IT security
-
News
21 Aug 2025
Moscow exploiting seven-year-old Cisco flaw, says FBI
US authorities warn of an uptick in state-sponsored exploitation of a seven-year-old vulnerability in Cisco's operating system software. Continue Reading
-
News
21 Aug 2025
Scale of MoD Afghan data breaches widens dramatically
Many more data breaches at the MoD's Arap programme to relocate at-risk Afghan citizens to Britain have emerged following an FoI request by BBC journalists. Continue Reading
-
News
21 Aug 2025
Apple iOS update fixes new iPhone zero-day flaw
Latest Apple zero-day found in the ImageIO framework opens the door for targeted zero-click attacks on iPhone users. Continue Reading
-
Feature
21 Aug 2025
European digital sovereignty: Storage, surveillance concerns to overcome
As China and the US increase surveillance capabilities, are European companies caught in the middle of a data security storm? Continue Reading
-
News
21 Aug 2025
UK equality watchdog: Met Police facial recognition unlawful
The UK’s equality watchdog has been granted permission to intervene in a judicial review of the Met Police’s live facial-recognition (LFR) technology use, which it claims is being deployed unlawfully Continue Reading
-
News
20 Aug 2025
Microsoft starts including PQC algorithms in cyber foundations
Microsoft updates on its post-quantum cyber strategy as it continues integrating quantum-safe algorithms into some of the core foundations underpinning its products and services Continue Reading
-
News
20 Aug 2025
Commvault users told to patch two RCE exploit chains
Storage firm Commvault fixes four vulnerabilities that, when combined, create a pair of RCE exploit chains that could be used to target on-premise customers with ransomware and other nasties Continue Reading
-
News
20 Aug 2025
Warlock claims more victims as cyber attacks hit Colt and Orange
Ransomware gang Warlock is adding more victims to its data leak site as the impact of a spreading wave of cyber attacks continues to be felt Continue Reading
-
Opinion
20 Aug 2025
Jack of all managed security services, or master of none?
Large managed cyber services providers rule the roost when it comes to security buying priorities, but could this be watering down the overall quality of services available on the market? Continue Reading
-
News
19 Aug 2025
Google spins up agentic SOC to speed up incident management
Google Cloud elaborates on its vision for securing artificial intelligence unveiling new protections and capabilities across its product suite Continue Reading
-
News
19 Aug 2025
Deepfake AI scammers target the Big Yin
Cyber criminal scammers exploiting GenAI to create deepfake AI tools are targeting one of the UK’s most beloved comics, and one of its strongest accents Continue Reading
-
News
19 Aug 2025
ISACA launches AI security management certification
ISACA accredited security professionals can now pursue a new AI security management credential Continue Reading
-
News
19 Aug 2025
US says UK has agreed to drop encryption ‘back door’ demands against Apple
US and UK end diplomatic row over UK encryption ‘back door’ order against Apple, but it remains unclear whether Apple will restore advanced encryption services to UK users Continue Reading
-
19 Aug 2025
Preparation and appreciation – the human factor in incident response
Incident response is typically technical, so where do soft skills come in? Dan Raywood looks at a measurement option and the human consideration Continue Reading
-
19 Aug 2025
Met Police to double facial recognition use amid budget cuts
The UK’s largest police force is massively expanding its use of live facial recognition technology, despite ongoing concerns over privacy and bias, as it prepares to lose 1,700 officers and staff Continue Reading
-
News
19 Aug 2025
Singapore board directors to get cyber crisis training
The Singapore Institute of Directors and Ensign InfoSecurity have launched a programme to equip 1,000 board leaders with the skills to navigate high-stakes decisions during a cyber crisis Continue Reading
-
News
18 Aug 2025
Workday hit in wave of social engineering attacks
A campaign of voice-based social engineering attacks targeting users of Salesforce’s services appears to have struck HR platform Workday Continue Reading
-
News
18 Aug 2025
Extremist hacker who defaced websites and stole data imprisoned
Hacker Al-Tahery Al-Mashriky pled guilty to attacking multiple websites based on extremist political and religious ideology Continue Reading
-
News
18 Aug 2025
L’Oréal to promote cyber resilience for Britain’s beauty salons
L’Oréal UK and Ireland will work with law enforcement, cyber educators and students, and other large organisations to help thousands of small salons across the UK improve their cyber resilience practice Continue Reading
-
News
18 Aug 2025
Okta: AI adoption fuels problems for identity management
Okta research indicates the emergence and growth of novel security problems, connected with the spread of AI agents and non-human identities Continue Reading
-
News
15 Aug 2025
Warlock claims ransomware attack on network services firm Colt
UK network services firm Colt is attempting to recover various customer-facing systems following a cyber attack that has been claimed by the Warlock ransomware gang and may have arisen via a SharePoint flaw Continue Reading
-
Feature
15 Aug 2025
Would you hire a hacker?
