the GRU's Fancy Bear cyber unit
-
July 16, 2025
16
Jul'25
Securonix tackles security data deluge with AI-driven platform
As security data volumes grow and security budgets tighten, Securonix is betting on its AI-driven platform to help businesses manage threats cost-effectively, says its CEO
-
July 15, 2025
15
Jul'25
Current approaches to patching unsustainable, report says
Organisations are struggling to prioritise vulnerability patching appropriately, leading to situations where everything is a crisis, which helps nobody, according to a report
-
July 15, 2025
15
Jul'25
NCSC sets up Vulnerability Research Initiative
The NCSC is expanding its vulnerability research project to draw in external expertise
-
July 08, 2025
08
Jul'25
July Patch Tuesday brings over 130 new flaws to address
Microsoft patched well over 100 new common vulnerabilities and exposures on the second Tuesday of the month, but its latest update is mercifully light on zero-days
-
July 02, 2025
02
Jul'25
Google fixes type confusion flaw in Chrome browser
An actively exploited type confusion vulnerability in the Google Chrome web browser needs immediate attention from users
-
July 02, 2025
02
Jul'25
Dutch study uncovers cognitive biases undermining cyber security board decisions
Dutch research reveals how cognitive biases can lead to catastrophic security decisions
-
July 02, 2025
02
Jul'25
Qantas customer data exposed in contact centre breach
Australian flag carrier is investigating significant data theft of personal information for up to six million customers after a third-party platform used by its call centre was compromised
-
July 01, 2025
01
Jul'25
Cloudflare to let customers block AI web crawlers
Publishers and other providers of creative content now have the option to block AI crawlers from accessing and scraping their intellectual property with new tools from Cloudflare.
-
June 11, 2025
11
Jun'25
June Patch Tuesday brings a lighter load for defenders
Barely 70 vulnerabilities make the cut for Microsoft’s monthly security update, but an RCE flaw in WEBDAV and an EoP issue in Windows SMB Client still warrant close attention
-
June 06, 2025
06
Jun'25
CISOs must translate cyber threats into business risk
To manage risk effectively and secure board-level buy-in, CISOs must stop talking about technology and start speaking the language of business, according to a senior Check Point executive
-
June 05, 2025
05
Jun'25
HMRC phishing breach wholly avoidable, but hard to stop
A breach at HMRC saw innocent taxpayers tricked into letting scammers impersonate them through simple phishing attacks leading to account takeover. Such attacks are avoidable, but hard to stop
-
June 04, 2025
04
Jun'25
NCSC sets out how to build cyber safe cultures
The UK’s National Cyber Security Centre has published guidance for security teams and leaders on how to foster accessible and appropriate cyber security cultures in their organisations
-
May 30, 2025
30
May'25
Dutch businesses lag behind in cyber resilience as threats escalate
While non-IT business professionals in the middle of their careers face the most disruption from AI, professionals in the IT services sector and their employers must prepare for change
-
May 15, 2025
15
May'25
NHS asks suppliers to sign up to cyber covenant
NHS digital and security leaders call on their suppliers to commit to a cyber security charter as the health service works to improve its resilience in the face of growing threat levels
-
May 14, 2025
14
May'25
Enisa launches European vulnerability database
The EU’s new vulnerability database is designed to offer a broader, more transparent source of information on new cyber vulnerabilities
-
May 13, 2025
13
May'25
May Patch Tuesday brings five exploited zero-days to fix
Microsoft fixes five exploited, and two publicly disclosed, zero-days in the fifth Patch Tuesday update of 2025
-
May 09, 2025
09
May'25
Ransomware: What the LockBit 3.0 data leak reveals
An administration interface instance for the ransomware franchise's affiliates was attacked on 29 April. Data from its SQL database has been extracted and disclosed
-
May 08, 2025
08
May'25
UK government websites to replace passwords with secure passkeys
Government websites are to replace difficult-to-remember passwords with highly secure passkeys that will protect against phishing and cyber attackers
-
May 07, 2025
07
May'25
Meta awarded $167m in court battle with spyware mercenaries
WhatsApp owner Meta is awarded millions of dollars in damages and compensation after its service was exploited by users of mercenary spyware developer NSO’s infamous Pegasus mobile malware
