News

IT risk management

• October 13, 2025 13 Oct'25

  Apple and Home Office agree to drop legal claim over encryption backdoor

  Investigatory Powers Tribunal rules that Apple’s appeal against the Home Office will no longer proceed because of a ‘change in circumstances’

• October 13, 2025 13 Oct'25

  Thales: Trust in AI for critical systems needs to be engineered

  Confidence in AI capabilities that power critical systems must go beyond words and be built on a hybrid model that combines data with physics and logic to prove reliability, according to Thales’ chief scientist

• October 07, 2025 07 Oct'25

  Alert over Medusa ransomware attacks targeting Fortra MFT

  Microsoft warns it is seeing potential mass exploitation of a Fortra GoAnywhere vulnerability by a threat actor linked to the Medusa ransomware-as-a-service operation.

• October 07, 2025 07 Oct'25

  The Security Interviews: David Bradbury, CSO, Okta

  Okta’s chief security officer talks security by default and explains why he thinks time is running out for the shared responsibility model

• October 06, 2025 06 Oct'25

  Police facial recognition trials show little evidence of benefits

  In-the-wild testing of police facial recognition systems has failed to generate clear evidence of the technology’s benefits, or to assess the full range of socio-technical impacts

• October 06, 2025 06 Oct'25

  Data sovereignty demand pushes Herabit to get S3 storage

  Italian service provider gets Cubbit DS3 distributed S3 storage to provide up to 2PB of cloud services to customers demanding data sovereignty, while cutting costs by up to 50%

• October 06, 2025 06 Oct'25

  Gartner: IT leaders need to prepare for GenAI legal issues

  GenAI is being embedded into enterprise software. This has implications for governance and regulatory compliance

• October 06, 2025 06 Oct'25

  UK government to consult on police live facial recognition use

  The UK’s policing minister has confirmed the government will consult on the use of live facial recognition by law enforcement before expanding its use throughout England, but so far, the technology has been deployed with minimal public debate or ...

• October 05, 2025 05 Oct'25

  Nakivo expands Proxmox backup and DR capabilities in v11.1

  Latest version of Backup & Replication adds MSP features, plus Proxmox VM backup functionality, while Nakivo responds to critical vulnerability it was tipped off about in February

• October 01, 2025 01 Oct'25

  US government shutdown stalls cyber intel sharing

  A key US law covering cyber security intelligence sharing has expired without an extension or replacement amid a total shutdown of the federal government, putting global security collaboration at risk.

• September 30, 2025 30 Sep'25

  Apple’s first iOS 26 security update fixes memory corruption flaw

  Apple issues an update for its brand new iOS 26 mobile operating system, fixing a potentially dangerous vulnerability affecting iPhones, iPads and other Mac devices

• September 30, 2025 30 Sep'25

  Cloud provider publishes ‘tech sovereignty’ plan for UK

  In the face of mounting data sovereignty concerns across Europe, UK cloud provider Civo lays out high-level plan for how the government can retain control and access of its data should the geopolitical situation sour

• September 30, 2025 30 Sep'25

  Google unveils AI-powered security to trap ransomware attacks

  The new security capability, available at no extra cost for most Google Workspace users, detects mass file encryption during ransomware attacks, stops the attacks from spreading and allows for restoration of files

• September 29, 2025 29 Sep'25

  JLR tentatively restarts production, following £1.5bn government backing

  Jaguar Land Rover is to resume car production after a £1.5bn government loan guarantee amid its cyber attack fallout. Debate is growing over the bailout and insurance

• September 26, 2025 26 Sep'25

  Over half of India-based companies suffer security breaches

  Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year

• September 26, 2025 26 Sep'25

  Microsoft hides key data flow information in plain sight

  Microsoft’s own documentation confirms that data hosted in its hyperscale cloud architecture routinely traverses the globe, but the tech giant is actively obfuscating this vital information from its UK law enforcement customers

