News

There’s a silent strain on security in today’s enterprises, and it’s coming from an unexpected source: the technology stack.

Technical debt is a $2.41 trillion problem in the United States. No wonder, then, that 87% of IT leaders rank tech debt reduction as a top five initiative for their organization, according to a new Enterprise Strategy Group survey. Respondents cited security concerns, escalating operating costs, and more.

How did organizations get this deep into application tech debt? What are the implications for security? And, most importantly: How can organizations begin to dig their way out?

Tech debt is, at its core, the pain of applying yesterday's technology decisions to today's business needs.

Organizations frequently face trade-offs when it comes to technology. Most often, they find the best solutions for their complex problems, balancing network, security, and end-user priorities. Other times, they’re under pressure to move fast and constrained by limited resources, leading to quick fixes that complicate their tech stack.

This is how tech debt accrues, one well-intentioned decision at a time. As business demands intensify – whether due to growth, digital transformation, or external disruptions – IT and security teams make pragmatic choices and adopt point solutions to keep up.

But these bolt-on software purchases quietly snowball and mutate into an unmanageable web – eventually emerging loudly in the form of fractured IT infrastructure, inconsistent user experiences, ballooning operational costs, and unpredictable IT environments.

Not to mention, they make for a vastly increased attack surface. In this Swiss cheese effect of overlapping systems, the organization can spend more time patching holes and maintaining legacy scaffolding than innovating.

According to a Gartner survey of 162 large enterprises, conducted between August and October 2024, organizations use an average of 45 cybersecurity tools. It’s a vicious cycle of patch upon patch.

Time isn’t the only cost. Enterprise Strategy Group found that 47% of IT leaders point to escalating operational costs as a direct result of legacy infrastructure support. And 36% flagged increased security vulnerabilities as a growing concern tied to outdated systems.

Regardless of the justification for yesterday’s technology decisions, they all impact today’s enterprise systems—increasing complexity, maintenance burdens, and security vulnerabilities.

Most modern applications in use across the enterprise today are delivered in a SaaS model. For more than half of survey respondents, SaaS and legacy web-based applications represented a combined 61% of all application usage – the majority of those being classified as “business critical” apps.

In the enterprise, these critical apps require secure, modern access methods. However, to date, secure access has often come at the cost of convenience. Legacy access solutions like VDI and VPN weren’t designed with the SaaS-first enterprise in mind, creating friction for users, increasing overhead for IT teams, and offering limited visibility, control, or threat detection once users are inside the app.

Monitoring these apps requires bolted-on solutions, further increasing tech debt. Unsurprisingly, the number of respondents that indicated the desire to move off VDI solutions was a staggering 72%.

As SaaS adoption has accelerated, this mismatch between access architecture and application delivery has accelerated along with it—slowing agility, increasing risk, and complicating user experience across the board. Tech debt isn’t just a nuisance; it's an anchor dragging down enterprise security and efficiency.

As knowledge workers’ primary interface, the browser is central to accessing SaaS, internal apps, and digital workflows. Therefore, the most direct way to address the application tech debt challenge is to reimagine the browser itself.

Browsers like Chrome and Edge, while highly effective tools for consumers, were never designed for enterprise needs. It presents a huge security gap: 62% of sensitive corporate data is accessed via consumer browsers, and 35% of data leaks stem from those same browsers.

These browsers require a complex ecosystem of tools – data loss prevention (DLP), web gateways, remote browser isolation (RBI), endpoint agents, VPNs, and more – to try to secure browsing activity and protect sensitive data. Over time, these layers have compounded, contributing to tech debt in both security and application access by requiring ongoing management, troubleshooting, and upgrades.

Further complicating the tech debt challenge is the proliferation of AI tools. In these early days of AI adoption, end users and the enterprises in which they operate will undoubtedly choose multiple tools to address niche use cases without understanding the impact on data protection and user experience. And fresh competition will replace many of these tools almost as fast as they arise. Future technology decisions will need to address managing the sprawl of shadow AI and the new tech debt it creates.

However, a new type of browser has emerged: enterprise browsers, which are designed exclusively for use in the workplace. Gartner recognized this new category of browsers in 2023. In April, Evgeny Mirolyubov, Sr Director Analyst at Gartner, said, “SEBs embed enterprise security controls into the native web browsing experience using a customized browser or extension for existing browsers, instead of adding bolt-on controls at the endpoint or network layer.”

Enterprise browsers are redefining how organizations approach application access. An enterprise browser streamlines the tech stack needed to secure, manage, understand, and enable access to critical apps and data.

