News

IT risk management

• September 26, 2025 26 Sep'25

  Over half of India-based companies suffer security breaches

  Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year

• September 26, 2025 26 Sep'25

  Microsoft hides key data flow information in plain sight

  Microsoft’s own documentation confirms that data hosted in its hyperscale cloud architecture routinely traverses the globe, but the tech giant is actively obfuscating this vital information from its UK law enforcement customers

• September 26, 2025 26 Sep'25

  Okta CEO: AI security and identity security are one and the same

  At Oktane 2025 in Las Vegas, Okta CEO Todd McKinnon describes AI security and identity security as inseparable as he tees up a series of agentic security innovations

• September 25, 2025 25 Sep'25

  Netherlands establishes cyber resilience network to strengthen public-private digital defence

  Network will connect organisations in a cyber crime defence initiative that goes way beyond information sharing

• September 25, 2025 25 Sep'25

  Get HDD temperature right, or risk more drive failures

  We talk to Rainer Kaese of Toshiba about the right temperature to run hard disk drives at. Not getting it right risks higher failure rates than what would normally be expected

• September 24, 2025 24 Sep'25

  Oktane 2025: Okta takes aim at agentic AI governance gap

  Identity specialist Okta is laying the groundwork for a number of incoming announcements designed to help its customers get to grips with the challenge of securing non-human, agentic identities.

• September 24, 2025 24 Sep'25

  Salesforce shifts focus from AI models to agentic AI

  Rather than being preoccupied with large language models, Salesforce is now focused on building AI agents, with an eye on achieving what it calls ‘enterprise general intelligence’

• September 23, 2025 23 Sep'25

  SolarWinds warns over dangerous RCE flaw

  A newly uncovered RCE flaw in SolarWinds’ helpdesk product bypasses two previously issued fixes, and users should prioritise updates as exploitation is likely to occur

• September 23, 2025 23 Sep'25

  Jaguar Land Rover extends cyber attack-induced shutdown to October

  Jaguar Land Rover is extending its production shutdown caused by the 31 August cyber attack into next month, as government ministers drop by and supply chain workers lose wages

• September 23, 2025 23 Sep'25

  ‘Our worst day’: The untold story of the Electoral Commission cyber attack

  As head of digital at The Electoral Commission, Andrew Simpson’s mettle was tested when threat actors gained access to the regulator’s email systems and accessed sensitive voter data. Three years on, he tells his story to Computer Weekly

• September 19, 2025 19 Sep'25

  UK cyber action plan lays out path to resilience

  A report produced for the government by academics at Imperial College London and the University of Bristol sets out nine recommendations to strengthen the UK’s cyber sector

• September 19, 2025 19 Sep'25

  Pentera expands in APAC, taps AI to outsmart attackers

  The penetration testing specialist is expanding its presence in the Asia-Pacific region and deploying AI-driven capabilities as it eyes acquisitions and a potential IPO

• September 18, 2025 18 Sep'25

  Should you run VMware 7 unsupported?

  In just a few weeks, VMware version 7 reaches end of life, which means Broadcom will no longer issue patches

• September 17, 2025 17 Sep'25

  Firms urged to adopt risk-based data sovereignty strategy

  Geopolitical uncertainty is forcing organisations to rethink where their data is located, but a full retreat from the public cloud is not the answer

• September 17, 2025 17 Sep'25

  Google Cloud unveils open protocol for agentic payments

  Google’s Agent Payments Protocol is an open standard developed with more than 60 global partners to create a secure standard for AI-driven transactions

• September 16, 2025 16 Sep'25

  Exabeam: Treat AI agents as the new insider threat

  As artificial intelligence agents are given more power inside organisations, Exabeam’s chief AI officer, Steve Wilson, argues they must be monitored for rogue behaviour just like their human counterparts