At a time when cyber security breaches are on the up and skills remain in short supply, security experts believe we may be missing a trick by overlooking unconventional sources of talent Continue Reading
-
News
15 Aug 2025
UK cyber leaders feel impact of Trump cutbacks
The ripple effects of US cyber security cutbacks have reached this side of the Atlantic, according to a report Continue Reading
-
News
15 Aug 2025
US trade body calls on Washington to cut cyber red tape
The US Information Technology Industry Council has called on the White House’s Office of the National Cyber Director to cut burdensome regulations in areas such as AI and incident reporting, and to do more to build a unified security regime Continue Reading
-
News
15 Aug 2025
Whitehall IT projects face complex challenges, Nista report finds
The annual report from the National Infrastructure and Service Transformation Authority gives major police IT project ‘red’ rating, while several others are rated ‘amber’, including Gov.uk One Login and Making Tax Digital Continue Reading
-
Opinion
15 Aug 2025
Teen hackers aren't the problem. They're the wake-up call
If we take the time to build the right pathways into cyber, young people could be our best line of defence. Continue Reading
-
Feature
15 Aug 2025
The UK’s Online Safety Act explained: what you need to know
In this essential guide, Computer Weekly looks at the UK’s implementation of the Online Safety Act, including controversies around age verification measures and the threat it poses to end-to-end encryption Continue Reading
-
Opinion
15 Aug 2025
Guardian agents: Stopping AI from going rogue
AI systems don't share our values and can easily go rogue. But instead of trying to make AI more human, we need a new class of guardian agents to act as digital sentinels, monitoring our autonomous systems before we lose control completely Continue Reading
-
Opinion
14 Aug 2025
Protecting your data in the EU means protecting an independent authority
As the EU faces mounting scrutiny over institutional transparency, ensuring the genuine independence of the European Data Protection Supervisor is key to preserving the rule of law and the credibility of the Union’s digital governance. Continue Reading
-
News
14 Aug 2025
Professional services firms stuck in network security IT doom loop
Survey reveals a widening disconnect in the professional services sector where, despite near-universal adoption of SaaS and cloud strategies, core network and security services are failing to keep up through the likes of SASE Continue Reading
-
News
13 Aug 2025
BlackSuit ransomware payment recovered in takedown operation
US authorities reveal how over a million dollars’ worth of cryptocurrency assets laundered by the BlackSuit ransomware gang were seized ahead of a July takedown operation Continue Reading
-
Opinion
13 Aug 2025
What the UK's ransomware crackdown signals for Europe
The UK government is forging a bold path as it aims to ban ransomware payments from certain organisations. Its actions could herald an inflexion point in Europe's broader response to ransomware. Continue Reading
-
Definition
13 Aug 2025
What is governance, risk and compliance (GRC)?
Governance, risk and compliance (GRC) refers to an organization's strategy, or framework, for handling the interdependencies of the following three components: corporate governance policies, enterprise risk management programs, and regulatory and company compliance. Continue Reading
-
Definition
13 Aug 2025
What is security theater?