With growing regulatory scrutiny and the rising sophistication of threats like phishing, browser-based malware, and insider threats, organizations must rethink access with security at the forefront. Enterprise browsers provide visibility and control down to the session level, enabling proactive enforcement and rapid incident response.

These browsers have the power to reduce reliance on legacy tools like VDI, VPNs, DLP, proxies, and various endpoint agents—eliminating layer upon layer of tech debt and enabling secure, efficient, and scalable access.

For too long, organizations have been trapped in a loop where old decisions constrain new possibilities. Years of layering legacy access tools, fragmented security controls, outdated application architectures, and siloed observability and authentication systems have created a complex web of technical debt—one that undermines performance, cybersecurity, and scalability at a time when seamless, secure, and cloud-optimized access is more critical than ever.

Finally, there’s an off-ramp from this loop. By reconsidering the browser, forward-thinking enterprises are not just reducing debt—they’re building resilience for the next generation of digital transformation.

We list the best IT management tools.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Retail in the UK has embraced digital innovation – from websites and mobile apps to smart kiosks and even augmented‑reality mirrors reshaping the high street. But behind these advances lies a surprising weak spot: payments.

While stores innovate non-stop in customer experience, I’ve seen many continue to rely on outdated, disconnected payment setups – systems that only work via app, terminal, or wallet, and don’t communicate with each other. This fragmentation creates real friction for customers and chaos for finance and operations functions at these businesses.

To understand how far behind this puts retailers, consider this: in 2023, UK consumers made 18.3 billion contactless payments, up from 6.6 billion in 2018. That’s nearly 40% of all payments. And about a third of adults now tap their phone or card monthly.

The way people pay has changed – but many retail systems haven’t caught up.

One of the clearest signs of this disconnect is the click-and-collect phenomenon. Anyone in retail will know it’s a hugely popular service – eMarketer reports that 64% of UK retailers offer it, and 15% of online orders are now picked up in-store, nearly double the pre-pandemic levels.

Buy Online, Pick Up In Store (BOPIS) is known to boost both footfall and basket size. But here’s the thing: when payments aren’t integrated across channels, this convenience starts to crumble. Staff often can’t verify transactions at pickup. Queues build. Trust erodes. The promise of frictionless shopping disappears.

Fragmented payments don’t only hurt the customer experience. They create severe operational strain behind the scenes.

Finance teams scramble to reconcile online and in-store revenue, often manually; risk teams lack a complete view of fraud across channels; marketing teams struggle to connect the dots between campaigns and conversions; and executives are forced to make strategic decisions based on partial, siloed data.

This isn’t just a technical challenge – it’s a barrier to business clarity, performance, and agility.

Fortunately, momentum is building for smarter, more unified payment systems.

The UK’s financial infrastructure is modernizing. The Bank of England, in collaboration with HM Treasury and the FCA, has established the Retail Payments Infrastructure Board to overhaul the Faster Payments system. Their goal is to enable instant account-to-account (A2A) payments at checkout, reducing reliance on card networks like Visa and Mastercard, and lowering transaction fees.

At the same time, Soft-POS system technology is redefining how payments are accepted. Smartphones and tablets can now function as secure NFC terminals. Analysts project that the global value of Soft-POS transactions will rise from $23.9 billion in 2025 to $540 billion by 2030. Meanwhile, digital wallets are gaining ground fast. According to eMarketer, over 50% of UK adults use PayPal, and nearly 30% use Apple Pay, both online and in stores.

That’s not just preference – it’s an imperative. These options must be integrated seamlessly, not embedded as afterthoughts.

A unified payment system is more than efficient – it’s powerful. In 2022, UK retailers lost approximately £1.2 billion to payment fraud. Global losses are projected to exceed $107 billion by 2029. Fragmented systems make it easier for bad actors to exploit weaknesses – testing stolen cards online, picking them up in-store, and vanishing before systems catch up.

But when payment channels are connected, fraud detection becomes faster, more accurate, and more actionable. Real-time insights enable teams to flag suspicious behavior and prevent fraud before it occurs. That kind of visibility can protect revenue, safeguard customers, and strengthen brand trust.

The impact of unified payments is already visible among retailers who’ve taken action. Failed pickups are dropping. Dispute volumes are shrinking. Financial close processes are becoming faster and more accurate. In-store teams are reporting smoother workflows, and marketing teams can finally track the ROI of campaigns with clarity.

For example, before we started working with retailer Nemesis Now, they were facing serious challenges. Getaway attacks had become a regular threat – fake orders and fraudulent refunds were causing a real disruption, with teams working overtime to fend off thousands of malicious requests.

