Enterprises set to waste billions due to lack of cloud cost awareness among developers


A disconnect between FinOps and development teams is leading to wasted spend on cloud infrastructure costs according to 52 percent of engineering leaders.
Research from software delivery platform Harness finds developers have limited insight into cloud waste. Fewer than half of respondents say they have access to real time data on idle cloud resources (43 percent), unused or orphaned resources (39 percent), and over or under-provisioned workloads (33 percent).
AI code assistants speed up development but add to risks


New research from Apiiro shows that while AI code assistants are accelerating development times they're also increasing risks.
AI code assistants have seen rapid adoption since the launch of ChatGPT in November 2022. Microsoft reports that more than 150 million developers now use GitHub Copilot, up 50 percent over the past two years.
2024 broke records for ransomware attacks


Ransomware attacks reached record levels throughout 2024 according to the latest State of Ransomware report from BlackFog.
LockBit, one of the most prominent ransomware gangs in recent years, remained the most active ransomware variant through 2024 affecting 603 victims. May was the busiest month, with nearly 200 attacks launched, accounting for 36 percent of all attacks that month.
99 percent of organizations experience API security issues


A surge in API adoption, driven by the need for organizations to modernize infrastructures and unlock new revenue streams, is contributing to the rise in API security risk according to a new report.
The study from Salt Security finds 99 percent of respondents encountered API security issues within the past 12 months and 55 percent slowed the rollout of a new application due to API security concerns.
Web DDoS attacks up over 500 percent


The total number of web DDoS attacks surged 550 percent last year compared to 2023, according to the latest report from Radware.
The average duration of network DDoS attacks increased 37 percent over 2023, with North America facing 66 percent of web application and API attacks.
Addressing the challenge of non-patchable security [Q&A]


While many organizations have solutions in place to identify patchable CVEs, non-patchable security issues such as misconfigurations continue to provide threat actors with consistent access points to exploit organizations.
We spoke to Jason Mar-Tang, field CISO at Pentera, to discuss the challenge of non-patchable security issues vs. CVEs, what makes them so much more difficult to identify, the challenges of remediation, and what standards organizations should implement to tackle this challenge.
86 percent of commercial codebases expose organizations to risk


Analysis of 965 commercial codebases across 16 industries during 2024 by Black Duck Software finds 86 percent contain open source software vulnerabilities and 81 percent high- or critical-risk vulnerabilities.
Black Duck's Open Source Security and Risk Analysis (OSSRA) report also shows that the number of open source files in an average application has tripled from around 5,300 in 2020 to more than 16,000 in 2024.
New solution automates fixing Linux vulnerabilities


More than ever enterprises are turning to Linux solutions. But while the open source OS has a good reputation for security that doesn't mean that it’s invulnerable and it's important to stay on top of updates and patching.
Seal Security is launching Seal OS, a holistic solution designed to automatically fix vulnerabilities in both Linux operating systems and application code.
Record-breaking number of vulnerabilities predicted for 2025


A new report predicts a record-breaking 41,000 to 50,000 new Common Vulnerabilities and Exposures (CVEs) this year, based on data from the National Vulnerability Database (NVD).
The forecast, from the Forum of Incident Response and Security Teams (FIRST), suggests an 11 percent increase compared to 2024, and a whopping 470 percent increase compared to 2023.
Deepfake fraud calls target consumer cash


AI-generated voice impersonation scams are an increasing threat, with 31 percent of US consumers, 27 percent of Canadians, and 26 percent of UK consumers reporting encounters with deepfake fraud calls.
A new report from Hiya, based on data from the company's Voice Intelligence Network and a January 2025 survey of 12,000 consumers across the US, Canada, the UK, Germany, France, and Spain, shows that more than 30 percent of those targeted fell victim, suffering significant financial losses. In the US, the average reported loss was $539, while UK victims faced the steepest losses at £1,479 ($1,867).
Attacks on manufacturing up but less than half businesses are prepared


A new study from Omdia finds that 80 percent of manufacturing firms experienced a significant increase in overall security incidents or breaches last year, but only 45 percent are adequately prepared in their cybersecurity.
The survey of over 500 technology executives worldwide shows a heightened risk of cyber attacks comes as manufacturers move to leverage IT such as cloud, AI, and Internet of Things (IoT) as part of their digital transformation -- a process defined as Industry 4.0.
Apple has removed its strongest data protection from UK users -- why and what does it mean?


Apple's Advanced Data protection allows the data that its users store in iCloud to be end-to-end encrypted. On Friday of last week the company announced that it would be removing this tool from users in the UK.
The move follows a demand from the UK government to allow 'backdoor' access into data in order to investigate crime. The problem is that even Apple can't access ADP protected data and the company argues that a backdoor would be exploited by attackers.
How GenAI adoption introduces network and security challenges [Q&A]


Enterprises are increasingly using GenAI to transform their organization. As they move ahead, they're evaluating their preparedness from a business, safety, skills, and product level. But there's another key factor at the backend that's being overlooked: the network.
Full GenAI adoption introduces significant new challenges and demands on the network, such as bandwidth strain and unique security vulnerabilities. If these demands aren't accommodated, organizations won't realize the benefits of GenAI.
Deepfake fraud attempts grow over 2,000 percent


Financial institutions are facing a significant increase in deepfake fraud attempts, which have grown by a staggering 2,137 percent in the last three years.
Data from Signicat based on responses from 1,200 people in the financial and payment sectors across seven European countries, including the UK, shows that account takeover is the leading type of fraud their customers are exposed to, followed by card payment fraud and phishing.
AI-powered solution detects insider threats


Insider security incidents remain a problem for business, yet many organizations struggle with limited budgets, minimal talent resources, and tools that fail to detect subtle insider threat patterns.
OpenText is launching a new Core Threat Detection and Response solution, an AI-powered product designed to address the growing challenge of insider threats and advanced attacks.
Ian's Bio
Ian spent almost 20 years working with computers before he discovered that writing about them was easier than fixing them. Since then he's written for a number of computer magazines and is a former editor of PC Utilities. Follow him on Mastodon
© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.