Market Research
Access Control and Data Exposure Flaws Prevalent in Corporate Web Apps: Kaspersky

A recent study by Kaspersky Security Assessment experts has identified the most dangerous and widespread vulnerabilities in corporate web applications developed in-house. In the period between 2021 and 2023, flaws related to access control and data protection were found in the majority of the examined applications, totalling several dozen. The highest number of high-risk level vulnerabilities referred to SQL injections.
Web applications like social networks, email, and online services are websites where users engage with a web server via a browser. In its latest study, Kaspersky researched vulnerabilities in web applications used by IT, government, insurance, telecommunications, cryptocurrency, e-commerce, and healthcare organizations to identify the most prevalent types of attacks that are likely to occur to enterprises.
The predominant types of vulnerabilities involved the potential for malicious use of access control flaws, and failures in protecting sensitive data. Between 2021 and 2023, 70% of the web applications examined in this study exhibited vulnerabilities in these categories.
A broken access control vulnerability can be used when attackers try to bypass website policies that limit users to their authorized permissions. This can lead to unauthorized access, the alteration, or deletion of data, and beyond. The second common type of flaw involves the exposure of sensitive information like passwords, credit card details, health records, personal data, and confidential business information, highlighting the need for increased security measures.
“The rating was compiled by considering the most common vulnerabilities in web applications developed in-house in various companies and their level of risk. For instance, one vulnerability could enable attackers to steal user authentication data, while another could help execute malicious code on the server, each with varying degrees of consequences for business continuity and resilience. Our rankings reflect this consideration, drawing from our practical experience in conducting security analysis projects,” explains Oxana Andreeva, a security expert at the Kaspersky Security Assessment team.
Kaspersky experts also looked at how dangerous the vulnerabilities in the groups listed above were. The largest proportion of vulnerabilities posing a high risk were associated with SQL injections. In particular, 88% of all the analyzed SQL Injection vulnerabilities were deemed to be high-risk. Another significant share of high-risk vulnerabilities was found to be linked with weak user passwords. Within this category, 78% of all vulnerabilities analyzed were classified as high-risk.
It is important to note that only 22% of all the web applications the Kaspersky Security Assessment team studied had weak passwords. One possible reason is that the apps included in the study sample may have been test versions rather than actual live systems.
Artificial Intelligence
DeepSeek-R1 AI Poses 11x Higher Harmful Content Risk

The launch of DeepSeek’s R1 AI model has sent shockwaves through global markets, reportedly wiping $1 trillion from stock markets. Trump advisor and tech venture capitalist Marc Andreessen described the release as “AI’s Sputnik moment,” underscoring the global national security concerns surrounding the Chinese AI model.
However, new red teaming research by Enkrypt AI, the world’s leading AI security and compliance platform, has uncovered serious ethical and security flaws in DeepSeek’s technology. The analysis found the model to be highly biased and susceptible to generating insecure code, as well as producing harmful and toxic content, including hate speech, threats, self-harm, and explicit or criminal material. Additionally, the model was found to be vulnerable to manipulation, allowing it to assist in the creation of chemical, biological, and cybersecurity weapons, posing significant global security concerns.
Compared with other models, the research found that DeepSeek’s R1 is:
- 3x more biased than Claude-3 Opus
- 4x more vulnerable to generating insecure code than OpenAI’s O1
- 4x more toxic than GPT-4o
- 11x more likely to generate harmful output compared to OpenAI’s O1
- 3.5x more likely to produce Chemical, Biological, Radiological, and Nuclear (CBRN) content than OpenAI’s O1 and Claude-3 Opus
Sahil Agarwal, CEO of Enkrypt AI, said, “DeepSeek-R1 offers significant cost advantages in AI deployment, but these come with serious risks. Our research findings reveal major security and safety gaps that cannot be ignored. While DeepSeek-R1 may be viable for narrowly scoped applications, robust safeguards—including guardrails and continuous monitoring—are essential to prevent harmful misuse. AI safety must evolve alongside innovation, not as an afterthought.”
The model exhibited the following risks during testing:
- BIAS & DISCRIMINATION – 83% of bias tests successfully produced discriminatory output, with severe biases in race, gender, health, and religion. These failures could violate global regulations such as the EU AI Act and U.S. Fair Housing Act, posing risks for businesses integrating AI into finance, hiring, and healthcare.
- HARMFUL CONTENT & EXTREMISM – 45% of harmful content tests successfully bypassed safety protocols, generating criminal planning guides, illegal weapons information, and extremist propaganda. In one instance, DeepSeek-R1 drafted a persuasive recruitment blog for terrorist organizations, exposing its high potential for misuse.
- TOXIC LANGUAGE – The model ranked in the bottom 20th percentile for AI safety, with 6.68% of responses containing profanity, hate speech, or extremist narratives. In contrast, Claude-3 Opus effectively blocked all toxic prompts, highlighting DeepSeek-R1’s weak moderation systems.
- CYBERSECURITY RISKS – 78% of cybersecurity tests successfully tricked DeepSeek-R1 into generating insecure or malicious code, including malware, trojans, and exploits. The model was 4.5x more likely than OpenAI’s O1 to generate functional hacking tools, posing a major risk for cybercriminal exploitation.
- BIOLOGICAL & CHEMICAL THREATS – DeepSeek-R1 was found to explain in detail the biochemical interactions of sulfur mustard (mustard gas) with DNA, a clear biosecurity threat. The report warns that such CBRN-related AI outputs could aid in the development of chemical or biological weapons.
Sahil Agarwal concluded, “As the AI arms race between the U.S. and China intensifies, both nations are pushing the boundaries of next-generation AI for military, economic, and technological supremacy. However, our findings reveal that DeepSeek-R1’s security vulnerabilities could be turned into a dangerous tool—one that cybercriminals, disinformation networks, and even those with biochemical warfare ambitions could exploit. These risks demand immediate attention.”
Cyber Security
World Economic Forum and Check Point Research Highlight Six Emerging Cybersecurity Challenges for 2025

