News

Data breach incident management and recovery

• December 29, 2025 29 Dec'25

  Top 10 cyber security stories of 2025

  AI dominated all tech conversations this year, but the concerns of cyber security professionals extend far beyond. From remote work to supply chains, quantum to identity, there were plenty of other topics for the industry to chew over in 2025.

• December 24, 2025 24 Dec'25

  Top 10 cyber crime stories of 2025

  In many regards, 2025 proved to be a relatively normal year for the cyber security world as threat actors and security pros continued their long-running cat-and-mouse game, but it was also a stand-out year that saw some of the largest cyber attacks ...

• December 23, 2025 23 Dec'25

  Top 10 ANZ stories of 2025

  The 2025 tech landscape in Australia and New Zealand was dotted with major data breaches even as organisations continue to press on with their digital transformation efforts in areas such as AI and automation

• December 19, 2025 19 Dec'25

  ‘Sensitive’ data stolen in Westminster City Council cyber attack

  London borough confirms that data breach affecting three neighbouring councils in a shared IT services operation led to personal information being copied by a third party

• December 19, 2025 19 Dec'25

  UK government confirms Foreign Office cyber attack

  Reports blame Chinese hacking group but minister insists the source of the attack is unclear

• December 17, 2025 17 Dec'25

  ClickFix attacks that bypass cyber controls on the rise

  NCC’s monthly threat report details the growing prevalence of ClickFix attacks in the wild

• December 15, 2025 15 Dec'25

  Top IT predictions in APAC in 2026

  Enterprises across the Asia-Pacific region are expected to prioritise sovereign architectures, double down on securing agentic systems and rewrite their infrastructure playbooks, among other tech trends

• December 09, 2025 09 Dec'25

  OAIC to launch blitz on privacy compliance

  Australia’s privacy watchdog will begin the new year with a compliance sweep targeting businesses that run afoul of privacy rules, including the over-collection of personal information in-person, warning that non-compliance could trigger fines

• December 05, 2025 05 Dec'25

  Cyber teams on alert as React2Shell exploitation spreads

  Exploitation of an RCE flaw in a widely used open source library is spreading quickly, with China-backed threat actors in the driving seat

• December 04, 2025 04 Dec'25

  NCC supporting London councils gripped by cyber attacks

  Three west London councils hit by a cyber attack continue to investigate as services remain disrupted nearly two weeks on

• December 04, 2025 04 Dec'25

  Constrained budgets left security teams short-handed in 2025

  With 2024 seeing surges in security funding cuts, lay-offs and hiring freezes, 2025 brought some relief for cyber pros, but constrained budgets are leaving security teams short-staffed

• December 03, 2025 03 Dec'25

  UK government pledges to rewrite Computer Misuse Act

  Campaigners celebrate as security minister Dan Jarvis commits to amending the outdated Computer Misuse Act to protect security professionals from prosecution

• December 03, 2025 03 Dec'25

  Post Office avoids £1m fine over botched website upgrade data breach

  The Information Commissioner’s Office considered fining the Post Office £1m for a 2024 data breach that let subpostmasters down again

• December 03, 2025 03 Dec'25

  Women in Cybersecurity Middle East marks five years of impact at Black Hat MEA

  As AI reshapes the regional cyber security landscape, diversity and skills development remain at the heart of building a resilient digital workforce

• November 26, 2025 26 Nov'25

  London councils endure wave of cyber attacks, shared IT services hit

  Four London councils – Kensington and Chelsea; Hackney; Westminster; and Hammersmith and Fulham – have suffered cyber attacks, disrupting services and prompting NCSC-supported investigation

• November 26, 2025 26 Nov'25

  US breach reinforces need to plug third-party security weaknesses

  Cyber breach at US financial sector tech provider highlights the risk of third-party vulnerabilities in finance ecosystems

• November 20, 2025 20 Nov'25

  UK targets ‘bulletproof’ services that hosted ransomware gangs

  The UK’s NCA and partners have cracked down on ‘bulletproof’ services that hosted cyber criminal infrastructure

