News

IT risk management

• April 09, 2026 09 Apr'26

  Singapore Cyber Security Agency chief: Cyber stability a necessity, not a luxury

  With state-linked attacks rising and international rules unravelling, Singapore’s cyber security commissioner calls for global cooperation to prevent catastrophic conflict in cyber space

• April 02, 2026 02 Apr'26

  NCSC warns high-risk individuals of Signal and WhatsApp social engineering attacks

  NCSC advises on countermeasures for high-risk individuals over phishing attacks on encrypted messaging services, such as Signal, WhatsApp and Facebook Messenger

• March 31, 2026 31 Mar'26

  High Court dismisses judicial review against eVisa system

  The High Court rules that the Home Office is acting lawfully in refusing to issue alterative proof of immigration status outside of its electronic visa system, but both the judge and the department accepts that those affected by data quality and ...

• March 31, 2026 31 Mar'26

  Shrinking PQC timeline highlights immediate risk to data security

  Google’s decision to move up its timeline for migration to post-quantum cryptography highlights that some of the cyber security risks posed by quantum computing are already reality

• March 27, 2026 27 Mar'26

  EU Parliament rejects Chat Control message scanning

  MEPs vote down proposals to allow US tech companies to continue scanning private messages for illegal content

• March 26, 2026 26 Mar'26

  Oracle Cloud Infrastructure: The bare metal facts

  The Oracle Cloud Infrastructure appears to have more in common with datacentre hosting than with public infrastructure-as-a-service providers

• March 26, 2026 26 Mar'26

  UAE positions cyber security as pillar of national resilience and digital growth

  Strategic investment and coordination reinforce the country’s ability to withstand complex cyber threats

• March 26, 2026 26 Mar'26

  Agentic bots and synthetic identities fuel surge in fraud

  LexisNexis Risk Solutions warns of a 450% rise in agentic traffic and an eight-fold increase in synthetic identity fraud as cyber criminals scale automation to bypass security controls

• March 25, 2026 25 Mar'26

  US government launches Bureau of Emerging Threats

  The US’ Bureau of Emerging Threats sits within the State Department and will supposedly help address national security threats arising from cyber attacks, the weaponisation of space and other emerging technologies

• March 25, 2026 25 Mar'26

  Emergency Microsoft, Oracle patches point to wider cyber issues

  Emergency out-of-band patches from Microsoft and Oracle signal underlying security issues around update cycles and patching, and identity security and zero-trust, says the community

• March 25, 2026 25 Mar'26

  Why AI agents are one prompt away from ransomware

  As AI adoption advances beyond chatbots, security leaders are up against rogue AI agents mirroring threat actors and a generational skills gap as security operations teams become overly dependent on AI

• March 24, 2026 24 Mar'26

  Cyber pros must grasp the vibe coding nettle, says NCSC chief

  At RSA in San Francisco, NCSC chief exec Richard Horne says security professionals have an opportunity and a responsibility to get in front of the security issues raised by the popularity of ‘vibe coding’

• March 24, 2026 24 Mar'26

  US government bans imported routers, raising tough questions

  The US communications regulator has enacted a ban on all router hardware made outside America citing security concerns, but experts say the move may risk creating more issues than it solves

• March 24, 2026 24 Mar'26

  QuikBot and EFGH bring real-time insurance to physical AI

  The two companies will embed insurance directly into the infrastructure governing autonomous robots, reducing claims processing and creating a trust layer for smart cities

• March 23, 2026 23 Mar'26

  Irish government launches CNI resilience plan

  Ireland’s National Strategy on the Resilience of Critical Entities sets out a pathway to improved cyber resilience for the nation’s critical infrastructure, and establishes compliance with an EU directive

• March 20, 2026 20 Mar'26

  Essex Police halts live facial recognition over bias and accuracy risks

  LFR deployments by Essex Police will not continue until risks associated with bias and inaccuracy have been reduced

• March 20, 2026 20 Mar'26

  UK Cyber Monitoring Centre plans expansion in US amid risk of Category 5 attack

  Organisations lulled into a false sense of security after Russian invasion of Ukraine are still at risk of a Category 5 attack in 2026

