News

Web application security

• May 07, 2025 07 May'25

  Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring

  Research from Sans Institute reveals European organisations are leading a global shift in hiring priorities, driven by regional regulatory frameworks

• May 01, 2025 01 May'25

  Thomas Herdman’s legal battle over Sky ECC encrypted phone distribution set to enter fifth year

  Computer Weekly speaks to Julie Kawai Herdman, daughter of Thomas Herdman, the only person in custody for distributing Sky ECC encrypted phones

• April 30, 2025 30 Apr'25

  Current SaaS delivery model a risk management nightmare, says CISO

  JPMorgan Chase security chief Patrick Opet laments the state of SaaS security in an open letter to the industry and calls on software providers to do more to enhance resilience

• April 25, 2025 25 Apr'25

  M&S suspends all online sales as cyber attack worsens

  M&S shuts down online sales as it works to contain and mitigate a severe cyber attack on its systems

• April 23, 2025 23 Apr'25

  Amid uncertainty, Armis becomes newest CVE numbering authority

  Amid an uncertain future for vulnerability research, exposure management company Armis has been given the authority to assign CVE IDs to newly discovered vulnerabilities

• April 22, 2025 22 Apr'25

  AI-powered APIs proving highly vulnerable to attack

  The growth of AI is proving a double-edged sword for API security, presenting opportunities for defenders to enhance their resilience, but also more risks from AI-powered attacks, according to report

• April 21, 2025 21 Apr'25

  CW Innovation Awards: Transforming cyber security with AI

  Facing rising cyber threats and a shortage of experts, Citic Telecom International CPC developed an AI-powered penetration testing tool to automate security audits and reduce costs

• April 16, 2025 16 Apr'25

  CISA extends Mitre CVE contract at last moment

  The US Cybersecurity and Infrastructure Security Agency has ridden to the rescue of the under-threat Mitre CVE Programme, approving a last-minute, 11-month contract extension to preserve the project’s vital security vulnerability work

• April 16, 2025 16 Apr'25

  CVE Foundation pledges continuity after Mitre funding cut

  With news that Mitre’s contract to run the world-renowned CVE Programme is abruptly terminating, a breakaway group is setting up a non-profit foundation to try to ensure the project’s continuity

• April 15, 2025 15 Apr'25

  Mitre warns over lapse in CVE coverage

  Mitre, the operator of the world-renowned CVE repository, has warned of significant impacts to global cyber security standards, and increased risk from threat actors, as it emerges its US government contract will lapse imminently

• April 11, 2025 11 Apr'25

  Warranty fraud fuels hidden army of hardware hackers

  Widespread warranty fraud is not only costing companies billions but also creating a breeding ground for advanced hardware exploits, warns hardware hacker and researcher Bunnie Huang at Black Hat Asia 2025

• April 10, 2025 10 Apr'25

  Google bets on unifying security tools to ease CISO pain

  At Google Cloud Next in Las Vegas, Google launches its Unified Security platform with the goal of bringing together disparate security solutions to help cyber leaders and practitioners address their most keenly felt pain points

• April 08, 2025 08 Apr'25

  NCSC issues warning over Chinese Moonshine and BadBazaar spyware

  Two spyware variants are being used to target the mobile devices of persons of interest to Chinese intelligence, including individuals in the Taiwanese, Tibetan and Uyghur communities

• April 08, 2025 08 Apr'25

  Spoofing vuln threatens security of WhatsApp Windows users

  Meta has disclosed and patched a potentially dangerous spoofing flaw in WhatsApp for Windows that could have caused big problems for unwitting users

• April 07, 2025 07 Apr'25

  NIST calls time on older vulnerabilities amid surging disclosures

  The National Institute of Standards and Technology is deferring future updates to thousands of cyber vulnerabilities discovered prior to 2018 amid surging volumes of new submissions

• April 04, 2025 04 Apr'25

  Norway and Nordic financial sector ramps up cyber security

  Finans Norge sets up cyber security unit CTSU to support the finance sector in Norway amid increasing threats

• April 03, 2025 03 Apr'25

  Are LLM firewalls the future of AI security?

