News

Business continuity planning

• May 13, 2025 13 May'25

  May Patch Tuesday brings five exploited zero-days to fix

  Microsoft fixes five exploited, and two publicly disclosed, zero-days in the fifth Patch Tuesday update of 2025

• May 13, 2025 13 May'25

  M&S forces customer password resets after data breach

  M&S is instructing all of its customers to change their account passwords after a significant amount of data was stolen in a DragonForce ransomware attack

• May 08, 2025 08 May'25

  Government will miss cyber resiliency targets, MPs warn

  A Public Accounts Committee report on government cyber resilience finds that the Cabinet Office has been working hard to improve, but is likely to miss targets and needs a fundamentally different approach

• May 08, 2025 08 May'25

  US tells CNI orgs to stop connecting OT kit to the web

  US authorities have released guidance for owners of critical national infrastructure in the face of an undisclosed number of cyber incidents

• May 07, 2025 07 May'25

  Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring

  Research from Sans Institute reveals European organisations are leading a global shift in hiring priorities, driven by regional regulatory frameworks

• May 07, 2025 07 May'25

  Oxford Uni adds cyber resilience module to MBA programme

  Oxford University’s Saïd Business School is working with cyber response specialist Sygnia to help future business leaders get on top of security

• May 02, 2025 02 May'25

  Retail cyber crime spree a ‘wake-up call’, says NCSC CEO

  The National Cyber Security Centre confirms it is providing assistance to M&S, Co-op and Harrods as concerns grow among UK retailers

• May 01, 2025 01 May'25

  Co-op instructs staff to be wary of lurking hackers

  Co-op tells staff to stop using their VPNs and be wary that their communications channels may be being monitored, as a cyber attack on the organisation continues to develop

• April 30, 2025 30 Apr'25

  Current SaaS delivery model a risk management nightmare, says CISO

  JPMorgan Chase security chief Patrick Opet laments the state of SaaS security in an open letter to the industry and calls on software providers to do more to enhance resilience

• April 30, 2025 30 Apr'25

  Co-op shuts off IT systems to contain cyber attack

  A developing cyber incident at Co-op has forced the retailer to pull the plug on some of its IT systems as it works to contain the attack

• April 24, 2025 24 Apr'25

  Data breach class action costs mount up

  Organisations exposed to the US market paid out over $150m in class action settlements in just six months. Security leaders must do more to address cyber gaps, respond better to incidents and demonstrate compliance

• April 24, 2025 24 Apr'25

  March ransomware slowdown probably a red herring

  An apparent slowdown in ransomware attack volumes is raising eyebrows, but the statistics never tell the full story

• April 23, 2025 23 Apr'25

  Financially motivated cyber crime remains biggest threat source

  Mandiant’s latest annual threat report reveals data on how financially motivated cyber criminals, such as ransomware gangs, dominate the cyber security landscape

• April 23, 2025 23 Apr'25

  Amid uncertainty, Armis becomes newest CVE numbering authority

  Amid an uncertain future for vulnerability research, exposure management company Armis has been given the authority to assign CVE IDs to newly discovered vulnerabilities

• April 22, 2025 22 Apr'25

  Cyber ‘agony aunts’ launch guidebook for women in security

  Cyber ‘agony aunts’ Amelia Hewitt and Rebecca Taylor are launching a book aimed at empowering women in their cyber security careers

• April 17, 2025 17 Apr'25

  Tariff turmoil is making supply chain security riskier

  Many businesses around the world are taking the decision to alter their supplier mix in the face of tariff uncertainty, but in doing so are creating more cyber risks for themselves, according to a report

• April 16, 2025 16 Apr'25

  CISA extends Mitre CVE contract at last moment

  The US Cybersecurity and Infrastructure Security Agency has ridden to the rescue of the under-threat Mitre CVE Programme, approving a last-minute, 11-month contract extension to preserve the project’s vital security vulnerability work