Security theater refers to highly visible security measures that create the illusion of increased safety but don't stop threats. Continue Reading
-
News
12 Aug 2025
Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list
Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update Continue Reading
-
News
12 Aug 2025
Researchers firm up ShinyHunters, Scattered Spider link
ReliaQuest researchers present new evidence that firms up a potential link, or outright partnership, between the ShinyHunters and Scattered Spider cyber gangs Continue Reading
-
News
12 Aug 2025
UK work visa sponsors are target of phishing campaign
Mimecast identifies a phishing campaign targeting UK organisations that sponsor migrant workers and students, opening the door to account compromise and visa fraud Continue Reading
-
News
12 Aug 2025
Workday research: 75% of employees will work with artificial intelligence, but not for it
Workday research finds 75% of workers like AI as a teammate, but only 30% want it to be the boss. Trust in the technology may grow with use, but human focus, clear roles and governance are key Continue Reading
-
Opinion
12 Aug 2025
What boards should look for in a CISO
The role of the chief information security officer has evolved dramatically over the years – and will continue to do so. What should boards really looking for when hiring a security leader in 2025? Continue Reading
-
News
12 Aug 2025
Norway fixing Big Bang e-health botch with fintech security
Experts call for Europe’s health sector to protect medical APIs with security originated from UK open banking as officials take urgent measures against unprecedented attacks Continue Reading
-
Feature
11 Aug 2025
ShinyHunters Salesforce cyber attacks explained: What you need to know
Computer Weekly gets under the skin of an ongoing wave of ShinyHunters cyber attacks orchestrated via social engineering against Salesforce users Continue Reading
-
Opinion
11 Aug 2025
How CISOs can adapt cyber strategies for the age of AI
Traditional security measures may not be able to cope with the AI reality. In order to safeguard enterprise operations, reputation and data integrity in an AI-first world, security leaders need to rethink. Continue Reading
-
News
11 Aug 2025
McCullough Review into PSNI spying on journalists and lawyers delayed
Angus McCullough KC is to present findings of an independent review of police spying on phone data of lawyers, journalists and NGOs in Northern Ireland in October Continue Reading
-
News
11 Aug 2025
Watching the watchers: Is the Technical Advisory Panel a match for MI5, MI6 and GCHQ?
Dame Muffy Calder is chair of the Technical Advisory Panel (TAP), a small group of experts that advises the Investigatory Powers Commissioner on surveillance technology. Do they have what it takes to oversee the intelligence community? Continue Reading
-
Definition
08 Aug 2025
What is the three lines model and what is its purpose?
The three lines model is a risk management approach to help organizations identify and manage risks effectively by creating three distinct lines of defense. Continue Reading
-
News
08 Aug 2025
OpenAI closes gap to artificial general intelligence with GPT-5
As OpenAI’s latest large language model delivers smarter AI, experts are wary of the risks GPT-5 poses to human creativity Continue Reading
-
Definition
07 Aug 2025
What is integrated risk management (IRM)?
Integrated risk management (IRM) is a set of proactive, businesswide practices that contribute to an organization's security, risk tolerance profile and strategic decisions. Continue Reading
-
Definition
07 Aug 2025
What is the Mitre ATT&CK framework?
The Mitre ATT&CK -- pronounced miter attack -- framework is a free, globally accessible knowledge base that describes the latest behaviors and tactics of cyberadversaries to help organizations strengthen their cybersecurity strategies. Continue Reading
-
News
06 Aug 2025
Black Hat USA: Startup breaks secrets management tools
Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms Continue Reading
-
News
06 Aug 2025
Cyber criminals would prefer businesses don’t use Okta
Okta details a phishing campaign in which the threat actor demonstrated some unusually strong opinions on what authentication methods they would like their targets to use Continue Reading
-
News
06 Aug 2025
Companies House ID verification to start in November 2025
Companies House plans to start vetting director identities from mid-November, but its reliance on the troubled One Login digital identity service may be cause for concern Continue Reading
-
News
06 Aug 2025
NCSC updates CNI Cyber Assessment Framework
Updates to the NCSC’s Cyber Assessment Framework are designed to help providers of critical services better manage their risk profiles Continue Reading
-
Definition
06 Aug 2025
What is enterprise risk management (ERM)?
