News

Hackers and cybercrime prevention

• August 21, 2025 21 Aug'25

  Moscow exploiting seven-year-old Cisco flaw, says FBI

  US authorities warn of an uptick in state-sponsored exploitation of a seven-year-old vulnerability in Cisco's operating system software.

• August 21, 2025 21 Aug'25

  Apple iOS update fixes new iPhone zero-day flaw

  Latest Apple zero-day found in the ImageIO framework opens the door for targeted zero-click attacks on iPhone users.

• August 20, 2025 20 Aug'25

  Warlock claims more victims as cyber attacks hit Colt and Orange

  Ransomware gang Warlock is adding more victims to its data leak site as the impact of a spreading wave of cyber attacks continues to be felt

• August 19, 2025 19 Aug'25

  Deepfake AI scammers target the Big Yin

  Cyber criminal scammers exploiting GenAI to create deepfake AI tools are targeting one of the UK’s most beloved comics, and one of its strongest accents

• August 19, 2025 19 Aug'25

  US says UK has agreed to drop encryption ‘back door’ demands against Apple

  US and UK end diplomatic row over UK encryption ‘back door’ order against Apple, but it remains unclear whether Apple will restore advanced encryption services to UK users

• August 18, 2025 18 Aug'25

  Workday hit in wave of social engineering attacks

  A campaign of voice-based social engineering attacks targeting users of Salesforce’s services appears to have struck HR platform Workday

• August 18, 2025 18 Aug'25

  Extremist hacker who defaced websites and stole data imprisoned

  Hacker Al-Tahery Al-Mashriky pled guilty to attacking multiple websites based on extremist political and religious ideology

• August 18, 2025 18 Aug'25

  L’Oréal to promote cyber resilience for Britain’s beauty salons

  L’Oréal UK and Ireland will work with law enforcement, cyber educators and students, and other large organisations to help thousands of small salons across the UK improve their cyber resilience practice

• August 15, 2025 15 Aug'25

  Warlock claims ransomware attack on network services firm Colt

  UK network services firm Colt is attempting to recover various customer-facing systems following a cyber attack that has been claimed by the Warlock ransomware gang and may have arisen via a SharePoint flaw

• August 13, 2025 13 Aug'25

  BlackSuit ransomware payment recovered in takedown operation

  US authorities reveal how over a million dollars’ worth of cryptocurrency assets laundered by the BlackSuit ransomware gang were seized ahead of a July takedown operation

• August 12, 2025 12 Aug'25

  Researchers firm up ShinyHunters, Scattered Spider link

  ReliaQuest researchers present new evidence that firms up a potential link, or outright partnership, between the ShinyHunters and Scattered Spider cyber gangs

• August 12, 2025 12 Aug'25

  UK work visa sponsors are target of phishing campaign

  Mimecast identifies a phishing campaign targeting UK organisations that sponsor migrant workers and students, opening the door to account compromise and visa fraud

• August 12, 2025 12 Aug'25

  Norway fixing Big Bang e-health botch with fintech security

  Experts call for Europe’s health sector to protect medical APIs with security originated from UK open banking as officials take urgent measures against unprecedented attacks

• August 11, 2025 11 Aug'25

  McCullough Review into PSNI spying on journalists and lawyers delayed

  Angus McCullough KC is to present findings of an independent review of police spying on phone data of lawyers, journalists and NGOs in Northern Ireland in October  

• August 06, 2025 06 Aug'25

  Black Hat USA: Startup breaks secrets management tools

  Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms

• August 06, 2025 06 Aug'25

  Cyber criminals would prefer businesses don’t use Okta

  Okta details a phishing campaign in which the threat actor demonstrated some unusually strong opinions on what authentication methods they would like their targets to use

• August 05, 2025 05 Aug'25

  Attacker could defeat Dell firmware flaws with a vegetable

  Cisco Talos discloses five vulnerabilities in cyber security firmware used on Dell Latitude and Precision devices, including one that could enable an attacker to log on with a spring onion