• September 26, 2025 26 Sep'25

  Okta CEO: AI security and identity security are one and the same

  At Oktane 2025 in Las Vegas, Okta CEO Todd McKinnon describes AI security and identity security as inseparable as he tees up a series of agentic security innovations

• September 25, 2025 25 Sep'25

  Netherlands establishes cyber resilience network to strengthen public-private digital defence

  Network will connect organisations in a cyber crime defence initiative that goes way beyond information sharing

• September 25, 2025 25 Sep'25

  Get HDD temperature right, or risk more drive failures

  We talk to Rainer Kaese of Toshiba about the right temperature to run hard disk drives at. Not getting it right risks higher failure rates than what would normally be expected

• September 24, 2025 24 Sep'25

  Oktane 2025: Okta takes aim at agentic AI governance gap

  Identity specialist Okta is laying the groundwork for a number of incoming announcements designed to help its customers get to grips with the challenge of securing non-human, agentic identities.

• September 24, 2025 24 Sep'25

  Salesforce shifts focus from AI models to agentic AI

  Rather than being preoccupied with large language models, Salesforce is now focused on building AI agents, with an eye on achieving what it calls ‘enterprise general intelligence’

• September 23, 2025 23 Sep'25

  SolarWinds warns over dangerous RCE flaw

  A newly uncovered RCE flaw in SolarWinds’ helpdesk product bypasses two previously issued fixes, and users should prioritise updates as exploitation is likely to occur

• September 23, 2025 23 Sep'25

  Jaguar Land Rover extends cyber attack-induced shutdown to October

  Jaguar Land Rover is extending its production shutdown caused by the 31 August cyber attack into next month, as government ministers drop by and supply chain workers lose wages

• September 23, 2025 23 Sep'25

  ‘Our worst day’: The untold story of the Electoral Commission cyber attack

  As head of digital at The Electoral Commission, Andrew Simpson’s mettle was tested when threat actors gained access to the regulator’s email systems and accessed sensitive voter data. Three years on, he tells his story to Computer Weekly

• September 19, 2025 19 Sep'25

  UK cyber action plan lays out path to resilience

  A report produced for the government by academics at Imperial College London and the University of Bristol sets out nine recommendations to strengthen the UK’s cyber sector

• September 19, 2025 19 Sep'25

  Pentera expands in APAC, taps AI to outsmart attackers

  The penetration testing specialist is expanding its presence in the Asia-Pacific region and deploying AI-driven capabilities as it eyes acquisitions and a potential IPO

• September 18, 2025 18 Sep'25

  Should you run VMware 7 unsupported?

  In just a few weeks, VMware version 7 reaches end of life, which means Broadcom will no longer issue patches

• September 17, 2025 17 Sep'25

  Firms urged to adopt risk-based data sovereignty strategy

  Geopolitical uncertainty is forcing organisations to rethink where their data is located, but a full retreat from the public cloud is not the answer

• September 17, 2025 17 Sep'25

  Google Cloud unveils open protocol for agentic payments

  Google’s Agent Payments Protocol is an open standard developed with more than 60 global partners to create a secure standard for AI-driven transactions

• September 16, 2025 16 Sep'25

  Exabeam: Treat AI agents as the new insider threat

  As artificial intelligence agents are given more power inside organisations, Exabeam’s chief AI officer, Steve Wilson, argues they must be monitored for rogue behaviour just like their human counterparts

• September 15, 2025 15 Sep'25

  Amnesty: AI surveillance risks ‘supercharging’ US deportations

  Amnesty International says AI-driven platforms from Palantir and Babel Street are being used by US authorities to track migrants and revoke visas, raising fears of unlawful detentions and mass deportations

• September 15, 2025 15 Sep'25

  Arqit to support NCSC’s post-quantum cryptography pilot

  Quantum specialist Arqit will provide specialised post-quantum migration planning services to organisations preparing to address the imminent risks to traditional cryptography

• September 15, 2025 15 Sep'25

  MI5 unlawfully monitored the phone of BBC journalist Vincent Kearney

  The Investigatory Powers Tribunal heard today that the security service has conceded that it unlawfully monitored the phone data of former BBC Spotlight reporter Vincent Kearney