Enterprise risk management (ERM) is the process of planning, organizing, directing and controlling the activities of an organization to minimize the harmful effects of risk on its capital and earnings. Continue Reading
-
News
06 Aug 2025
Australian scaleup to bring AI-led data protection to the MoD
The UK’s Ministry of Defence is embracing AI-led data protection in the wake of a major privacy breach, enlisting Australian cyber firm Castlepoint Systems to oversee sensitive records Continue Reading
-
News
05 Aug 2025
Attacker could defeat Dell firmware flaws with a vegetable
Cisco Talos discloses five vulnerabilities in cyber security firmware used on Dell Latitude and Precision devices, including one that could enable an attacker to log on with a spring onion Continue Reading
-
Tip
05 Aug 2025
8 ways to enhance data center physical security
Data center physical security is just as important as cybersecurity. Organizations can follow these eight security approaches to enhance facility access monitoring. Continue Reading
-
E-Zine
05 Aug 2025
Digitising fan experience
In this issue, discover the latest twist regarding a secret Home Office order requiring Apple to give UK law enforcement access to users’ encrypted data stored on the Apple iCloud. Also discover how the Premier League is using digital means to reach fans, and learn about identity security in SaaS deployments. Read the issue now. Continue Reading
-
Definition
04 Aug 2025
What is the DRY principle?
The DRY (don't repeat yourself) principle, introduced by Andrew Hunt and David Thomas in 'The Pragmatic Programmer,' promotes the idea that every piece of knowledge should have a single, unambiguous, authoritative representation within a system. Continue Reading
-
News
04 Aug 2025
Black Hat USA: Halcyon and Sophos tag-team ransomware fightback
Ransomware experts Halcyon and Sophos are to pool their expertise in ransomware, working together to enhance data- and intelligence-sharing and bringing more comprehensive protection to customers Continue Reading
-
News
04 Aug 2025
Proliferation of on-premise GenAI platforms is widening security risks
Research finds increased adoption of unsanctioned generative artificial intelligence platforms is magnifying risk and causing a headache for security teams Continue Reading
-
News
04 Aug 2025
Agentic AI a target-rich zone for cyber attackers in 2025
At Black Hat USA 2025, CrowdStrike warns that cyber criminals and nation-states are weaponising GenAI to scale attacks and target AI agents, turning autonomous systems against their makers Continue Reading
- 04 Aug 2025
- 04 Aug 2025
-
News
01 Aug 2025
Met Police to double facial recognition use amid budget cuts
The UK’s largest police force is massively expanding its use of live facial recognition technology as it prepares to lose 1,700 officers and staff Continue Reading
-
News
01 Aug 2025
Securing agentic identities focus of Palo Alto’s CyberArk buy
Palo Alto Networks is entering the identity security space with a multibillion-dollar acquisition, and plans to address growing concerns around protecting identities associated with AI agents Continue Reading
-
Opinion
01 Aug 2025
The blind spot: digital supply chain is now a board-level imperative
Many companies lack visibility into complex digital supply chains, meaning hidden risks and regulatory exposure. Cyber security requires continuous mapping and board engagement Continue Reading
-
Opinion
31 Jul 2025
I lost my sister to online harms, the OSA is failing vulnerable people
Adele is a member of Families and Survivors to Prevent Online Suicide Harms campaign, a network that brings together survivors and families bereaved by online harm-related suicides. They are calling for changes to the enforcement of the Online Safety Act Continue Reading
-
News
31 Jul 2025
Palo Alto Networks to acquire CyberArk for $25bn