With little urgency from their previous payment gateway provider, they had no choice but to work with their web development agency to identify vulnerabilities and block the attacks. It was a costly and stressful ordeal that highlighted just how critical a secure, unified payments setup really is.

In short, this isn’t just a backend win. When systems are connected, store associates can complete transactions without friction. Finance teams can report with confidence. Fraud analysts can respond to threats in real time. Executives gain a clear view of performance, and customers enjoy the kind of seamless, personalized experience that drives loyalty.

With contactless transactions now accounting for 38% of UK payments and cash still representing around 12%, retailers need to support a range of preferences securely and responsibly. The regulatory environment is also evolving, with PSD3, APP reimbursement requirements, and emerging technologies such as dark stores and real-time loyalty systems prompting retailers to reassess their payment infrastructure.

According to Gartner, those who treat payments as a strategic capability – rather than just a technical one – gain significant advantages in fraud resilience, agility, and customer retention. In today’s environment, those differences can define who leads and who lags.

For retailers ready to move, there’s no need to start from scratch. Playbooks, integration frameworks, and benchmarks already exist – rooted in real-world examples, not vendor hype.

Fragmented payments don’t just slow things down—they erode trust. Unified systems restore confidence, sharpen decision-making, and unlock growth, from the first click to the final till. Giving payments a strategic seat at the table is no longer optional. It’s essential.

We list the best mobile payment apps.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Salesloft suffered a third-party attack earlier this week
• New information suggests all authentication tokens were compromised
• Google disabled integrations and warned victims, in response

The Salesloft cyberattack that happened earlier this week may have also compromised certain Google Workspace accounts, as well as Salesforce instances. This is according to Google’s Threat Intelligence Group (GTIG), who published an updated report to warn about the worrying discovery.

On Wednesday, news broke that revenue platform Salesloft fell victim to a third-party cyberattack in which sensitive information was stolen. The company is using Drift, a conversational marketing and sales platform that uses live chat, chatbots, and AI, to engage visitors in real time.

Alongside it is SalesDrift, a third-party platform which links Drift’s AI chat functionality to Salesforce, syncing conversations, leads, and cases, into the CRM via the Salesloft ecosystem.

Starting around August 8, and lasting for about ten days, adversaries managed to steal OAuth and refresh tokens from SalesDrift, pivoting to customer environments, and successfully exfiltrating sensitive data.

Now, Google’s update says the scope of the compromise impacted more than the Salesforce integration: “We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised,” the update reads.

TGIG said that the attackers compromised OAuth tokens for the “Drift Email” integration, and used them to access a “very small number” of Google Workspace accounts. Apparently, only the accounts that were configured to integrate with Salesloft were compromised.

In response, Google revoked the tokens, disabled the integration functionality, and notified potentially impacted users. “We are notifying all impacted Google Workspace administrators. To be clear, there has been no compromise of Google Workspace or Alphabet itself.”

Google also recommended organizations immediately review all third-party integrations connected to their Drift instance, revoke and rotate all credentials, and monitor all connected systems for signs of unauthorized access.

The researchers believe the attack was done by a group tracked as UNC6395, although ShinyHunters claimed it was their doing.

Via BleepingComputer

• Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

• The MSI MAG 272QP and Gigabyte Aorus FO27Q5P monitors have arrived
• Both use the same Samsung 27-inch QD-OLED 500Hz panel
• Newegg has priced the MSI model, and it's a fair bit more affordable than the existing Samsung Odyssey OLED that also uses this panel

A pair of new OLED gaming monitors with an extremely fast 500Hz refresh rate are now available, according to the manufacturers.

Tom's Hardware spotted the announcements for the Gigabyte Aorus FO27Q5P (pictured above) and MSI MAG 272QP QD-OLED X50 (pictured below) monitors. I should note that they aren't on sale just yet, but should be available imminently.

Both monitors, which were initially unveiled earlier this year, are built around the same Samsung 27-inch QD-OLED panel, so the core specs for the display are identical. It's a Gen 3 panel which offers more readable text and finer detail (thanks to an updated subpixel layout), plus it's brighter compared to its predecessor OLED screen from Samsung (offering 1,000 nits peak brightness).

With both monitors you get a 1440p resolution panel with HDR1000 certification (plus HDR TrueBlack 500 and ClearMR 21000) and a super-fast 0.03 ms response time (near-instant). They also benefit from FreeSync Premium Pro support and are G-Sync Compatible, with highly accurate colors (99% DCI-P3 coverage). As mentioned, the refresh rate is 500Hz.