-
May 07, 2025
07
May'25
Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring
Research from Sans Institute reveals European organisations are leading a global shift in hiring priorities, driven by regional regulatory frameworks
-
May 01, 2025
01
May'25
Thomas Herdman’s legal battle over Sky ECC encrypted phone distribution set to enter fifth year
Computer Weekly speaks to Julie Kawai Herdman, daughter of Thomas Herdman, the only person in custody for distributing Sky ECC encrypted phones
-
April 30, 2025
30
Apr'25
Current SaaS delivery model a risk management nightmare, says CISO
JPMorgan Chase security chief Patrick Opet laments the state of SaaS security in an open letter to the industry and calls on software providers to do more to enhance resilience
-
April 25, 2025
25
Apr'25
M&S suspends all online sales as cyber attack worsens
M&S shuts down online sales as it works to contain and mitigate a severe cyber attack on its systems
-
April 23, 2025
23
Apr'25
Amid uncertainty, Armis becomes newest CVE numbering authority
Amid an uncertain future for vulnerability research, exposure management company Armis has been given the authority to assign CVE IDs to newly discovered vulnerabilities
-
April 22, 2025
22
Apr'25
AI-powered APIs proving highly vulnerable to attack
The growth of AI is proving a double-edged sword for API security, presenting opportunities for defenders to enhance their resilience, but also more risks from AI-powered attacks, according to report
-
April 21, 2025
21
Apr'25
CW Innovation Awards: Transforming cyber security with AI
Facing rising cyber threats and a shortage of experts, Citic Telecom International CPC developed an AI-powered penetration testing tool to automate security audits and reduce costs
-
April 16, 2025
16
Apr'25
CISA extends Mitre CVE contract at last moment
The US Cybersecurity and Infrastructure Security Agency has ridden to the rescue of the under-threat Mitre CVE Programme, approving a last-minute, 11-month contract extension to preserve the project’s vital security vulnerability work
-
April 16, 2025
16
Apr'25
CVE Foundation pledges continuity after Mitre funding cut
With news that Mitre’s contract to run the world-renowned CVE Programme is abruptly terminating, a breakaway group is setting up a non-profit foundation to try to ensure the project’s continuity
-
April 15, 2025
15
Apr'25
Mitre warns over lapse in CVE coverage
Mitre, the operator of the world-renowned CVE repository, has warned of significant impacts to global cyber security standards, and increased risk from threat actors, as it emerges its US government contract will lapse imminently
-
April 11, 2025
11
Apr'25
Warranty fraud fuels hidden army of hardware hackers
Widespread warranty fraud is not only costing companies billions but also creating a breeding ground for advanced hardware exploits, warns hardware hacker and researcher Bunnie Huang at Black Hat Asia 2025
-
April 10, 2025
10
Apr'25
Google bets on unifying security tools to ease CISO pain
At Google Cloud Next in Las Vegas, Google launches its Unified Security platform with the goal of bringing together disparate security solutions to help cyber leaders and practitioners address their most keenly felt pain points
-
April 08, 2025
08
Apr'25
NCSC issues warning over Chinese Moonshine and BadBazaar spyware
Two spyware variants are being used to target the mobile devices of persons of interest to Chinese intelligence, including individuals in the Taiwanese, Tibetan and Uyghur communities
-
April 08, 2025
08
Apr'25
Spoofing vuln threatens security of WhatsApp Windows users
Meta has disclosed and patched a potentially dangerous spoofing flaw in WhatsApp for Windows that could have caused big problems for unwitting users
-
April 07, 2025
07
Apr'25
NIST calls time on older vulnerabilities amid surging disclosures
The National Institute of Standards and Technology is deferring future updates to thousands of cyber vulnerabilities discovered prior to 2018 amid surging volumes of new submissions
-
April 04, 2025
04
Apr'25
Norway and Nordic financial sector ramps up cyber security
Finans Norge sets up cyber security unit CTSU to support the finance sector in Norway amid increasing threats
-
April 03, 2025
03
Apr'25
Are LLM firewalls the future of AI security?
As large language models permeate industries, experts at Black Hat Asia 2025 debate the need for LLM firewalls and explore their role in fending off emerging AI threats