News

Web application security

• March 19, 2026 19 Mar'26

  Gartner: Ditch ‘big transformation’ cyber strategies for continuous improvement

  As artificial intelligence reshapes the enterprise, CISOs must abandon risky big bang security transformation initiatives in favour of incremental changes to build cyber resilience

• March 19, 2026 19 Mar'26

  Apple issues first Background patch for WebKit browser flaw

  Apple’s first ever Background Security Update fixes a WebKit browser engine bug that could enable threat actors to see and steal important data from their victims

• March 16, 2026 16 Mar'26

  Companies House restarts online services following cyber breach

  Companies House was forced to pull its WebFiling service offline at the weekend after it emerged that a flawed update was putting data at risk of exposure

• March 11, 2026 11 Mar'26

  Salesforce tracks possible ShinyHunters campaign targeting its users

  Salesforce warns users of an uptick in malicious activity targeting Experience Cloud customers with misconfigured user settings via an open source tool

• March 10, 2026 10 Mar'26

  Microsoft patches zero-days in .NET and SQL Server

  Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft’s March Patch Tuesday update

• March 10, 2026 10 Mar'26

  WA auditor general flags weak Microsoft 365 security controls across state entities

  Western Australia’s Office of the Auditor General has uncovered weaknesses in M365 configurations across seven government agencies, leading to compromised accounts and data breaches

• March 09, 2026 09 Mar'26

  Trump looks to power up post-quantum, AI security

  The US has unveiled a six-pillar national cyber security strategy, with developing technological areas such as post-quantum cryptography and artificial intelligence front and centre

• March 09, 2026 09 Mar'26

  APT36 unleashes AI-generated ‘vibeware’ to flood targets

  The Pakistani threat group has been using AI to rewrite malicious code across multiple programming languages, prioritising scale over sophistication to evade detection, security researchers have found

• March 05, 2026 05 Mar'26

  Spyware suppliers exploit more zero-days than nation states

  Exploitation of zero-days by commercial surveillance and spyware developers outpaced exploitation by nation-state actors last year, according to a report

• February 25, 2026 25 Feb'26

  Application exploitation back in vogue, says IBM cyber unit

  IBM’s X-Force unit observes an uptick in the exploitation of vulnerable public-facing software applications

• February 23, 2026 23 Feb'26

  Innovate UK cyber startup programme gets £10m funding booster

  Graduates of DSIT and Innovate UK's CyberASAP scheme to commercialise cutting-edge cyber research projects have raised nearly £50m in the past decade

• February 23, 2026 23 Feb'26

  Why crypto agility is key to quantum readiness

  With quantum computing threatening current encryption standards, experts call for organisations to achieve crypto agility by managing the lifecycle of certificates and cryptographic keys through automation

• February 19, 2026 19 Feb'26

  PromptSpy Android malware may exploit Gemini AI

  A newly uncovered malware targeting the Android operating system seems to exploit Google’s Gemini GenAI tool to help it maintain persistence

• February 18, 2026 18 Feb'26

  Flaws in Google and Microsoft products added to Cisa catalogue

  Cisa has added six CVEs to its Kev catalogue this week, including newly disclosed issues in Google Chromium and Dell RecoverPoint for Virtual Machines, and some older flaws as well

• February 11, 2026 11 Feb'26

  CVE volumes may plausibly reach 100,000 this year

  The number of vulnerabilities to be disclosed in 2026 is almost certain to exceed last year's total, and may be heading towards 100,000, according to analysis

• February 10, 2026 10 Feb'26

  Arctic Wolf targets mid-market security gap in APAC

  Following the launch of its full portfolio in Malaysia, the SOC provider discusses the security challenges facing lean IT teams, the value of supplier neutrality, and its roadmap for AI and ransomware protection

• February 10, 2026 10 Feb'26

  February Patch Tuesday: Microsoft drops six zero-days

  Microsoft releases patches for six zero-day flaws in its latest monthly update, many of them related to security feature bypass issues

