News
Web application security
-
April 21, 2025
21
Apr'25
CW Innovation Awards: Transforming cyber security with AI
Facing rising cyber threats and a shortage of experts, Citic Telecom International CPC developed an AI-powered penetration testing tool to automate security audits and reduce costs
-
April 16, 2025
16
Apr'25
CISA extends Mitre CVE contract at last moment
The US Cybersecurity and Infrastructure Security Agency has ridden to the rescue of the under-threat Mitre CVE Programme, approving a last-minute, 11-month contract extension to preserve the project’s vital security vulnerability work
-
April 16, 2025
16
Apr'25
CVE Foundation pledges continuity after Mitre funding cut
With news that Mitre’s contract to run the world-renowned CVE Programme is abruptly terminating, a breakaway group is setting up a non-profit foundation to try to ensure the project’s continuity
-
April 15, 2025
15
Apr'25
Mitre warns over lapse in CVE coverage
Mitre, the operator of the world-renowned CVE repository, has warned of significant impacts to global cyber security standards, and increased risk from threat actors, as it emerges its US government contract will lapse imminently
-
April 11, 2025
11
Apr'25
Warranty fraud fuels hidden army of hardware hackers
Widespread warranty fraud is not only costing companies billions but also creating a breeding ground for advanced hardware exploits, warns hardware hacker and researcher Bunnie Huang at Black Hat Asia 2025
-
April 10, 2025
10
Apr'25
Google bets on unifying security tools to ease CISO pain
At Google Cloud Next in Las Vegas, Google launches its Unified Security platform with the goal of bringing together disparate security solutions to help cyber leaders and practitioners address their most keenly felt pain points
-
April 08, 2025
08
Apr'25
NCSC issues warning over Chinese Moonshine and BadBazaar spyware
Two spyware variants are being used to target the mobile devices of persons of interest to Chinese intelligence, including individuals in the Taiwanese, Tibetan and Uyghur communities
-
April 08, 2025
08
Apr'25
Spoofing vuln threatens security of WhatsApp Windows users
Meta has disclosed and patched a potentially dangerous spoofing flaw in WhatsApp for Windows that could have caused big problems for unwitting users
-
April 07, 2025
07
Apr'25
NIST calls time on older vulnerabilities amid surging disclosures
The National Institute of Standards and Technology is deferring future updates to thousands of cyber vulnerabilities discovered prior to 2018 amid surging volumes of new submissions
-
April 04, 2025
04
Apr'25
Norway and Nordic financial sector ramps up cyber security
Finans Norge sets up cyber security unit CTSU to support the finance sector in Norway amid increasing threats
-
April 03, 2025
03
Apr'25
Are LLM firewalls the future of AI security?
As large language models permeate industries, experts at Black Hat Asia 2025 debate the need for LLM firewalls and explore their role in fending off emerging AI threats
-
April 01, 2025
01
Apr'25
Gmail ‘bubble’ encryption may be an S/MIME killer, says Google
Marking the 21st anniversary of Gmail, Google is preparing to roll out an end-to-end encryption standard for its email service in hopes of democratising encryption and leaving old standards in the dust
-
April 01, 2025
01
Apr'25
Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order
Home Office refuses to answer questions from Lords over technical capability notice issued against Apple’s iCloud Advanced Data Protection encryption services
-
March 18, 2025
18
Mar'25
Largest ever cyber deal reflects Google’s CNAPP ambitions
In a signal of its future ambitions, Google lays down $32bn to acquire cloud-native application protection platform Wiz, reflecting the increasing need to secure multicloud environments
-
March 12, 2025
12
Mar'25
iPhone, iPad update fixes critical WebKit flaw
iPhone and iPad users are advised to update their devices as Apple addresses an out-of-bounds write issue in the WebKit browser engine that appears to have been exploited in targeted cyber attacks
-
March 11, 2025
11
Mar'25
March Patch Tuesday brings 57 fixes, multiple zero-days
The third Patch Tuesday of 2025 brings fixes for 57 flaws and a hefty number of zero-days
-
March 11, 2025
11
Mar'25
UK government under-prepared for catastrophic cyber attack, hears PAC
The Commons Public Accounts Committee heard government IT leaders respond to recent National Audit Office findings that the government’s cyber resilience is under par
-
March 01, 2025
01
Mar'25
Ransomware: from REvil to Black Basta, what do we know about Tramp?
