News

Web application security

• December 05, 2025 05 Dec'25

  Cyber teams on alert as React2Shell exploitation spreads

  Exploitation of an RCE flaw in a widely-used open source library is spreading quickly, with China-backed threat actors in the driving seat

• December 05, 2025 05 Dec'25

  Cloudflare fixes second outage in a month

  A change to web application firewall policies at Cloudflare caused problems across the internet less than three weeks after another major outage at the service, but no cyber attack is suspected

• December 03, 2025 03 Dec'25

  NCSC and BT block a billion dangerous clicks

  A protective service jointly developed by the NCSC and BT has disrupted over a billion potential cyber incidents by stopping members of the public from clicking through to dangerous websites

• December 03, 2025 03 Dec'25

  Post Office avoids £1m fine over botched website upgrade data breach

  The Information Commissioner’s Office considered fining the Post Office £1m for a 2024 data breach that let subpostmasters down again

• December 03, 2025 03 Dec'25

  Women in Cybersecurity Middle East marks five years of impact at Black Hat MEA

  As AI reshapes the regional cyber security landscape, diversity and skills development remain at the heart of building a resilient digital workforce

• December 02, 2025 02 Dec'25

  AWS targets vulnerable code with security agent

  At AWS re:Invent 2025, the cloud giant unveiled a security agent designed to bridge the gap between development speed and security validation, along with the general availability of Security Hub analytics

• December 02, 2025 02 Dec'25

  Strategic shift pays off as Okta bids to ease agentic AI risk

  Nine months after restructuring its go-to-market, Okta is buoyed by a growing recognition of how crucial identity has become thanks to the spread of AI agents

• November 26, 2025 26 Nov'25

  US breach reinforces need to plug third-party security weaknesses

  Cyber breach at US financial sector tech provider highlights the risk of third-party vulnerabilities in finance ecosystems

• November 19, 2025 19 Nov'25

  UAE to launch first space-to-ground quantum communication network

  Technology Innovation Institute and Space42 unveil a collaboration at the Dubai Airshow to deliver the UAE’s first space-enabled quantum communication network, strengthening national cyber resilience and advancing sovereign leadership in ...

• November 12, 2025 12 Nov'25

  Microsoft users warned over privilege elevation flaw

  An elevation of privilege vulnerability in Windows Kernel tops the list of issues to address in the latest monthly Patch Tuesday update

• November 07, 2025 07 Nov'25

  Popular LLMs dangerously vulnerable to iterative attacks, says Cisco

  Cisco researchers probed some of the most widely used public GenAI LLMs and found many of them were dangerously susceptible to so-called multi-turn cyber attacks producing undesirable outputs

• November 07, 2025 07 Nov'25

  How Palo Alto Networks is leveraging AI

  Palo Alto Networks CIO Meerah Rajavel explains how the company is using AI to sieve through 90 billion security events a day, and why security and user experience are two sides of the same coin

• November 05, 2025 05 Nov'25

  Darktrace: Developer tools under constant attack

  Attackers are using automated tools to target development environments within seconds of them going live, warns Darktrace’s global field chief information security officer

• November 05, 2025 05 Nov'25

  Dutch boardroom cyber security knowledge gap exposed

  Cyber security governance professor warns that executives lack the capability to assess cyber threats in implementation approaches

• November 05, 2025 05 Nov'25

  Bugcrowd brings Mayhem AI to bear on ethical hacking community

  Bugcrowd acquires scaleup Mayhem Security to enhance the ingenuity of its human hackers with AI-backed software testing capabilities

• November 04, 2025 04 Nov'25

  UAE Sovereign Launchpad begins nationwide roll-out with support from e& and AWS

  The cloud infrastructure platform aims to strengthen digital resilience and regulatory compliance across government and regulated sectors in the United Arab Emirates

• October 06, 2025 06 Oct'25

  Oracle patches E-Business suite targeted by Cl0p ransomware

  Oracle pushes a patch for a dangerous zero-day under active exploitation by one of the most notorious ransomware gangs around

• October 05, 2025 05 Oct'25

  Nakivo expands Proxmox backup and DR capabilities in v11.1

  Latest version of Backup & Replication adds MSP features, plus Proxmox VM backup functionality, while Nakivo responds to critical vulnerability it was tipped off about in February

• September 30, 2025 30 Sep'25

  Google unveils AI-powered security to trap ransomware attacks

  The new security capability, available at no extra cost for most Google Workspace users, detects mass file encryption during ransomware attacks, stops the attacks from spreading and allows for restoration of files

• September 29, 2025 29 Sep'25

  JLR tentatively restarts production, following £1.5bn government backing

  Jaguar Land Rover is to resume car production after a £1.5bn government loan guarantee amid its cyber attack fallout. Debate is growing over the bailout and insurance

• September 26, 2025 26 Sep'25

  Over half of India-based companies suffer security breaches

  Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year

• September 26, 2025 26 Sep'25

  Okta CEO: AI security and identity security are one and the same

  At Oktane 2025 in Las Vegas, Okta CEO Todd McKinnon describes AI security and identity security as inseparable as he tees up a series of agentic security innovations

• September 25, 2025 25 Sep'25

  Netherlands establishes cyber resilience network to strengthen public-private digital defence

  Network will connect organisations in a cyber crime defence initiative that goes way beyond information sharing

• September 23, 2025 23 Sep'25

  SolarWinds warns over dangerous RCE flaw

  A newly uncovered RCE flaw in SolarWinds’ helpdesk product bypasses two previously issued fixes, and users should prioritise updates as exploitation is likely to occur

