News

Business continuity planning

• December 18, 2025 18 Dec'25

  AI safeguards improving, says UK government-backed body

  Inaugural AI Security Institute report claims that safeguards in place to ensure AI models behave as intended seem to be improving

• December 09, 2025 09 Dec'25

  Microsoft patched over 1,100 CVEs in 2025

  The final Patch Tuesday update of the year brings 56 new CVEs, bringing the year-end total to more than 1,100

• December 08, 2025 08 Dec'25

  NCSC warns of confusion over true nature of AI prompt injection

  Malicious prompt injections to manipulate GenAI large language models are being wrongly compared to classical SQL injection attacks. In reality, prompt injection may be a far worse problem, says the UK’s NCSC

• December 05, 2025 05 Dec'25

  Cloudflare fixes second outage in a month

  A change to web application firewall policies at Cloudflare caused problems across the internet less than three weeks after another major outage at the service, but no cyber attack is suspected

• December 04, 2025 04 Dec'25

  NCC supporting London councils gripped by cyber attacks

  Three west London councils hit by a cyber attack continue to investigate as services remain disrupted nearly two weeks on

• December 03, 2025 03 Dec'25

  Post Office avoids £1m fine over botched website upgrade data breach

  The Information Commissioner’s Office considered fining the Post Office £1m for a 2024 data breach that let subpostmasters down again

• December 03, 2025 03 Dec'25

  Women in Cybersecurity Middle East marks five years of impact at Black Hat MEA

  As AI reshapes the regional cyber security landscape, diversity and skills development remain at the heart of building a resilient digital workforce

• December 02, 2025 02 Dec'25

  Strategic shift pays off as Okta bids to ease agentic AI risk

  Nine months after restructuring its go-to-market, Okta is buoyed by a growing recognition of how crucial identity has become thanks to the spread of AI agents

• November 26, 2025 26 Nov'25

  London councils endure wave of cyber attacks, shared IT services hit

  Four London councils – Kensington and Chelsea; Hackney; Westminster; and Hammersmith and Fulham – have suffered cyber attacks, disrupting services and prompting NCSC-supported investigation

• November 26, 2025 26 Nov'25

  US breach reinforces need to plug third-party security weaknesses

  Cyber breach at US financial sector tech provider highlights the risk of third-party vulnerabilities in finance ecosystems

• November 19, 2025 19 Nov'25

  Cloudflare contrite after worst outage since 2019

  Cloudflare CEO Matthew Prince apologises for the firm’s worst outage in years and shares details of how a change to database system permissions caused a cascading effect that brought down some of the web’s biggest names

• November 18, 2025 18 Nov'25

  Ransomware resilience may be improving in the health sector

  A Sophos report on ransomware highlights resilience improvements among healthcare organisations but warns that the wider threat is still live and growing

• November 18, 2025 18 Nov'25

  Cloudflare outage disrupts public web services

  An outage at web traffic management specialist Cloudflare has caused disruption across the internet

• November 12, 2025 12 Nov'25

  US cyber intel sharing law set for temporary extension

  The CISA 2015 cyber intelligence sharing law, which lapsed just over a month ago amid a wider shutdown, will receive a temporary lease of life should attempts to reopen the federal government succeed

• November 05, 2025 05 Nov'25

  Dutch boardroom cyber security knowledge gap exposed

  Cyber security governance professor warns that executives lack the capability to assess cyber threats in implementation approaches

• November 04, 2025 04 Nov'25

  The Security Interviews: Colin Mahony, CEO, Recorded Future

  Recorded Future’s CEO talks threat intelligence, AI in cyber security and the ever-changing cyber threat landscape

• October 30, 2025 30 Oct'25

  Microsoft CEO speaks of global cloud factory as Azure stalls

  Alongside Microsoft's posted cloud revenue of $49bn was a configuration error that caused a global outage affecting many customers

• October 24, 2025 24 Oct'25

  UK ramps up ransomware fightback with supply chain security guide

  Multinational guidance, developed by the UK and Singapore, is designed to help organisations reinforce their supply chain against ransomware attacks

• October 23, 2025 23 Oct'25

  Amid CISA cuts, US state launches first VDP

  Legislators in Annapolis, Maryland, have teamed up with Bugcrowd to launch a statewide vulnerability disclosure programme

• October 21, 2025 21 Oct'25

  New cyber resilience centre to help SMEs fend off cyber threats

  Spearheaded by the Singapore Business Federation, the cyber resilience centre will equip SMEs in the city-state with cyber security capabilities to mitigate and recover from cyber attacks

• October 15, 2025 15 Oct'25

  ICO fines Capita £14m after ransomware caused major data breach

  Outsourcing giant hit with £14m fine over 2023 cyber attack, but costs could rise as legal actions continue

• October 09, 2025 09 Oct'25

  Warlock ransomware may be linked to Chinese state

  The operators of Warlock ransomware who exploited a set of SharePoint Server vulnerabilities earlier this year likely have some kind of link to the Chinese government, researchers claim

• October 07, 2025 07 Oct'25

  Alert over Medusa ransomware attacks targeting Fortra MFT

  Microsoft warns it is seeing potential mass exploitation of a Fortra GoAnywhere vulnerability by a threat actor linked to the Medusa ransomware-as-a-service operation.

• October 07, 2025 07 Oct'25

  The Security Interviews: David Bradbury, CSO, Okta

  Okta’s chief security officer talks security by default and explains why he thinks time is running out for the shared responsibility model

• October 01, 2025 01 Oct'25

  US government shutdown stalls cyber intel sharing

  A key US law covering cyber security intelligence sharing has expired without an extension or replacement amid a total shutdown of the federal government, putting global security collaboration at risk.