• August 04, 2025 04 Aug'25

  Black Hat USA: Halcyon and Sophos tag-team ransomware fightback

  Ransomware experts Halcyon and Sophos are to pool their expertise in ransomware, working together to enhance data- and intelligence-sharing and bringing more comprehensive protection to customers

• August 04, 2025 04 Aug'25

  Agentic AI a target-rich zone for cyber attackers in 2025

  At Black Hat USA 2025, CrowdStrike warns that cyber criminals and nation-states are weaponising GenAI to scale attacks and target AI agents, turning autonomous systems against their makers

• July 31, 2025 31 Jul'25

  Palo Alto Networks to acquire CyberArk for $25bn

  The deal marks Palo Alto Networks’ entry into the identity and access management space amid the growing need to secure human, machine and emerging AI agent identities

• July 30, 2025 30 Jul'25

  Scattered Spider tactics continue to evolve, warn cyber cops

  CISA, the FBI, NCSC and others have clubbed together to update previous guidance on Scattered Spider's playbook, warning of new social engineering tactics and exploitation of legitimate tools, among other things

• July 30, 2025 30 Jul'25

  Industry experts warn crypto infrastructure is ‘creaking’

  A report from experts at HSBC, Thales and InfoSec Global claims decades-old cryptographic systems are failing, putting businesses at risk from current vulnerabilities and the threat from quantum computing

• July 29, 2025 29 Jul'25

  Austrian government faces likely legal challenge over state spyware

  Civil society groups are talking to opposition MPs about bringing a legal challenge to the Austrian constitutional court over ‘state trojan’ law

• July 28, 2025 28 Jul'25

  Data resilience critical as ransomware attacks target backups

  With more threat actors targeting backup repositories to ensure a payday, Veeam urges organisations to treat data resilience as a competitive advantage, not just an insurance policy

• July 24, 2025 24 Jul'25

  US seeks ‘unquestioned’ AI dominance

  US AI action plan sets out aims to expand American dominance in the world of artificial intelligence

• July 24, 2025 24 Jul'25

  SharePoint users hit by Warlock ransomware, says Microsoft

  Microsoft’s security analysts confirm a number of cyber attacks on on-premise SharePoint Server users involve ransomware

• July 24, 2025 24 Jul'25

  Scattered Spider victim Clorox sues helpdesk provider

  Cleaning products manufacturer Clorox fell victim to a Scattered Spider social engineering attack two years ago – it blames its IT helpdesk provider, Cognizant

• July 24, 2025 24 Jul'25

  Dutch researchers use heartbeat detection to unmask deepfakes

  Dutch method to counter deepfakes analyses blood flow patterns in faces that current deepfake generation tools cannot yet replicate

• July 24, 2025 24 Jul'25

  Monzo’s £21m fine highlights banks’ cyber security failures

  Monzo’s recent fine over failings in its customer verification processes highlights wider security and privacy shortcomings in the personal finance world

• July 23, 2025 23 Jul'25

  WhatsApp is refused right to intervene in Apple legal action on encryption ‘backdoors’

  Investigatory Powers Tribunal to hear arguments in public over lawfulness of secret UK order requiring Apple to give UK law enforcement access to users’ encrypted data stored on the Apple iCloud

• July 22, 2025 22 Jul'25

  Microsoft confirms China link to SharePoint hacks

  Microsoft confirms two known China-nexus threat actors, and one other suspected state-backed hacking group, are exploiting vulnerabilities in SharePoint Server

• July 22, 2025 22 Jul'25

  Chinese cyber spies among those linked to SharePoint attacks

  Exploitation of the ToolShell RCE zero-day in Microsoft SharePoint continues to gather pace, with evidence emerging of exploitation by nation state-backed threat actors

• July 22, 2025 22 Jul'25

  UK government to bring in ransomware payment ban

  Critical infrastructure operators, hospitals, local councils and schools will be among those banned from giving in to cyber criminal demands as the UK moves forward with proposals to address the scourge of ransomware

• July 21, 2025 21 Jul'25

  UK may be seeking to pull back from Apple encryption row with US

  UK government officials say that attempts by the Home Office to require Apple to introduce ‘backdoors’ to its secure encrypted storage service will cross US red lines