• April 16, 2025 16 Apr'25

  CVE Foundation pledges continuity after Mitre funding cut

  With news that Mitre’s contract to run the world-renowned CVE Programme is abruptly terminating, a breakaway group is setting up a non-profit foundation to try to ensure the project’s continuity

• April 08, 2025 08 Apr'25

  Government punts cyber governance code of practice for UK businesses

  The Department for Science, Innovation and Technology’s cyber security minister Feryal Clark announces a cyber security code of governance for UK businesses to follow

• April 07, 2025 07 Apr'25

  UK SMEs losing over £3bn a year to cyber incidents

  A lack of access to technology, little to no staff training, and competing priorities are losing UK SMEs up to £3.4bn to cyber incidents every year

• April 04, 2025 04 Apr'25

  Norway and Nordic financial sector ramps up cyber security

  Finans Norge sets up cyber security unit CTSU to support the finance sector in Norway amid increasing threats

• March 31, 2025 31 Mar'25

  Top 1,000 IT service providers in scope of UK cyber bill

  The government’s proposed Cyber Security and Resilience Bill is set to include regulatory provisions covering both datacentre operators and larger IT service providers

• March 25, 2025 25 Mar'25

  ETSI launches first post-quantum encryption standard

  European telco standards body launches its first post-quantum cryptography cyber standard, covering the security of critical data and communications

• March 21, 2025 21 Mar'25

  NCSC, DSIT enlist IBM to spearhead cyber diversity agenda

  IBM signs on to a partnership deal in support of the popular NCSC CyberFirst Girls scheme designed to foster gender diversity in the cyber security profession

• March 20, 2025 20 Mar'25

  NCSC proposes three-step plan to move to quantum-safe encryption

  The NCSC urges service providers, large organisations and critical sectors to start thinking today about how they will migrate to post-quantum cryptography over the next decade

• March 11, 2025 11 Mar'25

  March Patch Tuesday brings 57 fixes, multiple zero-days

  The third Patch Tuesday of 2025 brings fixes for 57 flaws and a hefty number of zero-days

• March 11, 2025 11 Mar'25

  Perimeter security appliances source of most ransomware hits

  Perimeter security appliances and devices, particularly VPNs, prove to be the most popular entry points into victim networks for financially motivated ransomware gangs, according to reports

• March 11, 2025 11 Mar'25

  UK government under-prepared for catastrophic cyber attack, hears PAC

  The Commons Public Accounts Committee heard government IT leaders respond to recent National Audit Office findings that the government’s cyber resilience is under par

• March 03, 2025 03 Mar'25

  Singapore’s HomeTeamNS hit by ransomware attack

  The non-profit organisation suffered a ransomware attack that affected some servers containing employee and member data, prompting an investigation and enhanced security measures

• February 28, 2025 28 Feb'25

  NHS staff lack confidence in health service cyber measures

  NHS staff understand their role in protecting the health service from cyber threats and the public backs them in this aim, but legacy tech and a lack of training are hindering efforts, according to BT

• February 27, 2025 27 Feb'25

  CVE volumes head towards 50,000 in 2025, analysts claim

  Many trends, notably a big shift to open source tools, are behind an expected boom in the number of disclosed vulnerabilities

• February 26, 2025 26 Feb'25

  CISOs spending more on insider risk

  Insider risk management budgets have more than doubled in the past 12 months and look set to grow further still in 2025, according to a report

• February 25, 2025 25 Feb'25

  Singapore rolls out guidelines to bolster cloud and datacentre resilience

  New advisory guidelines to enhance resilience and security of cloud services and datacentres in Singapore amid potential service disruptions and growing cyber threats

• February 24, 2025 24 Feb'25

  European Union calls for more cyber data-sharing with Nato

  Updates to the EU’s Cyber Blueprint, establishing best practice for multilateral security incident response in Europe, include calls for more collaboration with Nato member states, as the geopolitical environment becomes ever more fractious