• September 30, 2025 30 Sep'25

  MPs press outsourcer TCS over Jaguar cyber attack

  The government’s cross-bench Business and Trade Committee has written to Tata Consultancy Services seeking answers over possible links to cyber attacks on Jaguar Land Rover, Marks and Spencer, and Co-op

• September 30, 2025 30 Sep'25

  Harrods hackers start contacting customers

  Retailer Harrods has revealed that a number of customers whose data was stolen in a cyber attack have been contacted by the perpetrators

• September 30, 2025 30 Sep'25

  Google unveils AI-powered security to trap ransomware attacks

  The new security capability, available at no extra cost for most Google Workspace users, detects mass file encryption during ransomware attacks, stops the attacks from spreading and allows for restoration of files

• September 29, 2025 29 Sep'25

  Harrods hit by second cyber attack in six months

  Data on approximately 430,000 Harrods shoppers was stolen in a third-party breach, but the cyber attack is not related to an earlier Scattered Spider incident, says the retailer

• September 29, 2025 29 Sep'25

  JLR tentatively restarts production, following £1.5bn government backing

  Jaguar Land Rover is to resume car production after a £1.5bn government loan guarantee amid its cyber attack fallout. Debate is growing over the bailout and insurance

• September 26, 2025 26 Sep'25

  Over half of India-based companies suffer security breaches

  Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year

• September 26, 2025 26 Sep'25

  Okta CEO: AI security and identity security are one and the same

  At Oktane 2025 in Las Vegas, Okta CEO Todd McKinnon describes AI security and identity security as inseparable as he tees up a series of agentic security innovations

• September 25, 2025 25 Sep'25

  Netherlands establishes cyber resilience network to strengthen public-private digital defence

  Network will connect organisations in a cyber crime defence initiative that goes way beyond information sharing

• September 24, 2025 24 Sep'25

  Oktane 2025: Okta takes aim at agentic AI governance gap

  Identity specialist Okta is laying the groundwork for a number of incoming announcements designed to help its customers get to grips with the challenge of securing non-human, agentic identities.

• September 23, 2025 23 Sep'25

  SolarWinds warns over dangerous RCE flaw

  A newly uncovered RCE flaw in SolarWinds’ helpdesk product bypasses two previously issued fixes, and users should prioritise updates as exploitation is likely to occur

• September 23, 2025 23 Sep'25

  ‘Our worst day’: The untold story of the Electoral Commission cyber attack

  As head of digital at The Electoral Commission, Andrew Simpson’s mettle was tested when threat actors gained access to the regulator’s email systems and accessed sensitive voter data. Three years on, he tells his story to Computer Weekly

• September 19, 2025 19 Sep'25

  Government meets with car parts suppliers amid JLR cyber crisis

  Government officials have met with the Society of Motor Manufacturers and Traders to discuss the challenges they are facing amid disrupted production at Jaguar Land Rover

• September 19, 2025 19 Sep'25

  UK cyber action plan lays out path to resilience

  A report produced for the government by academics at Imperial College London and the University of Bristol sets out nine recommendations to strengthen the UK’s cyber sector

• September 19, 2025 19 Sep'25

  UK needs better defences to protect undersea internet cables from Russian sabotage

  A cross-party group of MPs and peers has called for the UK to step up defences to protect undersea cables from Russian sabotage risks

• September 15, 2025 15 Sep'25

  Arqit to support NCSC’s post-quantum cryptography pilot

  Quantum specialist Arqit will provide specialised post-quantum migration planning services to organisations preparing to address the imminent risks to traditional cryptography

• September 11, 2025 11 Sep'25

  Students an increasing source of cyber threat in UK schools

  Insider threats arising from student activity now appears to be the chief cause of notifiable cyber or data breach incidents in Britain’s schools

• September 10, 2025 10 Sep'25

  Splunk.conf: Cisco and Splunk expand agentic SOC vision

  The arrival of agentic AI in the security operations centre heralds an era of simplification for security professionals, Splunk claims

• September 09, 2025 09 Sep'25

  Splunk.conf: Splunk urges users to eat their ‘cyber veggies’

  The dawn of AI-enabled cyber attacks makes it even more important for defenders to bring their A-game, particularly when it comes to getting the basics right

• September 08, 2025 08 Sep'25

  Splunk.conf: Splunk and Cisco showcase unified platform

  With 18 months having elapsed since Cisco closed its acquisition of Splunk, joint platform capabilities and developments are being showcased at the annual Splunk.conf fair

• September 05, 2025 05 Sep'25

  US politicians ponder Wimwig cyber intel sharing law

  US cyber data sharing legislation is set to replace an Obama-era law, but time is running out to get it over the line, with global ramifications for the security industry, and intelligence and law enforcement communities

• August 27, 2025 27 Aug'25

  Incident response planning cuts the risk of claiming on cyber security insurance

  Proper attention to incident response planning is emerging as a core cyber control when it comes to reducing the risk of having to claim on cyber security insurance, according to a report

• August 27, 2025 27 Aug'25

  Ransomware activity levelled off in July, says NCC

  Ransomware levels held steady in the month of July, although the risk remained as persistent as ever

• August 26, 2025 26 Aug'25

  Three new Citrix NetScaler zero-days under active exploitation

  Citrix patches three new vulnerabilities in its NetScaler lines warning of active zero-day exploitation by an undisclosed threat actor

• August 20, 2025 20 Aug'25

  Microsoft starts including PQC algorithms in cyber foundations

  Microsoft updates on its post-quantum cyber strategy as it continues integrating quantum-safe algorithms into some of the core foundations underpinning its products and services

• August 20, 2025 20 Aug'25

  Commvault users told to patch two RCE exploit chains

  Storage firm Commvault fixes four vulnerabilities that, when combined, create a pair of RCE exploit chains that could be used to target on-premise customers with ransomware and other nasties