There are some important differences on the connectivity front, though, notably that the Gigabyte Aorus FO27Q5P offers DisplayPort 2.1a UHBR20, whereas the MSI MAG 272QP is only DisplayPort 1.4a – though both offer a pair of HDMI 2.1 ports. (Some tech sites seem to have got this round their necks, so to clarify, the MSI monitor definitely doesn't have DisplayPort 2.1a based on the official specs page).

Another noteworthy point is that the Gigabyte monitor has a pair of built-in 5W speakers, and there aren't speakers with the MSI model – not that this is likely to matter to the kind of competitive gamers who'll be looking at these screens.

There are monitors with faster refresh rates that have been shown off, but remember, these are OLED panels, and 500Hz is blazing fast for this tech – and indeed the fastest you can get (for now, at least, though that may change before too long). It's also arguable how high you need to go with refresh rates, anyway (but let's not go off on that tangent).

The Samsung Odyssey OLED G60SF carries the same 1440p and 500Hz panel, and is already out on the market priced at $1,000 (at the time of writing) in the US. There's no official pricing on either the MSI MAG 272QP or Gigabyte Aorus FO27Q5P from the makers, but Newegg US does have the MSI model listed and priced at $750. Ordering isn't live yet, but assuming that's not a placeholder – and we must be a bit careful around that – this looks like good value for the spec on offer. That's not to say it's exactly cheap – but you didn't really expect that a 500Hz OLED monitor would be, did you?

Of course, these kinds of screens are for the most competitive gamers out there who are into their esports. You'll need a very powerful PC and one of the fastest graphics cards to drive 500Hz – which is 500 frames per second – at 1440p resolution even with less demanding games (which esports titles generally are, as they place a premium on fluid frame rates over visual bells and whistles).

Aside from the still rather wallet-worrying price, another concern that might remain for those considering an OLED gaming monitor is the possibility of burn-in (permanent image retention caused by a static element, like a game HUD or desktop OS interface, being present on the screen for too long).

Both MSI and Gigabyte offer a three-year warranty which includes protection against burn-in, and the manufacturers also have their own tech to protect against image retention. That includes MSI's OLED Care 2.0 and Gigabyte's OLED Care, along with heat dissipation measures to lower screen temperatures (and therefore reduce burn-in risk).

• Want a 700Hz gaming monitor? Dinosaur CRT display from 2002 has hit this staggering refresh rate, blowing away modern LCDs
• The best gaming PC in 2025: our top picks for smooth PC gaming
• I bought a super-cheap 43-inch 4K TV and it changed my (work) life

• Anthropic's Threat Intelligence Report outlines the acceleration of AI attacks
• AI is now fueling all parts of the cyberattack process
• One such attack has been identified at 'vibe hacking'

One of the world’s largest AI companies, Anthropic, has warned that its chatbot has been ‘weaponised’ by threat actors to “to commit large-scale theft and extortion of personal data". Anthropic’s Threat Intelligence Report details ways in which the technology is being used to carry out sophisticated cyberattacks.

Weaponized AI is making hackers faster, more aggressive, and more successful - and the threat report outlines that ransomware attacks which previously would have required years of training can now be crafted with very few technical skills.

These cyberattacks are lucrative for hackers, with AI now being used for fraudulent activity like stealing credit card information and identity theft, with attackers even using AI to analyze stolen data.

Defenders have long warned that AI is lowering the barriers to cybercrime, allowing low-skilled hackers to carry out complex attacks, but LLMs are now assisting criminals at every point along the attack process.

The report describes a particular threat it dubs ‘vibe-hacking’, which refers to a campaign in which Claude was used to scale and build a data extortion scheme. The name is a reference to the ‘vibe coding’ method of software development which heavily relies on AI to generate code and build applications.

Cluade’s code execution environment was used to; ‘automate reconnaissance, credential harvesting, and network penetration at scale, potentially affecting at least 17 distinct organizations in just the last month across government, healthcare, emergency services, and religious institutions.’

Anthropic’s investigations found cybercriminals targeted a range of sectors, focusing on data theft and extortion. These attacks resulted in ‘the compromise of personal records, including healthcare data, financial information, government credentials, and other sensitive information, with direct ransom demands occasionally exceeding $500,000.’

• Google reveals just how much energy each Gemini query uses - but is it being entirely truthful?
• Check out our choice for best endpoint protection software to keep you safe
• 70% of people are sick of talking to AI – where did all the humans go?