• November 18, 2025 18 Nov'25

  Ransomware resilience may be improving in the health sector

  A Sophos report on ransomware highlights resilience improvements among healthcare organisations but warns that the wider threat is still live and growing

• November 18, 2025 18 Nov'25

  Fintech leaders call for united front against AI-driven cyber crime

  As AI makes financial scams more personalised and convincing, fintech experts have called for deeper collaboration and the use of behavioural analytics and other technologies to protect consumers

• November 14, 2025 14 Nov'25

  Cl0p claims ransomware hit on NHS

  Ransomware gangsters claim to have attacked the NHS, but clarity on the nature of the incident is yet to emerge

• November 12, 2025 12 Nov'25

  US cyber intel sharing law set for temporary extension

  The CISA 2015 cyber intelligence sharing law, which lapsed just over a month ago amid a wider shutdown, will receive a temporary lease of life should attempts to reopen the federal government succeed

• November 12, 2025 12 Nov'25

  Synnovis to notify NHS of data breach after nearly 18 months

  Synnovis, the pathology lab services provider hit by a Qilin ransomware attack in 2024, is notifying its NHS partners that their patient data was compromised, following a lengthy investigation

• November 12, 2025 12 Nov'25

  IT services companies and datacentres face regulation as cyber security bill reaches Parliament

  The Cyber Security and Resilience Bill will require large IT services companies, including datacentres, to report security incidents within 24 hours

• November 11, 2025 11 Nov'25

  Google: Don’t get distracted by AI, focus on real cyber threats

  While hackers are using artificial intelligence to optimise attacks, many of the most damaging breaches still rely on old-school methods, says a top security analyst from Google

• November 09, 2025 09 Nov'25

  Nikkei data breach exposes personal data of over 17,000 staff

  Hackers used stolen login details from an employee's computer to access the Japanese media giant’s Slack messaging platform, with names, email addresses and chat histories potentially exposed

• November 05, 2025 05 Nov'25

  US indicts three cyber pros who moonlit for ransomware gang

  US prosecutors indict three men who allegedly attacked multiple victims with ALPHV/BlackCat ransomware while working as professional cyber incident responders

• November 05, 2025 05 Nov'25

  M&S profits tumble after cyber attack

  M&S profits fall by over 90% in the wake of the spring 2025 cyber attack that crippled the retailer’s systems for weeks

• November 05, 2025 05 Nov'25

  Dutch boardroom cyber security knowledge gap exposed

  Cyber security governance professor warns that executives lack the capability to assess cyber threats in implementation approaches

• November 04, 2025 04 Nov'25

  The Security Interviews: Colin Mahony, CEO, Recorded Future

  Recorded Future’s CEO talks threat intelligence, AI in cyber security and the ever-changing cyber threat landscape

• November 04, 2025 04 Nov'25

  Fewer data breaches in Australia, but human error now a bigger threat

  Australian privacy commissioner warns that the human factor is a growing threat as notifications caused by staff mistakes rose significantly even as total breaches declined 10% from a record high

• November 03, 2025 03 Nov'25

  CrowdStrike: Europe second only to North America for cyber attacks

  Europe faces rising cyber threats from criminals and nation-states, according to CrowdStrike. Ransomware attacks now take just 24 hours, with 22% of global victims being European

• October 29, 2025 29 Oct'25

  Rapid7: Cyber defences stuck in the 1980s as threats mount

  The company’s chief product officer notes that many defence tactics are still stuck in the past, urging organisations to adopt AI-driven security platforms to improve threat detection and response

• October 28, 2025 28 Oct'25

  Effective cyber sanctions require a joined-up approach, says Rusi

  Calling out and sanctioning cyber threat actors can be an effective tool, but is not a universal panacea, and needs to be considered as part of a wider, strategic approach, say Rusi think tank analysts

• October 27, 2025 27 Oct'25

  LockBit 5.0 expands targeting amid ransomware escalation

  The LockBit RaaS operation is back in action, with technical features and expanded targeting, and is contributing to a steadily growing number of ransomware attacks