The deal marks Palo Alto Networks’ entry into the identity and access management space amid the growing need to secure human, machine and emerging AI agent identities Continue Reading
-
News
30 Jul 2025
Scattered Spider tactics continue to evolve, warn cyber cops
CISA, the FBI, NCSC and others have clubbed together to update previous guidance on Scattered Spider's playbook, warning of new social engineering tactics and exploitation of legitimate tools, among other things Continue Reading
-
News
30 Jul 2025
Apple pushes almost 30 security fixes in mobile update
Apple pushes what will likely be the last major security update to its current iPhone and iPad operating systems, fixing 29 vulnerabilities in its mobile ecosystem Continue Reading
-
News
30 Jul 2025
MS Authenticator users face passkey crunch time
The deadline for moving to passkeys in Microsoft Authenticator is rapidly approaching, and users are advised to take action now Continue Reading
-
News
30 Jul 2025
AI-enabled security pushes down breach costs for UK organisations
Organisations that are incorporating AI and automation into their cyber security practice are seeing improved outcomes when incidents occur, according to an IBM study Continue Reading
-
Opinion
30 Jul 2025
Cyber governance practices are maturing - and reshaping leadership expectations
How technology leaders can help organisations shape their cyber governance practices and strengthen their collaboration across the executive team Continue Reading
-
Opinion
30 Jul 2025
GDPR’s 7th anniversary: in the AI age, privacy legislation is still relevant
Seven years after GDPR reshaped data protection, AI is forcing a fresh look at governance. GDPR’s principles remain critical, guiding ethical AI use, risk management, and trusted innovation Continue Reading
-
News
30 Jul 2025
Industry experts warn crypto infrastructure is ‘creaking’
A report from experts at HSBC, Thales and InfoSec Global claims decades-old cryptographic systems are failing, putting businesses at risk from current vulnerabilities and the threat from quantum computing Continue Reading
-
News
30 Jul 2025
International AI Alignment effort tackles unpredictability
Given AI systems are probabilistic, a group of international experts are collaborating to ensure such systems operate in the best interest of society Continue Reading
-
News
29 Jul 2025
Senator warns of new UK surveillance risks to US citizens following Apple ‘backdoor’ row
US lawmaker calls for the US to publish an assessment of the risks posed by UK surveillance laws to US citizens in the wake of disclosures that the UK has ordered Apple to introduce ‘backdoors’ in Apple encryption Continue Reading
-
News
29 Jul 2025
Austrian government faces likely legal challenge over state spyware
Civil society groups are talking to opposition MPs about bringing a legal challenge to the Austrian constitutional court over ‘state trojan’ law Continue Reading
-
News
29 Jul 2025
European Commission ignores calls to reassess Israel data adequacy
The European Commission is ignoring calls to reassess Israel’s data adequacy status in spite of concerns raised about its data protection framework and use of personal data in ‘repressive practices’ Continue Reading
-
News
29 Jul 2025
Global cyber spend will top $200bn this year, says Gartner
Worldwide spending on cyber security will hit another record high in 2025, and will go higher still next year Continue Reading
-
Opinion
29 Jul 2025
Burnout burden: why CISOs are at breaking point, what needs to change
CISOs face growing burnout as their roles expand beyond security, with high stress, low organisational authority, and short tenure. AI can help but change requires autonomy Continue Reading
-
Definition
29 Jul 2025
What is good automated manufacturing practice (GAMP)?
Good automated manufacturing practice (GAMP) is a set of guidelines for pharmaceutical manufacturers. Continue Reading
-
Definition
29 Jul 2025
What is an input validation attack?