This key member of the Black Basta ransomware gang is wanted by the US justice system. He narrowly escaped extradition at the end of June 2024 - with the help of highly-placed contacts in Moscow, according to him
-
February 27, 2025
27
Feb'25
CVE volumes head towards 50,000 in 2025, analysts claim
Many trends, notably a big shift to open source tools, are behind an expected boom in the number of disclosed vulnerabilities
-
February 23, 2025
23
Feb'25
Check Point co-founder on AI, quantum and independence
Gil Shwed, Check Point’s co-founder and executive chairman, discusses the company’s focus on artificial intelligence-driven security and his commitment to remaining an independent force in the cyber security market
-
February 19, 2025
19
Feb'25
Warning over privacy of encrypted messages as Russia targets Signal Messenger
Russia is using phishing attacks to compromise encrypted Signal Messenger services used by targets in the Ukraine. Experts warn that other encrypted app users are at risk
-
February 07, 2025
07
Feb'25
US lawmakers move to ban DeepSeek AI tool
US politicians have introduced a bill seeking to ban the use of the DeepSeek AI tool on government-owned devices, citing national security concerns due to its alleged links to the Chinese state
-
February 03, 2025
03
Feb'25
DeepSeek-R1 more readily generates dangerous content than other large language models
Research scientists at cyber firm Enkrypt AI publish concerning findings from a red team exercise conducted against DeepSeek, the hot new generative AI tool
-
January 31, 2025
31
Jan'25
AI jailbreaking techniques prove highly effective against DeepSeek
Researchers at Palo Alto have shown how novel jailbreaking techniques were able to fool breakout GenAI model DeepSeek into helping to create keylogging tools, steal data, and make a Molotov cocktail
-
January 31, 2025
31
Jan'25
DeepSeek API, chat log exposure a ‘rookie’ cyber error
Security researchers at Wiz find a trove of DeepSeek data including API secrets and chat logs publicly exposed via an open source database management tool, raising questions about the fast-growing service’s approach to security
-
January 29, 2025
29
Jan'25
How government hackers are trying to exploit Google Gemini AI
Google’s threat intel squad has shared information on how nation state threat actors are attempting to exploit its Gemini AI tool for nefarious ends
-
January 23, 2025
23
Jan'25
ICO launches major review of cookies on UK websites
ICO sets out 2025 goals, including a review of cookie compliance across the UK’s top 1,000 websites, as it seeks to achieve its ultimate goal of giving the public meaningful control over how their data is used
-
January 22, 2025
22
Jan'25
APAC businesses face surge in email attacks
Sophisticated phishing and business email compromise campaigns are increasingly targeting organisations across the Asia-Pacific region, research reveals
-
January 17, 2025
17
Jan'25
US Supreme Court upholds TikTok ban
The US Supreme Court has upheld a legal ban on TikTok, meaning that the video-sharing application will be shut down from midnight on Sunday 19 January
-
January 16, 2025
16
Jan'25
Russia’s Star Blizzard pivots to WhatsApp in spear-phishing campaign
The Russian cyber spy operation known as Star Blizzard changed tactics after a takedown operation by Microsoft and the US authorities, turning to widely used messaging platform WhatsApp to try to ensnare its targets
-
January 15, 2025
15
Jan'25
Users protest, flee TikTok as clock ticks on US ban
As the US Supreme Court prepares to rule on the future of TikTok, rumours of a sale are swirling around Washington DC while panicked users make plans for an exodus
-
January 15, 2025
15
Jan'25
Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities
The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity – including eight zero-day flaws
-
January 03, 2025
03
Jan'25
US Treasury incident a clear warning on supply chain security in 2025
A cyber incident at the US Department of the Treasury – blamed on a Chinese state actor – raises fresh warnings about supply chain risk after it was found to have originated via vulnerabilities in a remote tech support product
-
December 18, 2024
18
Dec'24
Top 10 cyber security stories of 2024
Data breaches, data privacy and protection, and the thorny issue of open source security were all hot topics this year. Meanwhile, security companies frequently found themselves hitting the headlines, and not always for good reasons. Here are ...
-
December 13, 2024
13
Dec'24
How AWS is protecting customers from cyber threats
Amazon Web Services reveals how its threat intelligence capabilities work under the hood to thwart cyber attacks and keep its customers’ data safe
-
December 10, 2024
10
Dec'24
Dangerous CLFS and LDAP flaws stand out on Patch Tuesday
Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol
-
December 10, 2024
10
Dec'24
iOS vuln leaves user data dangerously exposed
Jamf threat researchers detail an exploit chain for a recently patched iOS vulnerability that enables a threat actor to steal sensitive data, warning that many organisations are still neglecting mobile updates
-
December 06, 2024
06
Dec'24
US TikTok ban imminent after appeal fails
TikTok’s appeal against a US government ban has failed, with a judge dismissing its arguments that its First Amendment free speech rights are being restricted
-
December 04, 2024
04
Dec'24
Nordics move to deepen cyber security cooperation
Nordic countries are increasing collaboration on cyber security amid more sophisticated and aggressive attacks
-
November 20, 2024
20
Nov'24
Apple addresses two iPhone, Mac zero-days
Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks
-
November 19, 2024
19
Nov'24
AI readiness stalls in APAC
Despite significant investment in AI, only 15% of organisations in Asia-Pacific are ready to deploy the technology today, according to Cisco’s latest regional AI readiness survey
-
November 18, 2024
18
Nov'24
UK consumers losing more than ever to holiday scams
Last Christmas, UK consumers lost over £11m to cyber criminals. This year, to save them from tears, the NCSC and Action Fraud are teaming up to launch an anti-fraud campaign
-
November 12, 2024
12
Nov'24
Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024
High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update
-
November 12, 2024
12
Nov'24
Zero-day exploits increasingly sought out by attackers
Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023
-
October 25, 2024
25
Oct'24
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise
-
October 22, 2024
22
Oct'24
Danish government reboots cyber security council amid AI expansion
Denmark’s government relaunches digital security initiative to protect business sectors and society at large
-
October 09, 2024
09
Oct'24
Five zero-days to be fixed on October Patch Tuesday
Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform
-
September 27, 2024
27
Sep'24
UK on high alert over Iranian spear phishing attacks, says NCSC
The NCSC and counterpart agencies in the US have issued a warning over enhanced Iranian spear phishing activity targeting politicians, journalists, activists and others with an interest in Middle Eastern affairs
-
September 27, 2024
27
Sep'24
Printing vulnerability affecting Linux distros raises alarm
Security pros need to get in front of a series of vulnerabilities affecting the Cups Linux printing service after an apparently botched disclosure process saw technical details published in advance of a patch
-
September 25, 2024
25
Sep'24
CrowdStrike apologises to US government for global mega-outage
CrowdStrike executive Adam Meyers appears before a US government committee to explain the series of errors that led directly to one of the biggest IT outages in history