• October 24, 2025 24 Oct'25

  UK ramps up ransomware fightback with supply chain security guide

  Multinational guidance, developed by the UK and Singapore, is designed to help organisations reinforce their supply chain against ransomware attacks

• October 22, 2025 22 Oct'25

  Jaguar Land Rover attack to cost UK £1.9bn, say cyber monitors

  The UK's Cyber Monitoring Centre calculates the overall cost of the Jaguar Land Rover cyber attack will be almost two billion pounds

• October 21, 2025 21 Oct'25

  New cyber resilience centre to help SMEs fend off cyber threats

  Spearheaded by the Singapore Business Federation, the cyber resilience centre will equip SMEs in the city-state with cyber security capabilities to mitigate and recover from cyber attacks

• October 16, 2025 16 Oct'25

  F5 admits nation-state actor stole BIG-IP source code

  F5 discloses that a nation-state actor has stolen source code and unpatched vulnerability data for its widely used BIG-IP products, raising supply chain security concerns across the industry

• October 15, 2025 15 Oct'25

  Obsession with cyber breach notification fuelling costly mistakes

  The race to meet security breach notification deadlines is leading to staff burnout, destroyed evidence and a culture of blame, warns a Trend Micro risk and security strategist

• October 14, 2025 14 Oct'25

  NCSC calls for action after rise in ‘nationally significant’ cyber incidents

  National Cyber Security Centre says businesses should take action now as the number of nationally significant cyber incidents doubles

• October 09, 2025 09 Oct'25

  Warlock ransomware may be linked to Chinese state

  The operators of Warlock ransomware who exploited a set of SharePoint Server vulnerabilities earlier this year likely have some kind of link to the Chinese government, researchers claim

• October 08, 2025 08 Oct'25

  Teens arrested over Kido nursery hack

  London’s Met Police arrested two teenage boys in Hertfordshire on suspicion of involvement in the recent Kido nursery hack that saw the personal data of infants stolen and leaked

• October 08, 2025 08 Oct'25

  Qilin gang claims cyber attack on Japanese brewing giant

  The Qilin ransomware gang has claimed responsibility for a cyber attack that has halted brewing at Asahi Group Holdings, causing Japanese retailers to run low on beer

• October 07, 2025 07 Oct'25

  Alert over Medusa ransomware attacks targeting Fortra MFT

  Microsoft warns it is seeing potential mass exploitation of a Fortra GoAnywhere vulnerability by a threat actor linked to the Medusa ransomware-as-a-service operation.

• October 07, 2025 07 Oct'25

  The Security Interviews: David Bradbury, CSO, Okta

  Okta’s chief security officer talks security by default and explains why he thinks time is running out for the shared responsibility model

• October 06, 2025 06 Oct'25

  Oracle patches E-Business suite targeted by Cl0p ransomware

  Oracle pushes a patch for a dangerous zero-day under active exploitation by one of the most notorious ransomware gangs around

• October 05, 2025 05 Oct'25

  Nakivo expands Proxmox backup and DR capabilities in v11.1

  Latest version of Backup & Replication adds MSP features, plus Proxmox VM backup functionality, while Nakivo responds to critical vulnerability it was tipped off about in February

• October 01, 2025 01 Oct'25

  US government shutdown stalls cyber intel sharing

  A key US law covering cyber security intelligence sharing has expired without an extension or replacement amid a total shutdown of the federal government, putting global security collaboration at risk.

• September 30, 2025 30 Sep'25

  MPs press outsourcer TCS over Jaguar cyber attack

  The government’s cross-bench Business and Trade Committee has written to Tata Consultancy Services seeking answers over possible links to cyber attacks on Jaguar Land Rover, Marks and Spencer, and Co-op

• September 30, 2025 30 Sep'25

  Harrods hackers start contacting customers

  Retailer Harrods has revealed that a number of customers whose data was stolen in a cyber attack have been contacted by the perpetrators