News

IT governance

• July 22, 2025 22 Jul'25

  Microsoft confirms China link to SharePoint hacks

  Microsoft confirms two known China-nexus threat actors, and one other suspected state-backed hacking group, are exploiting vulnerabilities in SharePoint Server

• July 22, 2025 22 Jul'25

  Chinese cyber spies among those linked to SharePoint attacks

  Exploitation of the ToolShell RCE zero-day in Microsoft SharePoint continues to gather pace, with evidence emerging of exploitation by nation state-backed threat actors

• July 22, 2025 22 Jul'25

  UK government to bring in ransomware payment ban

  Critical infrastructure operators, hospitals, local councils and schools will be among those banned from giving in to cyber criminal demands as the UK moves forward with proposals to address the scourge of ransomware

• July 22, 2025 22 Jul'25

  Interview: How OpenAI is making ChatGPT public and private sector-ready

  We speak to OpenAI’s solution engineering lead, Matt Weaver, about enterprise adoption and making ChatGPT secure

• July 22, 2025 22 Jul'25

  The Bank of England’s quiet ‘Big Bang’

  The Bank of England has completed its generational project to replace part of the UK’s critical infrastructure, which went unnoticed beyond the sector it underpins

• July 21, 2025 21 Jul'25

  Darktrace buys network visibility specialist Mira

  AI cyber giant Darktrace buys network security firm Mira for an undisclosed sum, seeking to enhance the tech stack it offers to highly regulated sectors

• July 21, 2025 21 Jul'25

  Patch ToolShell SharePoint zero-day immediately, says Microsoft

  The active exploitation of a dangerous zero-day vulnerability chain in Microsoft SharePoint – which was disclosed over the weekend – is underway. Immediate action is advised

• July 21, 2025 21 Jul'25

  The Security Interviews: Jason Nurse, University of Kent

  Jason Nurse, reader in cyber security at the University of Kent, discusses the psychological side of cyber and online safety, why placing blame on users as ‘the weakest link’ is wrong – and why security pros should think about user needs more

• July 18, 2025 18 Jul'25

  NCSC exposes Fancy Bear's Authentic Antics malware attacks

  Amid a new round of UK government sanctions targeting Moscow's intelligence apparatus, the NCSC has formally attributed attacks orchestrated with a cleverly-designed malware to the GRU's Fancy Bear cyber unit

• July 18, 2025 18 Jul'25

  DWP accused of shielding AI deployments from public scrutiny

  Amnesty International and Big Brother Watch say Department for Work and Pensions’ ‘unchecked’ and opaque use of AI in the UK benefits system treats claimants as suspicious and is shielded from public scrutiny

• July 17, 2025 17 Jul'25

  European cyber cops target NoName057(16) DDoS network

  A Europol operation has succeeded in disrupting a pro-Russian hacktivist network accused of conducting DDoS cyber attacks on targets in Ukraine and Europe

• July 17, 2025 17 Jul'25

  Terrorist potential of generative AI ‘purely theoretical’

  UK terror legislation advisor takes stock of the potential for generative artificial intelligence systems to be adopted by terrorists, particularly for propaganda and attack planning purposes, but acknowledges the impact may be limited

• July 16, 2025 16 Jul'25

  Co-op chief ‘incredibly sorry’ for theft of 6.5m members’ data

  Co-op chief executive Shirine Khoury-Haq has revealed that all the personal data of all 6.5 million of its members was compromised in the April 2025 cyber attack on its systems

• July 16, 2025 16 Jul'25

  Scattered Spider playbook evolving fast, says Microsoft

  Microsoft warns users over notable evolutions in Scattered Spider’s attack playbook, and beefs up some of the defensive capabilities it offers to customers in response

• July 16, 2025 16 Jul'25

  Forrester urges IT leaders to dump technical debt

  IT needs to invest in innovative technologies and outsource legacy IT management to tackle volatile global markets, says Forrester

• July 15, 2025 15 Jul'25

  UKtech50 2025: The most influential people in UK technology

  Computer Weekly has announced the 15th annual UKtech50 – our definitive list of the movers and shakers in the UK tech sector