• July 21, 2025 21 Jul'25

  Patch ToolShell SharePoint zero-day immediately, says Microsoft

  The active exploitation of a dangerous zero-day vulnerability chain in Microsoft SharePoint – which was disclosed over the weekend – is underway. Immediate action is advised

• July 21, 2025 21 Jul'25

  The Security Interviews: Jason Nurse, University of Kent

  Jason Nurse, reader in cyber security at the University of Kent, discusses the psychological side of cyber and online safety, why placing blame on users as ‘the weakest link’ is wrong – and why security pros should think about user needs more

• July 21, 2025 21 Jul'25

  Singapore under ongoing cyber attack from APT group

  Nation-state actor UNC3886 is actively targeting Singapore’s critical national infrastructure in a sophisticated espionage and disruption campaign, with the country mounting a whole-of-government response

• July 18, 2025 18 Jul'25

  NCSC exposes Fancy Bear's Authentic Antics malware attacks

  Amid a new round of UK government sanctions targeting Moscow's intelligence apparatus, the NCSC has formally attributed attacks orchestrated with a cleverly-designed malware to the GRU's Fancy Bear cyber unit

• July 17, 2025 17 Jul'25

  European cyber cops target NoName057(16) DDoS network

  A Europol operation has succeeded in disrupting a pro-Russian hacktivist network accused of conducting DDoS cyber attacks on targets in Ukraine and Europe

• July 16, 2025 16 Jul'25

  Hackbots biggest cloud security risk, slashing attack times to minutes

  With cyber criminals using automated tools to steal data in minutes, organisations must focus on runtime protection and automated responses to combat the rising threat from AI and misconfigured cloud assets

• July 16, 2025 16 Jul'25

  Co-op chief ‘incredibly sorry’ for theft of 6.5m members’ data

  Co-op chief executive Shirine Khoury-Haq has revealed that all the personal data of all 6.5 million of its members was compromised in the April 2025 cyber attack on its systems

• July 16, 2025 16 Jul'25

  Scattered Spider playbook evolving fast, says Microsoft

  Microsoft warns users over notable evolutions in Scattered Spider’s attack playbook, and beefs up some of the defensive capabilities it offers to customers in response

• July 16, 2025 16 Jul'25

  Securonix tackles security data deluge with AI-driven platform

  As security data volumes grow and security budgets tighten, Securonix is betting on its AI-driven platform to help businesses manage threats cost-effectively, says its CEO

• July 15, 2025 15 Jul'25

  UKtech50 2025: The most influential people in UK technology

  Computer Weekly has announced the 15th annual UKtech50 – our definitive list of the movers and shakers in the UK tech sector

• July 15, 2025 15 Jul'25

  Datadog doubles down on APAC, targets faster growth

  The observability tools supplier is executing a multi-year growth plan for Asia-Pacific and Japan, focusing on data residency, localisation and AI-driven observability to grow its market share

• July 14, 2025 14 Jul'25

  Luxury retailer LVMH says UK customer data was stolen in cyber attack

  French luxury goods retailer LVMH has disclosed multiple cyber attacks in 2025 so far, and their impact is now spreading to the UK as a new incident affecting Louis Vuitton comes to light

• July 14, 2025 14 Jul'25

  AI adoption grows amid falling trust in AI outputs

  As organisations move from AI hype to reality, a decline in trust for AI outputs is not a sign of failure, but a signal of market maturity, according to Bhavya Kapoor, Avanade's Asia-Pacific president

• July 11, 2025 11 Jul'25

  AWS bolsters security tools to help customers manage AI risks

  Amazon Web Services has unveiled new and updated security services, including container-level threat detection and a unified command centre, to help organisations build and secure artificial intelligence applications

• July 10, 2025 10 Jul'25

  Government funding to help SMEs protect their IP

  Scheme will see SMEs and innovative startups working in sensitive sectors receive advice on enhancing cyber and physical security measures to protect their valuable intellectual property

• July 10, 2025 10 Jul'25

  UK and France forge closer cyber, tech research ties

  The navigation and timing systems used by power suppliers and emergency services to run their operations will fall in scope of an Anglo-French research pact that will also foster development in AI and supercomputing