• September 15, 2025 15 Sep'25

  Amnesty: AI surveillance risks ‘supercharging’ US deportations

  Amnesty International says AI-driven platforms from Palantir and Babel Street are being used by US authorities to track migrants and revoke visas, raising fears of unlawful detentions and mass deportations

• September 15, 2025 15 Sep'25

  Arqit to support NCSC’s post-quantum cryptography pilot

  Quantum specialist Arqit will provide specialised post-quantum migration planning services to organisations preparing to address the imminent risks to traditional cryptography

• September 15, 2025 15 Sep'25

  MI5 unlawfully monitored the phone of BBC journalist Vincent Kearney

  The Investigatory Powers Tribunal heard today that the security service has conceded that it unlawfully monitored the phone data of former BBC Spotlight reporter Vincent Kearney

• September 11, 2025 11 Sep'25

  Students an increasing source of cyber threat in UK schools

  Insider threats arising from student activity now appears to be the chief cause of notifiable cyber or data breach incidents in Britain’s schools

• September 11, 2025 11 Sep'25

  Chat Control: EU to decide on requirement for tech firms to scan encrypted messages

  Law enforcement and police experts meet on Friday to decide on proposals to require technology companies to scan encrypted messages for possible child abuse images amid growing opposition from security experts

• September 10, 2025 10 Sep'25

  Open source security and sustainability remain unsolved problem

  While software bills of materials offer some transparency over software components, they don’t solve the imbalance between corporate consumption of open source software and the lack of investment in its security and health

• September 09, 2025 09 Sep'25

  Splunk.conf: Splunk urges users to eat their ‘cyber veggies’

  The dawn of AI-enabled cyber attacks makes it even more important for defenders to bring their A-game, particularly when it comes to getting the basics right

• September 08, 2025 08 Sep'25

  Splunk.conf: Splunk and Cisco showcase unified platform

  With 18 months having elapsed since Cisco closed its acquisition of Splunk, joint platform capabilities and developments are being showcased at the annual Splunk.conf fair

• September 02, 2025 02 Sep'25

  JFrog extends DevSecOps playbook to AI governance

  The software security specialist is leveraging its capabilities in DevSecOps to address security, data provenance and bias in AI models

• August 29, 2025 29 Aug'25

  ICO publishes summary of police facial recognition audit

  The UK data regulator has released a summary of its facial recognition audit of two police forces

• August 28, 2025 28 Aug'25

  Microsoft refuses to divulge data flows to Police Scotland

  Tech giant Microsoft is declining to share key information with Police Scotland about where the sensitive data it uploads to Office 365 will be processed, leaving the force unable to comply with UK-wide data protection laws

• August 28, 2025 28 Aug'25

  UK cyber security centre helps expose China-based cyber campaign

  GCHQ cyber security centre and its international partners release details of malicious cyber activity linked to Chinese businesses

• August 27, 2025 27 Aug'25

  Incident response planning cuts the risk of claiming on cyber security insurance

  Proper attention to incident response planning is emerging as a core cyber control when it comes to reducing the risk of having to claim on cyber security insurance, according to a report

• August 27, 2025 27 Aug'25

  Ransomware activity levelled off in July, says NCC

  Ransomware levels held steady in the month of July, although the risk remained as persistent as ever

• August 26, 2025 26 Aug'25

  Okta makes AI identity play with Axiom acquisition

  Okta says Axiom Security’s technology will reinforce its own offerings in privileged access management, especially when it comes to the growing number of non-human identities

• August 25, 2025 25 Aug'25

  How to secure the identity perimeter and prepare for AI agents

  Ping Identity CEO Andre Durand explains why identity has become the critical security battleground, how decentralised credentials will reduce data breach risks, and why AI agents will need their own identities to be trusted

• August 21, 2025 21 Aug'25

  UK equality watchdog: Met Police facial recognition unlawful

  The UK’s equality watchdog has been granted permission to intervene in a judicial review of the Met Police’s live facial-recognition (LFR) technology use, which it claims is being deployed unlawfully