  As large language models permeate industries, experts at Black Hat Asia 2025 debate the need for LLM firewalls and explore their role in fending off emerging AI threats

• April 01, 2025 01 Apr'25

  Gmail ‘bubble’ encryption may be an S/MIME killer, says Google

  Marking the 21st anniversary of Gmail, Google is preparing to roll out an end-to-end encryption standard for its email service in hopes of democratising encryption and leaving old standards in the dust

• April 01, 2025 01 Apr'25

  Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order

  Home Office refuses to answer questions from Lords over technical capability notice issued against Apple’s iCloud Advanced Data Protection encryption services

• March 18, 2025 18 Mar'25

  Largest ever cyber deal reflects Google’s CNAPP ambitions

  In a signal of its future ambitions, Google lays down $32bn to acquire cloud-native application protection platform Wiz, reflecting the increasing need to secure multicloud environments

• March 12, 2025 12 Mar'25

  iPhone, iPad update fixes critical WebKit flaw

  iPhone and iPad users are advised to update their devices as Apple addresses an out-of-bounds write issue in the WebKit browser engine that appears to have been exploited in targeted cyber attacks

• March 11, 2025 11 Mar'25

  March Patch Tuesday brings 57 fixes, multiple zero-days

  The third Patch Tuesday of 2025 brings fixes for 57 flaws and a hefty number of zero-days

• March 11, 2025 11 Mar'25

  UK government under-prepared for catastrophic cyber attack, hears PAC

  The Commons Public Accounts Committee heard government IT leaders respond to recent National Audit Office findings that the government’s cyber resilience is under par

• March 01, 2025 01 Mar'25

  Ransomware: from REvil to Black Basta, what do we know about Tramp?

  This key member of the Black Basta ransomware gang is wanted by the US justice system. He narrowly escaped extradition at the end of June 2024 - with the help of highly-placed contacts in Moscow, according to him

• February 27, 2025 27 Feb'25

  CVE volumes head towards 50,000 in 2025, analysts claim

  Many trends, notably a big shift to open source tools, are behind an expected boom in the number of disclosed vulnerabilities

• February 23, 2025 23 Feb'25

  Check Point co-founder on AI, quantum and independence

  Gil Shwed, Check Point’s co-founder and executive chairman, discusses the company’s focus on artificial intelligence-driven security and his commitment to remaining an independent force in the cyber security market

• February 19, 2025 19 Feb'25

  Warning over privacy of encrypted messages as Russia targets Signal Messenger

  Russia is using phishing attacks to compromise encrypted Signal Messenger services used by targets in the Ukraine. Experts warn that other encrypted app users are at risk

• February 07, 2025 07 Feb'25

  US lawmakers move to ban DeepSeek AI tool

  US politicians have introduced a bill seeking to ban the use of the DeepSeek AI tool on government-owned devices, citing national security concerns due to its alleged links to the Chinese state

• February 03, 2025 03 Feb'25

  DeepSeek-R1 more readily generates dangerous content than other large language models

  Research scientists at cyber firm Enkrypt AI publish concerning findings from a red team exercise conducted against DeepSeek, the hot new generative AI tool

• January 31, 2025 31 Jan'25

  AI jailbreaking techniques prove highly effective against DeepSeek

  Researchers at Palo Alto have shown how novel jailbreaking techniques were able to fool breakout GenAI model DeepSeek into helping to create keylogging tools, steal data, and make a Molotov cocktail

• January 31, 2025 31 Jan'25

  DeepSeek API, chat log exposure a ‘rookie’ cyber error

  Security researchers at Wiz find a trove of DeepSeek data including API secrets and chat logs publicly exposed via an open source database management tool, raising questions about the fast-growing service’s approach to security