An input validation attack is any malicious cyberattack that involves an attacker manually entering strange, suspicious or unsafe information into a normal user input field of a target computer system. Continue Reading
-
Feature
29 Jul 2025
Building digital resilience in retail
Retail is suffering economically and from hacking attacks. What steps can retailers can take to prevent cyber attacks, supply chain disruptions and migration downtime? Continue Reading
-
News
28 Jul 2025
Data resilience critical as ransomware attacks target backups
With more threat actors targeting backup repositories to ensure a payday, Veeam urges organisations to treat data resilience as a competitive advantage, not just an insurance policy Continue Reading
-
Opinion
25 Jul 2025
The UK’s ransomware payment ban is a strategic win
The UK's proposed public sector ransomware payment ban could be a bold step, but it can't operate in isolation. Continue Reading
-
News
25 Jul 2025
Interview: Cambridge Consultants CEO Monty Barlow scans for tech surprises
Cambridge Consultants is a technology and consulting business unit of Capgemini. Its chief executive, Monty Barlow, talks about its heritage and vision for the future of digital technology Continue Reading
-
News
24 Jul 2025
US seeks ‘unquestioned’ AI dominance
US AI action plan sets out aims to expand American dominance in the world of artificial intelligence Continue Reading
-
News
24 Jul 2025
SharePoint users hit by Warlock ransomware, says Microsoft
Microsoft’s security analysts confirm a number of cyber attacks on on-premise SharePoint Server users involve ransomware Continue Reading
-
News
24 Jul 2025
Scattered Spider victim Clorox sues helpdesk provider
Cleaning products manufacturer Clorox fell victim to a Scattered Spider social engineering attack two years ago – it blames its IT helpdesk provider, Cognizant Continue Reading
-
News
24 Jul 2025
Dutch researchers use heartbeat detection to unmask deepfakes
Dutch method to counter deepfakes analyses blood flow patterns in faces that current deepfake generation tools cannot yet replicate Continue Reading
-
News
24 Jul 2025
Monzo’s £21m fine highlights banks’ cyber security failures
Monzo’s recent fine over failings in its customer verification processes highlights wider security and privacy shortcomings in the personal finance world Continue Reading
-
News
23 Jul 2025
WhatsApp is refused right to intervene in Apple legal action on encryption ‘backdoors’
Investigatory Powers Tribunal to hear arguments in public over lawfulness of secret UK order requiring Apple to give UK law enforcement access to users’ encrypted data stored on the Apple iCloud Continue Reading
-
Opinion
23 Jul 2025
Is it time to rethink the OWASP Top 10?
The OWASP Top 10 serves as a key reference point for developers and security professionals, but with a new iteration on the horizon, we need to confront a hard truth: has it lost its effectiveness, or have we failed to implement it meaningfully? Continue Reading
-
Feature
23 Jul 2025
Disaster recovery: As-a-service vs on-premise?
It’s easy to backup to the cloud, and we run lots of applications there now, too. So, running DR as-a-service in the cloud makes perfect sense for many. We look at the pros and cons Continue Reading
-
News
23 Jul 2025
Interview: Is there an easier way to refactor applications?
We speak to the inventor of OpenRewrite about how enterprise IT can manage code across thousands of source code repros Continue Reading
-
Feature
23 Jul 2025
Business resilience needs comprehensive approach
The cyber attack on Marks & Spencer showed the vulnerability of even very established companies. But business applications resilience goes beyond cyber security basics Continue Reading
-
News
22 Jul 2025
Microsoft confirms China link to SharePoint hacks
Microsoft confirms two known China-nexus threat actors, and one other suspected state-backed hacking group, are exploiting vulnerabilities in SharePoint Server Continue Reading
-
Opinion
22 Jul 2025
Overconfidence in cyber security: a silent catalyst for CNI breaches
Many CNI organisations are perilously overconfident in their ability to manage and combat cyber risks, according to Bridewell research. This is leaving vital systems exposed. Continue Reading
-
News
22 Jul 2025
Chinese cyber spies among those linked to SharePoint attacks
Exploitation of the ToolShell RCE zero-day in Microsoft SharePoint continues to gather pace, with evidence emerging of exploitation by nation state-backed threat actors Continue Reading
-
News
22 Jul 2025
UK government to bring in ransomware payment ban
Critical infrastructure operators, hospitals, local councils and schools will be among those banned from giving in to cyber criminal demands as the UK moves forward with proposals to address the scourge of ransomware Continue Reading
-
News
22 Jul 2025
UK government signs partnership with OpenAI
Deal sees firm behind ChatGPT collaborate with government on AI security research to explore investment opportunities Continue Reading