• March 19, 2026 19 Mar'26

  AI makes debut in Bridewell cyber security in CNI report

  Regulation has superseded cyber threats as the main driver of cyber security spending, and AI has made its debut for attack and defence, according to a CNI-focused report from Bridewell

• March 19, 2026 19 Mar'26

  Gartner: Ditch ‘big transformation’ cyber strategies for continuous improvement

  As artificial intelligence reshapes the enterprise, CISOs must abandon risky big bang security transformation initiatives in favour of incremental changes to build cyber resilience

• March 18, 2026 18 Mar'26

  UK MoD awards more than two dozen contracts for AI targeting systems

  The UK Ministry of Defence is ramping up its investment into military artificial intelligence in a bid to increase the ‘lethality’ of the British armed forces

• March 17, 2026 17 Mar'26

  Digital IDs edge closer to practical reality for UK businesses

  Industries and policymakers are strongly aligned on the need for digital company IDs for UK businesses, as progress is made towards the implementation of a practical standard

• March 17, 2026 17 Mar'26

  Contactless payment limit removal will happen overnight, but change won’t

  Banks will be able to set their own contactless card payment limits from 19 March, following rule change by Financial Conduct Authority

• March 17, 2026 17 Mar'26

  Health workers call for Palantir to be booted from NHS contracts

  Health justice charity Medact warns that Palantir’s involvement in NHS data systems is a threat to patients and healthcare organisations

• March 17, 2026 17 Mar'26

  Interview: D360 Bank redefines cyber security for Saudi Arabia’s cashless future

  Muath Alhomoud, director of cyber security at D360 Bank, discusses payment security, cloud resilience and the responsible use of AI in a hyper-connected financial ecosystem

• March 13, 2026 13 Mar'26

  UK falls behind on supercomputing amid slow investment, NAO warns

  While UKRI has improved its oversight of research and innovation, funding remains fragmented and has been too slow to replace supercomputers

• March 11, 2026 11 Mar'26

  Iran war a melting pot for other cyber threats

  State-backed cyber threat actors from non-combatant states are taking advantage of the Israeli-US war on Iran to fulfil their own goals, according to Proofpoint analysts

• March 11, 2026 11 Mar'26

  Child rapist could have profiled victims through unaudited access to NHS databases

  NHS analyst’s conviction for child sexual abuse offences raises concerns over unaudited access to patient data

• March 11, 2026 11 Mar'26

  CISOs on alert: Strengthening cyber resilience amid geopolitical tensions in the Middle East

  As regional uncertainty rises, security leaders across the Gulf focus on resilience, faster incident response and deeper threat intelligence to protect critical systems and data

• March 10, 2026 10 Mar'26

  Microsoft patches zero-days in .NET and SQL Server

  Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft’s March Patch Tuesday update

• March 10, 2026 10 Mar'26

  Met Police to ‘trial’ handheld facial recognition tech

  London Mayor Sadiq Khan reveals in a scrutiny session with London Assembly members that the Met is set to trial a facial recognition phone app for police officers

• March 10, 2026 10 Mar'26

  AI chooses nuclear escalation in 95% of simulated crises

  With artificial intelligence increasingly deployed in analysis and decision-making in armed conflict, research shows AI systems will not naturally default to ‘safe’ outcomes in nuclear crises

• March 10, 2026 10 Mar'26

  WA auditor general flags weak Microsoft 365 security controls across state entities

  Western Australia’s Office of the Auditor General has uncovered weaknesses in M365 configurations across seven government agencies, leading to compromised accounts and data breaches

• March 09, 2026 09 Mar'26

  APT36 unleashes AI-generated ‘vibeware’ to flood targets

  The Pakistani threat group has been using AI to rewrite malicious code across multiple programming languages, prioritising scale over sophistication to evade detection, security researchers have found

• March 06, 2026 06 Mar'26

  Norway braced for foreign AI cyber attacks on vital petroleum computing

  Nordic petrostate is preparing for war and turning the spotlight on vulnerabilities in its critical industries, as adversaries look for ways to damage the most important oil and gas producer to the EU