• January 29, 2025 29 Jan'25

  How government hackers are trying to exploit Google Gemini AI

  Google’s threat intel squad has shared information on how nation state threat actors are attempting to exploit its Gemini AI tool for nefarious ends

• January 23, 2025 23 Jan'25

  ICO launches major review of cookies on UK websites

  ICO sets out 2025 goals, including a review of cookie compliance across the UK’s top 1,000 websites, as it seeks to achieve its ultimate goal of giving the public meaningful control over how their data is used

• January 22, 2025 22 Jan'25

  APAC businesses face surge in email attacks

  Sophisticated phishing and business email compromise campaigns are increasingly targeting organisations across the Asia-Pacific region, research reveals

• January 17, 2025 17 Jan'25

  US Supreme Court upholds TikTok ban

  The US Supreme Court has upheld a legal ban on TikTok, meaning that the video-sharing application will be shut down from midnight on Sunday 19 January

• January 16, 2025 16 Jan'25

  Russia’s Star Blizzard pivots to WhatsApp in spear-phishing campaign

  The Russian cyber spy operation known as Star Blizzard changed tactics after a takedown operation by Microsoft and the US authorities, turning to widely used messaging platform WhatsApp to try to ensnare its targets

• January 15, 2025 15 Jan'25

  Users protest, flee TikTok as clock ticks on US ban

  As the US Supreme Court prepares to rule on the future of TikTok, rumours of a sale are swirling around Washington DC while panicked users make plans for an exodus

• January 15, 2025 15 Jan'25

  Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities

  The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity – including eight zero-day flaws

• January 03, 2025 03 Jan'25

  US Treasury incident a clear warning on supply chain security in 2025

  A cyber incident at the US Department of the Treasury – blamed on a Chinese state actor – raises fresh warnings about supply chain risk after it was found to have originated via vulnerabilities in a remote tech support product

• December 18, 2024 18 Dec'24

  Top 10 cyber security stories of 2024

  Data breaches, data privacy and protection, and the thorny issue of open source security were all hot topics this year. Meanwhile, security companies frequently found themselves hitting the headlines, and not always for good reasons. Here are ...

• December 13, 2024 13 Dec'24

  How AWS is protecting customers from cyber threats

  Amazon Web Services reveals how its threat intelligence capabilities work under the hood to thwart cyber attacks and keep its customers’ data safe

• December 10, 2024 10 Dec'24

  Dangerous CLFS and LDAP flaws stand out on Patch Tuesday

  Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol

• December 10, 2024 10 Dec'24

  iOS vuln leaves user data dangerously exposed

  Jamf threat researchers detail an exploit chain for a recently patched iOS vulnerability that enables a threat actor to steal sensitive data, warning that many organisations are still neglecting mobile updates

• December 06, 2024 06 Dec'24

  US TikTok ban imminent after appeal fails

  TikTok’s appeal against a US government ban has failed, with a judge dismissing its arguments that its First Amendment free speech rights are being restricted

• December 04, 2024 04 Dec'24

  Nordics move to deepen cyber security cooperation

  Nordic countries are increasing collaboration on cyber security amid more sophisticated and aggressive attacks

• November 20, 2024 20 Nov'24

  Apple addresses two iPhone, Mac zero-days

  Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks

• November 19, 2024 19 Nov'24

  AI readiness stalls in APAC

  Despite significant investment in AI, only 15% of organisations in Asia-Pacific are ready to deploy the technology today, according to Cisco’s latest regional AI readiness survey

• November 18, 2024 18 Nov'24

  UK consumers losing more than ever to holiday scams

  Last Christmas, UK consumers lost over £11m to cyber criminals. This year, to save them from tears, the NCSC and Action Fraud are teaming up to launch an anti-fraud campaign

• November 12, 2024 12 Nov'24

  Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024

  High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update

• November 12, 2024 12 Nov'24

  Zero-day exploits increasingly sought out by attackers

  Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023