Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deploy...
Conifers AI Opens Singapore Data Region, Bringing Local Data Residency...
Finally taken down: Residential proxy network of at least 2m smart dev...
DXC Opens Flagship AI-first Customer Experience Center in Bengaluru
AI speeds threat discovery as coverage gaps persist: survey
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

News

87% of organizations running software with known, exploitable vulnerabilities

By CybersecAsia editors | Saturday, February 28, 2026, 8:41 AM Asia/Singapore

87% of organizations running software with known, exploitable vulnerabilities

Across ASEAN, digital transformation is surging ahead, but patchy execution and limited visibility are leaving known vulnerabilities exposed.

Datadog’s State of DevSecOps Report 2026 identifies a clear industry shift. As development speeds up and relies more on automation and third-party components, security risk is spreading across the entire delivery lifecycle. It’s increasingly driven by the software supply chain and the tools used to build and deploy applications, not just the code in production.

With 87% of organizations carrying at least one known exploitable vulnerability in deployed services, “the organisations that will build lasting resilience are those that move beyond compliance and tool sprawl to focus on contextual, exploitability-driven risk reduction across their entire digital estate,” said Datadog CTO for APJ, Yadi Narayana.

Key findings at a glance

  • 87% of organizations have at least one known exploitable vulnerability in deployed services
  • 42% of services rely on libraries that are no longer actively maintained
  • Services using end-of-life language versions face exploitable vulnerabilities in 50 per cent of cases, compared to 31% for supported versions
  • 50% of organizations adopt new library versions within 24 hours of release, increasing the risk of installing malicious or compromised software
  • Only 4% of organizations pin all public GitHub Actions to a specific version using commit hashes, leaving CI/CD pipelines vulnerable to silent code changes

Security risk increasing at both ends of the lifecycle

On one end, software is aging faster than teams can keep it up to date. The median software dependency is now 278 days out of date – 63 days further behind than last year.

At the same time, third-party software accelerates development but introduces risk when implicitly trusted. Datadog researchers found that half of organizations adopt new library versions within 24 hours of release, and only 4% pin all public GitHub Actions to a specific version using commit hashes.

As a result, build and deployment pipelines are increasingly exposed to silent changes in third-party code, making CI/CD systems a critical supply-chain risk.

“The way software is built has fundamentally changed, but security practices haven’t kept up,” said Andrew Krug, Head of Security Advocacy, Datadog. “DevSecOps teams are caught between moving too slowly and moving too fast. Go slow, and outdated software accumulates known vulnerabilities. Go fast, and automation can introduce unvetted code. The real challenge, though, isn’t speed – it’s clarity. As environments grow more complex, AI-assisted workflows help ensure top priorities get attention first.”

Alert volume obscuring real risk

While vulnerability alerts continue to rise, the report also finds that most do not represent immediate business risk. Only 18% of vulnerabilities labeled “critical” remain critical once runtime context is applied.

“When almost everything is labeled ‘critical’, nothing is,” Krug added. “Teams get paged for noise while threats that poserealrisk slip through. Without context, prioritization becomes harder – leading to burnout, slower response times and accumulated risk. Teams need better visibility into what actually requires action.”

“Across ASEAN, digital transformation is accelerating, but execution is uneven. While awareness of vulnerability risk is rising, known exploited vulnerabilities are still routinely found in internet-facing systems, legacy infrastructure, and fast-moving cloud environments,” said Yadi Narayana. “Rapid growth in e-commerce, fintech, and super-app ecosystems has created complex hybrid estates powered by containers, open-source software, and automated pipelines – often without full visibility or consistently enforced controls.”

He added: “Meanwhile, overstretched security teams battle skills shortages and alert fatigue, prioritising by severity scores rather than real-world exploitability. The organizations that will build lasting resilience are those that move beyond compliance and tool sprawl to focus on contextual, exploitability-driven risk reduction across their entire digital estate.”

Share:

PreviousLeaked memo reveals AI firm’s research focus on “rogue“ or “scheming” AI models
NextBeyond firewalls – addressing cybersecurity blind spots

Related Posts

Know the five Rs of 2023 cyber risks that impact CISOs

Know the five Rs of 2023 cyber risks that impact CISOs

Monday, January 16, 2023

Cybercriminals and state-sponsored threat actors also undergoing digitalization

Cybercriminals and state-sponsored threat actors also undergoing digitalization

Tuesday, October 18, 2022

Growth of cybercrime outpaces APAC IT security talent pool training

Growth of cybercrime outpaces APAC IT security talent pool training

Friday, June 25, 2021

Cybersecurity firm detects a growing ransomware trend in the past year

Cybersecurity firm detects a growing ransomware trend in the past year

Monday, July 3, 2023

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deployment at QNET

    Wednesday, July 8, 2026
    The Sparsa AI Enterprise Operating …Read More »
  • Conifers AI Opens Singapore Data Region, Bringing Local Data Residency to Asia-Pacific Security Teams

    Wednesday, July 8, 2026
    With data regions now spanning …Read More »
  • DXC Opens Flagship AI-first Customer Experience Center in Bengaluru

    Tuesday, July 7, 2026
    Strengthens DXC’s India presence with …Read More »
  • D-Link Brings Advanced AI Fall Detection and Privacy Protection to Home Elderly Care with the New DCS-8610 Wi-Fi Camera

    Monday, July 6, 2026
    Advanced technologies traditionally found in …Read More »
  • ICAC Commissioner attends first IAACA European regional anti-corruption conference in Hungary

    Friday, July 3, 2026
    BUDAPEST, Hungary, July 2, 2026 …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.