• February 10, 2026 10 Feb'26

  Researchers delve inside new SolarWinds RCE attack chain

  Researchers at Huntress and Microsoft have shared findings from their analysis of a new SolarWinds Web Help Desk vulnerability

• February 04, 2026 04 Feb'26

  SolarWinds RCE bug makes Cisa list as exploitation spreads

  Exploitation of CVE-2025-40551, an RCE flaw affecting SolarWinds Web Help Desk, appears to be spreading, with defenders on high alert

• February 02, 2026 02 Feb'26

  Canva uses 1Password to secure ID during growth phase

  As it underwent a growth spurt in the early 2020s, graphic design platform Canva turned to 1Password to manage identity across its expanding organisation

• February 02, 2026 02 Feb'26

  Interview: Why identity is the nucleus for cyber security

  Amid a wave of market consolidation, Computer Weekly speaks to Keeper Security’s leadership on how identity and access management systems are becoming unified identity platforms capable of securing both human and machine identities

• January 15, 2026 15 Jan'26

  Cyber body ISC2 signs on as UK software security ambassador

  Professional cyber association ISC2 pledges support to UK government’s Software Security Ambassador scheme, part of the recently unveiled Cyber Action Plan

• January 14, 2026 14 Jan'26

  Texas judge throws out second lawsuit over CrowdStrike outage

  A US judge has dismissed a lawsuit filed by CrowdStrike shareholders over the July 2024 outage that caused widespread disruption around the world

• January 13, 2026 13 Jan'26

  Microsoft patches 112 CVEs on first Patch Tuesday of 2026

  January brings a larger-than-of-late Patch Tuesday update out of Redmond, but an uptick in disclosures is often expected at this time of year

• January 13, 2026 13 Jan'26

  ‘Dual-channel’ attacks are the new face of BEC in 2026

  Business email compromise remains a significant threat as cyber fraudsters deploy a more diverse range of tactics against their potential victims, according to a report

• January 12, 2026 12 Jan'26

  Business leaders see AI risks and fraud outpacing ransomware, says WEF

  C-suite executives are more concerned with risks arising from AI vulnerabilities and cyber fraud than ransomware, according to the World Economic Forum

• January 12, 2026 12 Jan'26

  Intersec Dubai highlights why AI has become critical in the race against cyber attackers

  Cigna Healthcare’s Jean Wiles warns that healthcare security teams must act faster without sacrificing accuracy or compliance as threats driven by artificial intelligence scale

• January 11, 2026 11 Jan'26

  UAE’s VentureOne to deploy secure autonomy technologies in Europe through Unikie and Solita partners

  Partnerships with Finland’s Unikie and Solita will bring UAE-developed secure autonomy technologies to critical infrastructure, public safety and AI-enabled operations across Northern Europe

• January 09, 2026 09 Jan'26

  Agentic AI requires rethink of cloud security strategy

  Security leaders discuss the rise of agentic AI, warning that autonomous agents operating at machine speed will require organisations to move away from static protection towards behavioural monitoring and automated reasoning

• January 08, 2026 08 Jan'26

  Like it or not, AI will transform cyber strategy in 2026

  Bubble or no bubble, from cyber skills to defensive strategies to governance, risk and compliance, artificial intelligence will remake the cyber world in 2026

• December 29, 2025 29 Dec'25

  Top 10 cyber security stories of 2025

  AI dominated all tech conversations this year, but the concerns of cyber security professionals extend far beyond. From remote work to supply chains, quantum to identity, there were plenty of other topics for the industry to chew over in 2025.