• July 15, 2025 15 Jul'25

  Current approaches to patching unsustainable, report says

  Organisations are struggling to prioritise vulnerability patching appropriately, leading to situations where everything is a crisis, which helps nobody, according to a report

• July 15, 2025 15 Jul'25

  MoD cyber breach put thousands of Afghan lives at risk

  More than 18,000 Afghan citizens eligible to relocate to the UK under a government programme to protect them from the Taliban were put at risk in a heretofore unreportable data breach

• July 15, 2025 15 Jul'25

  NCSC sets up Vulnerability Research Initiative

  The NCSC is expanding its vulnerability research project to draw in external expertise

• July 15, 2025 15 Jul'25

  Ada Lovelace: using market forces to professionalise AI assurance

  The Ada Lovelace Institute examines how ‘market forces’ can be used to drive the professionalisation of artificial intelligence assurance in the context of a wider political shift towards deregulation

• July 14, 2025 14 Jul'25

  Brits clinging to Windows 10 face heightened risk, says NCSC

  Businesses and consumers alike may not feel the need to upgrade to Windows 11 as its predecessor approaches end-of-life, but they are putting their own security at risk, says the NCSC

• July 14, 2025 14 Jul'25

  Luxury retailer LVMH says UK customer data was stolen in cyber attack

  French luxury goods retailer LVMH has disclosed multiple cyber attacks in 2025 so far, and their impact is now spreading to the UK as a new incident affecting Louis Vuitton comes to light

• July 14, 2025 14 Jul'25

  AI adoption grows amid falling trust in AI outputs

  As organisations move from AI hype to reality, a decline in trust for AI outputs is not a sign of failure, but a signal of market maturity, according to Bhavya Kapoor, Avanade's Asia-Pacific president

• July 11, 2025 11 Jul'25

  MoD supply chain cyber scheme gets up and running

  The Ministry of Defence and IASME have launched a certification scheme for organisations working in the UK defence supply chain, with construction firm Morgan Sindall the first business to achieve compliance

• July 11, 2025 11 Jul'25

  UK to create ‘governance framework’ for police facial recognition

  Home secretary Yvette Cooper has confirmed UK will regulate police facial recognition, citing police reticence to deploy systems without proper governance, but declined to say if any new framework will be statutory

• July 11, 2025 11 Jul'25

  UK online safety regime ineffective on misinformation, MPs say

  A report from the Commons Science, Innovation and Technology Committee outlines how the Online Safety Act fails to deal with the algorithmic amplification of ‘legal but harmful’ misinformation

• July 11, 2025 11 Jul'25

  European Commission accused of rigging data watchdog appointment

  The European Commission has been accused of rigging the selection process for the next European Data Protection supervisor

• July 10, 2025 10 Jul'25

  Government funding to help SMEs protect their IP

  Scheme will see SMEs and innovative startups working in sensitive sectors receive advice on enhancing cyber and physical security measures to protect their valuable intellectual property

• July 10, 2025 10 Jul'25

  Four arrested in M&S cyber attack investigation

  Police have made four arrests in connection with a trio of cyber attacks on UK retailers Marks & Spencer, Co-op and Harrods

• July 08, 2025 08 Jul'25

  July Patch Tuesday brings over 130 new flaws to address

  Microsoft patched well over 100 new common vulnerabilities and exposures on the second Tuesday of the month, but its latest update is mercifully light on zero-days

• July 08, 2025 08 Jul'25

  M&S calls for mandatory ransomware reporting

  The government should extend ransomware reporting mandates to businesses to help gather more intelligence and better support victims, says M&S chairman Archie Norman

• July 08, 2025 08 Jul'25

  AI for Good: Signal president warns of agentic AI security flaw

  Secure by design is a mantra of the tech sector, but not if it’s agentic AI, which wants ‘root’ access to everything

• July 08, 2025 08 Jul'25

  SEC and SolarWinds to settle lawsuit over 2020 breach

  The US SEC and SolarWinds have reached a settlement in principle to resolve litigation over alleged security failings that led to the 2020 compromise of the supplier’s Orion platform by Russian cyber spies