• March 05, 2026 05 Mar'26

  Government wants to build digital ID system in-house

  The Home Affairs Committee hearing on digital ID reveals consultation is due next week; there will be no central database; and while government wants to build the system in-house, it will not replace private digital ID providers

• March 04, 2026 04 Mar'26

  Iranian hacktivists muster their forces but state APTs lay low

  Hacktivist activity surrounding the Iran war is sky-high but Iran’s state-backed cyber espionage actors have yet to show their hands, giving security teams a valuable window of time to shore up their defences

• March 04, 2026 04 Mar'26

  Zero-day in Android phone chips under active attack

  Google and Qualcomm have tag-teamed a serious vulnerability in the chipsets used in Android mobile devices, which has been exploited in the wild as a zero-day

• March 04, 2026 04 Mar'26

  Tycoon2FA phishing platform dismantled in major operation

  A Europol-led sting against the infamous Tycoon2FA MFA bypass phishing service has been successful, with operations disrupted and ringleaders and cyber criminal users identified

• March 04, 2026 04 Mar'26

  Landmark legal challenge against Home Office eVisa system heard

  The UK High Court will examine whether the Home Office policy of refusing to issue alternative proof of immigration status outside of its electronic visa system is lawful

• March 03, 2026 03 Mar'26

  NCSC: No increase in cyber threat from Iran, but be prepared

  While cyber threat levels remain stable following the outbreak of war in the Middle East at the weekend, at-risk organisations in the UK should take steps to ward off potential reprisals from Iran-linked threat actors

• February 26, 2026 26 Feb'26

  US artificial intelligence developers accuse Chinese firms of stealing their data

  Artificial intelligence developers are accusing Chinese firms of stealing their intellectual property following a spate of ‘distillation attacks’, despite their own alleged theft of training data

• February 26, 2026 26 Feb'26

  CrowdStrike touts agentic SOC to tackle security woes

  By embedding AI agents across its platform, CrowdStrike is looking to help security teams automate repetitive security tasks, enabling them to focus on complex and stealthier threats that could slip under the radar

• February 25, 2026 25 Feb'26

  The UK’s proposed social media ban explained

  The UK government will use new legal powers to lay the groundwork for an under-16 social media ban after its consultation on children’s digital well-being, but opponents warn the measures being considered will only treat the symptoms of the problem ...

• February 25, 2026 25 Feb'26

  Application exploitation back in vogue, says IBM cyber unit

  IBM’s X-Force unit observes an uptick in the exploitation of vulnerable public-facing software applications

• February 25, 2026 25 Feb'26

  How AI code generation is pushing DevSecOps to machine speed

  Organisations should adopt shared platforms and automated governance to keep pace with the growing use of generative AI tools that are helping developers produce code at unprecedented volumes

• February 24, 2026 24 Feb'26

  Cyber association launches code of conduct for security pros

  ISC2’s Code of Professional Conduct will supposedly establish a worldwide framework dedicated to principled and ethical practices in the security trade

• February 23, 2026 23 Feb'26

  Why crypto agility is key to quantum readiness

  With quantum computing threatening current encryption standards, experts call for organisations to achieve crypto agility by managing the lifecycle of certificates and cryptographic keys through automation

• February 20, 2026 20 Feb'26

  What it takes to secure agentic commerce

  With AI agents increasingly acting as digital concierges for shoppers, verifying bot identities, securing the APIs they rely on and detecting anomalous behaviour will be key to safeguarding automated transactions, according to Akamai

• February 19, 2026 19 Feb'26

  Bank of Ireland UK fined for late security system implementation

  The payments regulator has fined the bank nearly £4m after it missed a deadline to implement a system to check payees

• February 18, 2026 18 Feb'26

  Flaws in Google and Microsoft products added to Cisa catalogue

  Cisa has added six CVEs to its Kev catalogue this week, including newly disclosed issues in Google Chromium and Dell RecoverPoint for Virtual Machines, and some older flaws as well