• February 20, 2025 20 Feb'25

  Watchdog approves Sellafield physical security, but warns about cyber

  The Office for Nuclear Regulation has taken Sellafield out of special measures for physical security, but harbours cyber security concerns

• February 18, 2025 18 Feb'25

  MSP cuts costs with Scality pay-as-you-go anti-ransomware storage

  Autodata gets Scality as-a-service for on-site immutable storage via Artesca, to allow customers to rapidly recover from ransomware and at the same cost per terabyte no matter the volume

• February 17, 2025 17 Feb'25

  The Security Interviews: Yevgeny Dibrov, Armis

  Armis CEO Yevgeny Dibrov talks about how his military service and intelligence work opened the door into the world of cyber security entrepreneurship

• February 11, 2025 11 Feb'25

  Google: Cyber crime meshes with cyber warfare as states enlist gangs

  A report from the Google Threat Intelligence Group depicts China, Russia, Iran and North Korea as a bloc using cyber criminal gangs to attack the national security of western countries

• February 11, 2025 11 Feb'25

  F1’s Red Bull charges 1Password to protect its 2025 season

  For the upcoming 2025 Formula 1 season, Oracle Red Bull Racing adds cyber security partner 1Password to its roster of team suppliers and sponsors

• February 07, 2025 07 Feb'25

  Ransomware payment value fell over 30% in 2024

  Several factors, including the impact of law enforcement operations disrupting cyber criminal gangs and better preparedness among users, may be behind a significant drop in the total value of ransomware payments

• February 06, 2025 06 Feb'25

  UK’s Cyber Monitoring Centre begins incident classification work

  The Cyber Monitoring Centre will work to categorise major incidents against a newly developed scale to help organisations better understand the nature of systemic cyber attacks and learn from their impact

• February 03, 2025 03 Feb'25

  DeepSeek-R1 more readily generates dangerous content than other large language models

  Research scientists at cyber firm Enkrypt AI publish concerning findings from a red team exercise conducted against DeepSeek, the hot new generative AI tool

• January 31, 2025 31 Jan'25

  Barclays hit by major IT outage on HMRC deadline day

  Customers of Barclays Bank are left unable to access web app and online banking following a significant IT outage that seems to have come at the worst possible time

• January 31, 2025 31 Jan'25

  AI jailbreaking techniques prove highly effective against DeepSeek

  Researchers at Palo Alto have shown how novel jailbreaking techniques were able to fool breakout GenAI model DeepSeek into helping to create keylogging tools, steal data, and make a Molotov cocktail

• January 29, 2025 29 Jan'25

  How government hackers are trying to exploit Google Gemini AI

  Google’s threat intel squad has shared information on how nation state threat actors are attempting to exploit its Gemini AI tool for nefarious ends

• January 29, 2025 29 Jan'25

  Vallance rejects latest charge to reform UK hacking laws

  Science minister Patrick Vallance rejects proposed amendments to the Computer Misuse Act, arguing that they could create a loophole for cyber criminals to exploit

• January 27, 2025 27 Jan'25

  Cyber incident that closed British Museum was inside job

  An IT incident that disrupted visitor access to the British Museum last week was the work of a disgruntled contractor who had been let go

• January 27, 2025 27 Jan'25

  Inside CyberArk’s security strategy

  CyberArk CIO Omer Grossman talks up the company’s security-first ethos, the importance of an assumed breach mentality and how the company is addressing threats from the growing use of AI

• January 24, 2025 24 Jan'25

  US indicts five in fake North Korean IT contractor scandal

  The US authorities have accused five men, including two American citizens, of involvement in a scheme which saw companies duped into hiring fake North Korean IT contractors

• January 22, 2025 22 Jan'25

  Privacy professionals expect budget cuts, lack confidence

  Over 50% of privacy professionals in Europe expect to see less money earmarked for data security initiatives in 2025, and many don’t have faith their organisations are taking the issue seriously, according to an ISACA report