• July 08, 2025 08 Jul'25

  NHS trust accused of ‘at best cavalier, at worst deceitful’ behaviour after deleting emails

  A London hospital trust faces allegations it withheld key evidence from a tribunal hearing after one of its directors attempted to destroy more than 90,000 emails

• July 03, 2025 03 Jul'25

  Fine-tuning to deliver business AI value

  Foundation AI models offer knowledge that spans the internet, but they generally lack an understanding of proprietary business data and processes

• July 02, 2025 02 Jul'25

  US CISA agency extends Iran cyber alert, warns of CNI threat

  The US Cybersecurity and Infrastructure Security Agency reiterates guidance for operators of critical national infrastructure as it eyes the possibility of cyber attacks from Iran

• July 02, 2025 02 Jul'25

  Scattered Spider link to Qantas hack is likely, say experts

  A developing cyber attack at Australian airline Qantas that started at a third-party call centre is already being tentatively attributed to Scattered Spider. Find out more and learn about the next steps for those affected

• July 02, 2025 02 Jul'25

  Dutch study uncovers cognitive biases undermining cyber security board decisions

  Dutch research reveals how cognitive biases can lead to catastrophic security decisions

• July 02, 2025 02 Jul'25

  Enterprise AI adoption moving beyond experimentation

  Moe Abdula, vice-president of customer engineering at Google Cloud, discusses the shift from AI experimentation to production, and the role of infrastructure and agentic platforms

• July 01, 2025 01 Jul'25

  Cloudflare to let customers block AI web crawlers

  Publishers and other providers of creative content now have the option to block AI crawlers from accessing and scraping their intellectual property with new tools from Cloudflare.

• June 30, 2025 30 Jun'25

  Gartner: Build trust in data before betting the business on AI

  At its Data & Analytics Summit in Sydney, Gartner analysts advised businesses to prioritise data trust over artificial intelligence hype and outlined the coming era of autonomous business processes guided by AI agents

• June 27, 2025 27 Jun'25

  Citrix Bleed 2 under active attack, reports suggest

  Days after news emerged of a Citrix NetScaler flaw comparable in its scope and severity to 2023’s infamous Citrix Bleed, there are already clear indicators that threat actors are taking advantage of the critical vulnerability

• June 27, 2025 27 Jun'25

  Scattered Spider cyber gang turns fire on aviation sector

  Multiple reports are emerging of cyber attacks on airlines – Google Cloud’s Mandiant believes them to be linked

• June 27, 2025 27 Jun'25

  Over 2 million affected by US supermarket breach

  Belgian-Dutch supermarket operator Ahold Delhaize reveals that more than two million people, including employees, had their data compromised following a November 2024 ransomware attack

• June 27, 2025 27 Jun'25

  MPs propose ban on predictive policing

  MPs are attempting to amend the UK government’s forthcoming Crime and Policing Bill so that it prohibits the use of controversial predictive policing systems

• June 27, 2025 27 Jun'25

  Silicon Valley execs sworn in to US Army reserves specialist unit

  Four technology executives are brought into the military to make the armed forces ‘more lethal’, reflecting softening attitudes throughout the sector towards ‘the business of inflicting violence’

• June 26, 2025 26 Jun'25

  British hacker IntelBroker faces years in a US prison cell

  US authorities have unsealed charges against 25-year-old hacker Kai West, aka IntelBroker, accusing him of being behind multiple cyber attacks

• June 26, 2025 26 Jun'25

  Glasgow Council services remain offline a week after cyber attack

  Disruption continues a week after core services at Glasgow City Council were forced offline following a cyber attack on a third-party IT services provider

• June 25, 2025 25 Jun'25

  Latest Citrix vulnerability could be every bit as bad as Citrix Bleed

  A Citrix NetScaler flaw that was quietly patched earlier in June is gathering widespread attention after experts noted strong similarities to the Citrix Bleed vulnerability that caused chaos in late 2023

• June 24, 2025 24 Jun'25

  UK ransomware costs significantly outpace other countries

  UK organisations hit by ransomware attacks paid much higher ransoms than in other countries over the past 12 months, according to study