A new report from API and AI security solutions company Wallarm finds that of around 4,700 security issues analyzed in Agentic AI projects, 49 percent were API-related, underscoring the inseparable nature of agent and API security.

The report also finds that over 1,000 issues in Agentic AI repositories remain unaddressed. 22 percent of reported security issues remain open too, with some lingering for 1,200-plus days, highlighting a critical gap between vulnerability discovery and remediation.

Continue reading →

Deepfake-driven social engineering attacks continue to gain momentum but technical solutions to the issue have so far been slow to emerge.

A recent study from IRONSCALES found that traditional Secure Email Gateways (SEGs) fail to stop an average of 67.5 phishing attacks per 100 mailboxes every month. The company is announcing the launch of a new product offering deepfake protection for enterprise email security.

Continue reading →

New research shows that 71.7 percent of workplace AI tools are high or critical risk, with 39.5 percent inadvertently exposing user interaction/training data and 34.4 percent exposing user data.

The analysis from Cyberhaven draws on the actual AI usage patterns of seven million workers, providing an unprecedented view into the adoption patterns and security implications of AI in the corporate environment.

Continue reading →

A new survey of 2,300 adults worldwide reveals that 79 percent of Gen Z believe reusing the same password across multiple accounts is risky, however, 72 percent still admit to doing so.

The study from Bitwarden ahead of next Thursday's World Password Day also shows 59 percent of Gen Z admit to reusing an existing password when updating an account with a company that has experienced a data breach, this is compared to just 23 percent of Boomers.

Continue reading →

As artificial intelligence finds its way into more and more areas there are concerns around accuracy, security, jobs and more.

Addressing these means organizations will need to fill some new roles. To find out what they are and what impact they will have we spoke to Aimei Wei, chief technical officer and co-founder of Stellar Cyber, to get her views on the AI hiring market.

Continue reading →

Malicious actors are increasingly exploiting email to impersonate brands, launch phishing campaigns, and spread false information -- often using sophisticated methods made simpler by emerging technologies.

A new report from Valimail shows that email continues to be the most exploited attack vector for cybercriminals and disinformation campaigns, with artificial intelligence dramatically increasing the sophistication of these threats.

Continue reading →

New research commissioned by Valence Security from the Cloud Security Alliance looks at the current state of SaaS security to uncover key challenges and explore how organizations are securing and managing their SaaS environments.

It finds SaaS security is a top priority for 86 percent of organizations, with 76 percent of respondents saying they are increasing their budgets this year.

Continue reading →

A new report reveals that 73 percent of UK fraud professionals report that online fraud has negatively affected their company's revenue in the past year.

The UK Fraud Industry Pulse Survey from Veriff shows 72.5 percent of businesses have seen an increase in online fraud over the past 12 months.

Continue reading →

A new report from Zafran Security shows that enterprise risk management is shifting from volume to value, and from patching everything to fixing what matters most.

The study, carried out by Foundry MarketPulse, reveals that only one in 50,000 vulnerabilities actually pose a critical risk -- and the ones getting exploited the most are often old, quiet, and ignored.

Continue reading →

Generative AI is already defeating traditional identity verification (IDV) methods like knowledge-based authentication, 2FA, and more.

This shift is likely to see the acceleration of new forms of IDV in 2025 that place a greater emphasis on ensuring they're both more secure and easy for people to use. This will result in a convergence of customer identity and access management (CIAM) which essentially gives customers more control over their identity and verification.

Continue reading →

A new survey of more than 1,000 IT and security professionals carried out for Cayosoft finds that 88 percent of enterprise hybrid Active Directory environments have critical vulnerabilities.

Microsoft Active Directory is a key element of enterprise IT, but the 2025 Active Directory Insights report identifies glaring gaps in resilience, security, and operational efficiency that could leave critical systems exposed to attack.

Continue reading →

Cybercriminals are pivoting to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises have declined.

These are among the findings of a new report from IBM X-Force which also observes an 84 percent increase in emails delivering infostealers in 2024 compared to the previous year, a method threat actors rely heavily on to scale identity attacks.

Continue reading →

As enterprises turn to increasingly sophisticated AI applications and agentic AI workflows, the large cloud footprint required to support such complex systems has become critically difficult to secure.

To address this issue Operant AI is launching AI Gatekeeper, a runtime defense platform designed to block rogue AI agents, LLM poisoning, and data leakage wherever AI apps are deployed, securing live AI applications end-to-end beyond Kubernetes and the edge.

Continue reading →

Analysis of over 17,000 enterprise-used mobile apps by Zimperium zLabs finds that 92 percent of all apps and 56 percent of the top 100 apps use flawed cryptographic methods that could be putting organizations at risk.

Even more concerning, five percent of top 100 apps were found to have high-severity cryptography flaws including hardcoded keys and outdated algorithms.

Continue reading →

The CVE (Common Vulnerabilities and Exposures) database is widely used across many cybersecurity tools, allowing the tracking of vulnerabilities.

The CVE program has been in existence for 25 years but today MITRE -- the non-profit organization which looks after the database -- has announced that its contract with the US Department of Homeland Security to operate the CVE Program hasn't been renewed.

Continue reading →