• September 23, 2025 23 Sep'25

  Jaguar Land Rover extends cyber attack-induced shutdown to October

  Jaguar Land Rover is extending its production shutdown caused by the 31 August cyber attack into next month, as government ministers drop by and supply chain workers lose wages

• September 17, 2025 17 Sep'25

  Microsoft scores win against Office 365 credential thieves

  Microsoft’s Digital Crimes Unit disrupts a major phishing-as-a-service operation that targeted and stole Office 365 usernames and credentials

• September 09, 2025 09 Sep'25

  Splunk.conf: Splunk urges users to eat their ‘cyber veggies’

  The dawn of AI-enabled cyber attacks makes it even more important for defenders to bring their A-game, particularly when it comes to getting the basics right

• September 02, 2025 02 Sep'25

  JFrog extends DevSecOps playbook to AI governance

  The software security specialist is leveraging its capabilities in DevSecOps to address security, data provenance and bias in AI models

• August 28, 2025 28 Aug'25

  UK cyber security centre helps expose China-based cyber campaign

  GCHQ cyber security centre and its international partners release details of malicious cyber activity linked to Chinese businesses

• August 25, 2025 25 Aug'25

  How to secure the identity perimeter and prepare for AI agents

  Ping Identity CEO Andre Durand explains why identity has become the critical security battleground, how decentralised credentials will reduce data breach risks, and why AI agents will need their own identities to be trusted

• August 12, 2025 12 Aug'25

  Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list

  Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update

• August 12, 2025 12 Aug'25

  UK work visa sponsors are target of phishing campaign

  Mimecast identifies a phishing campaign targeting UK organisations that sponsor migrant workers and students, opening the door to account compromise and visa fraud

• August 06, 2025 06 Aug'25

  Black Hat USA: Startup breaks secrets management tools

  Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms

• August 06, 2025 06 Aug'25

  Companies House ID verification to start in November 2025

  Companies House plans to start vetting director identities from mid-November, but its reliance on the troubled One Login digital identity service may be cause for concern

• August 04, 2025 04 Aug'25

  Proliferation of on-premise GenAI platforms is widening security risks

  Research finds increased adoption of unsanctioned generative artificial intelligence platforms is magnifying risk and causing a headache for security teams

• August 01, 2025 01 Aug'25

  Securing agentic identities focus of Palo Alto’s CyberArk buy

  Palo Alto Networks is entering the identity security space with a multibillion-dollar acquisition, and plans to address growing concerns around protecting identities associated with AI agents

• July 30, 2025 30 Jul'25

  Apple pushes almost 30 security fixes in mobile update

  Apple pushes what will likely be the last major security update to its current iPhone and iPad operating systems, fixing 29 vulnerabilities in its mobile ecosystem

• July 30, 2025 30 Jul'25

  AI-enabled security pushes down breach costs for UK organisations

  Organisations that are incorporating AI and automation into their cyber security practice are seeing improved outcomes when incidents occur, according to an IBM study

• July 21, 2025 21 Jul'25

  Patch ToolShell SharePoint zero-day immediately, says Microsoft

  The active exploitation of a dangerous zero-day vulnerability chain in Microsoft SharePoint – which was disclosed over the weekend – is underway. Immediate action is advised

• July 21, 2025 21 Jul'25

  Singapore under ongoing cyber attack from APT group

  Nation-state actor UNC3886 is actively targeting Singapore’s critical national infrastructure in a sophisticated espionage and disruption campaign, with the country mounting a whole-of-government response

• July 18, 2025 18 Jul'25

  NCSC exposes Fancy Bear's Authentic Antics malware attacks

  Amid a new round of UK government sanctions targeting Moscow's intelligence apparatus, the NCSC has formally attributed attacks orchestrated with a cleverly-designed malware to the GRU's Fancy Bear cyber unit

• July 16, 2025 16 Jul'25

  Securonix tackles security data deluge with AI-driven platform

  As security data volumes grow and security budgets tighten, Securonix is betting on its AI-driven platform to help businesses manage threats cost-effectively, says its CEO

• July 15, 2025 15 Jul'25

  Current approaches to patching unsustainable, report says

  Organisations are struggling to prioritise vulnerability patching appropriately, leading to situations where everything is a crisis, which helps nobody, according to a report

• July 15, 2025 15 Jul'25

  NCSC sets up Vulnerability Research Initiative

  The NCSC is expanding its vulnerability research project to draw in external expertise

• July 08, 2025 08 Jul'25

  July Patch Tuesday brings over 130 new flaws to address

  Microsoft patched well over 100 new common vulnerabilities and exposures on the second Tuesday of the month, but its latest update is mercifully light on zero-days

• July 02, 2025 02 Jul'25

  Google fixes type confusion flaw in Chrome browser

  An actively exploited type confusion vulnerability in the Google Chrome web browser needs immediate attention from users

• July 02, 2025 02 Jul'25

  Dutch study uncovers cognitive biases undermining cyber security board decisions

  Dutch research reveals how cognitive biases can lead to catastrophic security decisions

• July 02, 2025 02 Jul'25

  Qantas customer data exposed in contact centre breach

  Australian flag carrier is investigating significant data theft of personal information for up to six million customers after a third-party platform used by its call centre was compromised

• July 01, 2025 01 Jul'25

  Cloudflare to let customers block AI web crawlers

  Publishers and other providers of creative content now have the option to block AI crawlers from accessing and scraping their intellectual property with new tools from Cloudflare.

• June 11, 2025 11 Jun'25

  June Patch Tuesday brings a lighter load for defenders

  Barely 70 vulnerabilities make the cut for Microsoft’s monthly security update, but an RCE flaw in WEBDAV and an EoP issue in Windows SMB Client still warrant close attention