• August 20, 2025 20 Aug'25

  Microsoft starts including PQC algorithms in cyber foundations

  Microsoft updates on its post-quantum cyber strategy as it continues integrating quantum-safe algorithms into some of the core foundations underpinning its products and services

• August 20, 2025 20 Aug'25

  Commvault users told to patch two RCE exploit chains

  Storage firm Commvault fixes four vulnerabilities that, when combined, create a pair of RCE exploit chains that could be used to target on-premise customers with ransomware and other nasties

• August 19, 2025 19 Aug'25

  Google spins up agentic SOC to speed up incident management

  Google Cloud elaborates on its vision for securing artificial intelligence unveiling new protections and capabilities across its product suite

• August 19, 2025 19 Aug'25

  ISACA launches AI security management certification

  ISACA accredited security professionals can now pursue a new AI security management credential

• August 19, 2025 19 Aug'25

  Singapore board directors to get cyber crisis training

  The Singapore Institute of Directors and Ensign InfoSecurity have launched a programme to equip 1,000 board leaders with the skills to navigate high-stakes decisions during a cyber crisis

• August 18, 2025 18 Aug'25

  L’Oréal to promote cyber resilience for Britain’s beauty salons

  L’Oréal UK and Ireland will work with law enforcement, cyber educators and students, and other large organisations to help thousands of small salons across the UK improve their cyber resilience practice

• August 15, 2025 15 Aug'25

  UK cyber leaders feel impact of Trump cutbacks

  The ripple effects of US cyber security cutbacks have reached this side of the Atlantic, according to a report

• August 15, 2025 15 Aug'25

  US trade body calls on Washington to cut cyber red tape

  The US Information Technology Industry Council has called on the White House’s Office of the National Cyber Director to cut burdensome regulations in areas such as AI and incident reporting, and to do more to build a unified security regime

• August 12, 2025 12 Aug'25

  Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list

  Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update

• August 12, 2025 12 Aug'25

  Researchers firm up ShinyHunters, Scattered Spider link

  ReliaQuest researchers present new evidence that firms up a potential link, or outright partnership, between the ShinyHunters and Scattered Spider cyber gangs

• August 12, 2025 12 Aug'25

  UK work visa sponsors are target of phishing campaign

  Mimecast identifies a phishing campaign targeting UK organisations that sponsor migrant workers and students, opening the door to account compromise and visa fraud

• August 12, 2025 12 Aug'25

  Workday research: 75% of employees will work with artificial intelligence, but not for it

  Workday research finds 75% of workers like AI as a teammate, but only 30% want it to be the boss. Trust in the technology may grow with use, but human focus, clear roles and governance are key

• August 12, 2025 12 Aug'25

  Norway fixing Big Bang e-health botch with fintech security

  Experts call for Europe’s health sector to protect medical APIs with security originated from UK open banking as officials take urgent measures against unprecedented attacks

• August 11, 2025 11 Aug'25

  McCullough Review into PSNI spying on journalists and lawyers delayed

  Angus McCullough KC is to present findings of an independent review of police spying on phone data of lawyers, journalists and NGOs in Northern Ireland in October  

• August 11, 2025 11 Aug'25

  Watching the watchers: Is the Technical Advisory Panel a match for MI5, MI6 and GCHQ?

  Dame Muffy Calder is chair of the Technical Advisory Panel (TAP), a small group of experts that advises the Investigatory Powers Commissioner on surveillance technology. Do they have what it takes to oversee the intelligence community?

• August 06, 2025 06 Aug'25

  NCSC updates CNI Cyber Assessment Framework

  Updates to the NCSC’s Cyber Assessment Framework are designed to help providers of critical services better manage their risk profiles

• August 06, 2025 06 Aug'25

  Australian scaleup to bring AI-led data protection to the MoD

  The UK’s Ministry of Defence is embracing AI-led data protection in the wake of a major privacy breach, enlisting Australian cyber firm Castlepoint Systems to oversee sensitive records