• December 18, 2025 18 Dec'25

  AI safeguards improving, says UK government-backed body

  Inaugural AI Security Institute report claims that safeguards in place to ensure AI models behave as intended seem to be improving

• December 09, 2025 09 Dec'25

  Microsoft patched over 1,100 CVEs in 2025

  The final Patch Tuesday update of the year brings 56 new CVEs, bringing the year-end total to more than 1,100

• December 08, 2025 08 Dec'25

  NCSC warns of confusion over true nature of AI prompt injection

  Malicious prompt injections to manipulate GenAI large language models are being wrongly compared to classical SQL injection attacks. In reality, prompt injection may be a far worse problem, says the UK’s NCSC

• December 05, 2025 05 Dec'25

  Cyber teams on alert as React2Shell exploitation spreads

  Exploitation of an RCE flaw in a widely used open source library is spreading quickly, with China-backed threat actors in the driving seat

• December 05, 2025 05 Dec'25

  Cloudflare fixes second outage in a month

  A change to web application firewall policies at Cloudflare caused problems across the internet less than three weeks after another major outage at the service, but no cyber attack is suspected

• December 03, 2025 03 Dec'25

  NCSC and BT block a billion dangerous clicks

  A protective service jointly developed by the NCSC and BT has disrupted over a billion potential cyber incidents by stopping members of the public from clicking through to dangerous websites

• December 03, 2025 03 Dec'25

  Post Office avoids £1m fine over botched website upgrade data breach

  The Information Commissioner’s Office considered fining the Post Office £1m for a 2024 data breach that let subpostmasters down again

• December 03, 2025 03 Dec'25

  Women in Cybersecurity Middle East marks five years of impact at Black Hat MEA

  As AI reshapes the regional cyber security landscape, diversity and skills development remain at the heart of building a resilient digital workforce

• December 02, 2025 02 Dec'25

  AWS targets vulnerable code with security agent

  At AWS re:Invent 2025, the cloud giant unveiled a security agent designed to bridge the gap between development speed and security validation, along with the general availability of Security Hub analytics

• December 02, 2025 02 Dec'25

  Strategic shift pays off as Okta bids to ease agentic AI risk

  Nine months after restructuring its go-to-market, Okta is buoyed by a growing recognition of how crucial identity has become thanks to the spread of AI agents

• November 26, 2025 26 Nov'25

  US breach reinforces need to plug third-party security weaknesses

  Cyber breach at US financial sector tech provider highlights the risk of third-party vulnerabilities in finance ecosystems

• November 19, 2025 19 Nov'25

  UAE to launch first space-to-ground quantum communication network

  Technology Innovation Institute and Space42 unveil a collaboration at the Dubai Airshow to deliver the UAE’s first space-enabled quantum communication network, strengthening national cyber resilience and advancing sovereign leadership in ...

• November 12, 2025 12 Nov'25

  Microsoft users warned over privilege elevation flaw

  An elevation of privilege vulnerability in Windows Kernel tops the list of issues to address in the latest monthly Patch Tuesday update

• November 07, 2025 07 Nov'25

  Popular LLMs dangerously vulnerable to iterative attacks, says Cisco

  Cisco researchers probed some of the most widely used public GenAI LLMs and found many of them were dangerously susceptible to so-called multi-turn cyber attacks producing undesirable outputs

• November 07, 2025 07 Nov'25

  How Palo Alto Networks is leveraging AI

  Palo Alto Networks CIO Meerah Rajavel explains how the company is using AI to sieve through 90 billion security events a day, and why security and user experience are two sides of the same coin

• November 05, 2025 05 Nov'25

  Darktrace: Developer tools under constant attack

  Attackers are using automated tools to target development environments within seconds of them going live, warns Darktrace’s global field chief information security officer

• November 05, 2025 05 Nov'25

  Dutch boardroom cyber security knowledge gap exposed

  Cyber security governance professor warns that executives lack the capability to assess cyber threats in implementation approaches

• November 05, 2025 05 Nov'25

  Bugcrowd brings Mayhem AI to bear on ethical hacking community

  Bugcrowd acquires scaleup Mayhem Security to enhance the ingenuity of its human hackers with AI-backed software testing capabilities

• November 04, 2025 04 Nov'25

  UAE Sovereign Launchpad begins nationwide roll-out with support from e& and AWS

  The cloud infrastructure platform aims to strengthen digital resilience and regulatory compliance across government and regulated sectors in the United Arab Emirates