Security vulnerabilities stories - Page 3

A design flaw in Windows Server 2025 allows attackers to persist undetected in Active Directory by exploiting managed service account vulnerabilities.

A race condition vulnerability in nopCommerce gift cards lets attackers redeem the same card repeatedly, exploiting a flaw in the checkout process.

A Tenable report reveals 70% of AI cloud workloads on platforms like AWS and Azure have critical vulnerabilities, posing increased security risks.

Chinese startup DeepSeek's new AI model cuts costs but sparks global security fears, prompting bans and cyberattacks amid geopolitical tensions.

Security researcher Rapid7 has uncovered 8 vulnerabilities in 742 printer models from Brother, FUJIFILM, Ricoh, and Toshiba, with fixes now available.

A new report reveals a widening gap between AI innovation and enterprise security, with 36% of firms struggling to keep up with generative AI risks.

Outpost24 reveals seven common OAuth risks and offers best practices to help organisations prevent unauthorised access and data breaches through better token security.

A report finds poor cloud security and misconfigurations put sensitive data and secrets at risk across major public cloud providers worldwide.

Jamf's Security 360 Report reveals a sharp rise in phishing and infostealers targeting Apple devices, urging organisations to strengthen cybersecurity measures.

Azul's new Java security tool cuts false positives by 99%, boosting detection accuracy and helping DevOps teams focus on real risks in production code.

Just 3% of New Zealand domains enforce the strict DMARC p=reject policy, leaving most vulnerable to phishing despite upcoming government mandates.

Aiden Technologies is now available in the Microsoft Azure Marketplace via MACC, enabling organisations to acquire its endpoint management platform using existing Azure funds.

AI use in UK healthcare has soared to 94% in 2025, despite rising data breaches and declining focus on data security among IT professionals.

Despite Arc’s innovation, enterprises struggle with browser adoption due to muscle memory, maintenance burdens, and AI-driven fragmentation disrupting standardisation.

OWASP has released its first Business Logic Abuse Top 10, spotlighting critical cross-domain threats beyond traditional technology-specific vulnerabilities.

Despite rising cyber threat awareness, only 14% of UK employees trained on security receive printer-specific training, leaving devices vulnerable.

Akamai has launched DNS Posture Management, offering centralised control over DNS assets across multicloud platforms to enhance security and compliance.

Distology partners with Flare to enhance threat intelligence and dark web monitoring for UK and European security resellers and MSSPs.

Adidas has suffered a data breach via a third-party provider, exposing customer information and highlighting rising cyber risks in retail supply chains.

Picus Security launches Exposure Validation, a tool using real-time attack simulations to identify which vulnerabilities are truly exploitable in organisations.