• September 11, 2025 11 Sep'25

  Students an increasing source of cyber threat in UK schools

  Insider threats arising from student activity now appears to be the chief cause of notifiable cyber or data breach incidents in Britain’s schools

• September 11, 2025 11 Sep'25

  Chat Control: EU to decide on requirement for tech firms to scan encrypted messages

  Law enforcement and police experts meet on Friday to decide on proposals to require technology companies to scan encrypted messages for possible child abuse images amid growing opposition from security experts

• September 10, 2025 10 Sep'25

  Open source security and sustainability remain unsolved problem

  While software bills of materials offer some transparency over software components, they don’t solve the imbalance between corporate consumption of open source software and the lack of investment in its security and health

• September 09, 2025 09 Sep'25

  Splunk.conf: Splunk urges users to eat their ‘cyber veggies’

  The dawn of AI-enabled cyber attacks makes it even more important for defenders to bring their A-game, particularly when it comes to getting the basics right

• September 08, 2025 08 Sep'25

  Splunk.conf: Splunk and Cisco showcase unified platform

  With 18 months having elapsed since Cisco closed its acquisition of Splunk, joint platform capabilities and developments are being showcased at the annual Splunk.conf fair

• September 02, 2025 02 Sep'25

  JFrog extends DevSecOps playbook to AI governance

  The software security specialist is leveraging its capabilities in DevSecOps to address security, data provenance and bias in AI models

• August 29, 2025 29 Aug'25

  ICO publishes summary of police facial recognition audit

  The UK data regulator has released a summary of its facial recognition audit of two police forces

• August 28, 2025 28 Aug'25

  Microsoft refuses to divulge data flows to Police Scotland

  Tech giant Microsoft is declining to share key information with Police Scotland about where the sensitive data it uploads to Office 365 will be processed, leaving the force unable to comply with UK-wide data protection laws

• August 28, 2025 28 Aug'25

  UK cyber security centre helps expose China-based cyber campaign

  GCHQ cyber security centre and its international partners release details of malicious cyber activity linked to Chinese businesses

• August 27, 2025 27 Aug'25

  Incident response planning cuts the risk of claiming on cyber security insurance

  Proper attention to incident response planning is emerging as a core cyber control when it comes to reducing the risk of having to claim on cyber security insurance, according to a report

• August 27, 2025 27 Aug'25

  Ransomware activity levelled off in July, says NCC

  Ransomware levels held steady in the month of July, although the risk remained as persistent as ever

• August 26, 2025 26 Aug'25

  Okta makes AI identity play with Axiom acquisition

  Okta says Axiom Security’s technology will reinforce its own offerings in privileged access management, especially when it comes to the growing number of non-human identities

• August 25, 2025 25 Aug'25

  How to secure the identity perimeter and prepare for AI agents

  Ping Identity CEO Andre Durand explains why identity has become the critical security battleground, how decentralised credentials will reduce data breach risks, and why AI agents will need their own identities to be trusted

• August 21, 2025 21 Aug'25

  UK equality watchdog: Met Police facial recognition unlawful

  The UK’s equality watchdog has been granted permission to intervene in a judicial review of the Met Police’s live facial-recognition (LFR) technology use, which it claims is being deployed unlawfully

• August 20, 2025 20 Aug'25

  Microsoft starts including PQC algorithms in cyber foundations

  Microsoft updates on its post-quantum cyber strategy as it continues integrating quantum-safe algorithms into some of the core foundations underpinning its products and services

• August 20, 2025 20 Aug'25

  Commvault users told to patch two RCE exploit chains

  Storage firm Commvault fixes four vulnerabilities that, when combined, create a pair of RCE exploit chains that could be used to target on-premise customers with ransomware and other nasties

• August 19, 2025 19 Aug'25

  Google spins up agentic SOC to speed up incident management

  Google Cloud elaborates on its vision for securing artificial intelligence unveiling new protections and capabilities across its product suite