Written by Vasily Dyagilev, Regional Director, Middle East, RCIS at Check Point Software Technologies (more…)
Cyber Security
One-Third of UAE Children Play Age-Inappropriate Computer Games

According to a recent survey conducted by Kaspersky in collaboration with the UAE Cyber Security Council, more than a third of parents surveyed (33%) across the UAE, believe that their children play games that are inappropriate for their age. Based on the survey, boys are more prone to such behaviour than girls – 50% and 43% of children respectively have violated age guidelines when playing games on their computers.
It’s possible that parents tend to exaggerate the problem of violating age restrictions in computer games, or children are not always aware of these restrictions: according to the children themselves, only 30% confessed that they had ever played games that were not suitable for their age. Girls are more obedient to age restrictions of video games, with 78% having never played inappropriate games, while for boys it is 64%.
Playing computer games is a common way for youngsters to spend their free time (91%). Half of them use smartphones for gaming (52%), and the second place is taken by computers (40%). Based on parents’ estimates, 41% of children play video games every day. “Parents often worry that their children spend too much time playing computer games. Of course, it is important to ensure that the child follows a routine, gets enough sleep, takes a break from the screen, and is physically active, however, parents should not blame computer games for everything”, comments Seifallah Jedidi, Head of Consumer Channel for the META at Kaspersky. “Parents should take a proactive position in this area, be interested in the latest products offered by the video game industry, and, of course, understand their children’s gaming preferences and pay attention to the age limits marking. It’s worth mentioning that today, there is a wide variety of games on offer, many of which include educational materials, and so we recommend not to prohibit this type of leisure, but rather to seek a compromise.”
To keep children safe online, Kaspersky recommends that parents:
- Pursue interest in what games your children play. Ideally, you should try those games yourself. This will help build more trust in your family relationships and help you to understand what your child is interested in.
- If you notice that your child plays a lot, try to analyze the reasons for this and also answer the question of whether they have an alternative that they like, ask what they would like to do besides gaming and try to engage them with another interesting hobby.
- Be informed about current cyber threats and talk to your children about the risks they may face online; teach them how to resist online threats and recognize the tricks of scammers.
- Use a parental control program on your child’s device. It will allow you to control the applications downloaded on the device or set a schedule for when these applications can be used.
The survey entitled “Growing Up Online” was conducted by Toluna Research Agency at the request of Kaspersky in 2023-2024. The study sample included 2000 online interviews (1000 parent-child pairs, with children aged 3 to 17 years) in the UAE.
-
Artificial Intelligence7 days ago
DeepSeek Popularity Exploited in Latest PyPI Attack
-
Artificial Intelligence7 days ago
SentinelOne to Spotlight AI-Driven Cybersecurity at LEAP 2025
-
Cyber Security4 days ago
Employees Are the First Line of Defense
-
News6 days ago
Sophos Completes Secureworks Acquisition
-
Homeland Security1 week ago
Daimler Truck Focuses on Growth in the Defence Sector
-
Cyber Security4 days ago
Proactive Threat Intelligence Can Keep Threats at Bay
-
Cyber Security3 days ago
Cloud and IoT Vulnerabilities Expose Smart Cities and Industrial Systems to Cyber Risks
-
Cyber Security1 week ago
Tenable Plans to Acquire Vulcan Cyber