News

IT security

• August 29, 2025 29 Aug'25

  ICO publishes summary of police facial recognition audit

  The UK data regulator has released a summary of its facial recognition audit of two police forces

• August 29, 2025 29 Aug'25

  Home Office ‘backdoor’ seeks worldwide access to Apple iCloud users’ data, court documents confirm

  A court filing states that a government order against Apple would give it the capability to access communications and metadata of customers using the iCloud service anywhere in the world

• August 28, 2025 28 Aug'25

  Microsoft refuses to divulge data flows to Police Scotland

  Tech giant Microsoft is declining to share key information with Police Scotland about where the sensitive data it uploads to Office 365 will be processed, leaving the force unable to comply with UK-wide data protection laws

• August 28, 2025 28 Aug'25

  UK cyber security centre helps expose China-based cyber campaign

  GCHQ cyber security centre and its international partners release details of malicious cyber activity linked to Chinese businesses

• August 27, 2025 27 Aug'25

  Incident response planning cuts the risk of claiming on cyber security insurance

  Proper attention to incident response planning is emerging as a core cyber control when it comes to reducing the risk of having to claim on cyber security insurance, according to a report

• August 27, 2025 27 Aug'25

  Ransomware activity levelled off in July, says NCC

  Ransomware levels held steady in the month of July, although the risk remained as persistent as ever

• August 26, 2025 26 Aug'25

  Three new Citrix NetScaler zero-days under active exploitation

  Citrix patches three new vulnerabilities in its NetScaler lines warning of active zero-day exploitation by an undisclosed threat actor

• August 26, 2025 26 Aug'25

  Okta makes AI identity play with Axiom acquisition

  Okta says Axiom Security’s technology will reinforce its own offerings in privileged access management, especially when it comes to the growing number of non-human identities

• August 25, 2025 25 Aug'25

  How to secure the identity perimeter and prepare for AI agents

  Ping Identity CEO Andre Durand explains why identity has become the critical security battleground, how decentralised credentials will reduce data breach risks, and why AI agents will need their own identities to be trusted

• August 25, 2025 25 Aug'25

  Ransomware attack volumes up nearly three times on 2024

  During the first six months of 2025, the number of observed and tracked ransomware attacks far outpaced the volume seen in 2024

• August 21, 2025 21 Aug'25

  Moscow exploiting seven-year-old Cisco flaw, says FBI

  US authorities warn of an uptick in state-sponsored exploitation of a seven-year-old vulnerability in Cisco's operating system software

• August 21, 2025 21 Aug'25

  Scale of MoD Afghan data breaches widens dramatically

  Many more data breaches at the MoD's Arap programme to relocate at-risk Afghan citizens to Britain have emerged following an FoI request by BBC journalists

• August 21, 2025 21 Aug'25

  Apple iOS update fixes new iPhone zero-day flaw

  Latest Apple zero-day found in the ImageIO framework opens the door for targeted zero-click attacks on iPhone users

• August 21, 2025 21 Aug'25

  UK equality watchdog: Met Police facial recognition unlawful

  The UK’s equality watchdog has been granted permission to intervene in a judicial review of the Met Police’s live facial-recognition (LFR) technology use, which it claims is being deployed unlawfully

• August 20, 2025 20 Aug'25

  Microsoft starts including PQC algorithms in cyber foundations

  Microsoft updates on its post-quantum cyber strategy as it continues integrating quantum-safe algorithms into some of the core foundations underpinning its products and services

• August 20, 2025 20 Aug'25

  Commvault users told to patch two RCE exploit chains

  Storage firm Commvault fixes four vulnerabilities that, when combined, create a pair of RCE exploit chains that could be used to target on-premise customers with ransomware and other nasties

• August 20, 2025 20 Aug'25

  Warlock claims more victims as cyber attacks hit Colt and Orange

  Ransomware gang Warlock is adding more victims to its data leak site as the impact of a spreading wave of cyber attacks continues to be felt

• August 19, 2025 19 Aug'25

  Google spins up agentic SOC to speed up incident management

  Google Cloud elaborates on its vision for securing artificial intelligence unveiling new protections and capabilities across its product suite

• August 19, 2025 19 Aug'25

  Deepfake AI scammers target the Big Yin

  Cyber criminal scammers exploiting GenAI to create deepfake AI tools are targeting one of the UK’s most beloved comics, and one of its strongest accents

• August 19, 2025 19 Aug'25

  ISACA launches AI security management certification

  ISACA accredited security professionals can now pursue a new AI security management credential

• August 19, 2025 19 Aug'25

  US says UK has agreed to drop encryption ‘backdoor’ demands against Apple

  US and UK end diplomatic row over UK encryption ‘backdoor’ order against Apple, but it remains unclear whether Apple will restore advanced encryption services to UK users

• August 19, 2025 19 Aug'25

  Singapore board directors to get cyber crisis training

  The Singapore Institute of Directors and Ensign InfoSecurity have launched a programme to equip 1,000 board leaders with the skills to navigate high-stakes decisions during a cyber crisis

• August 18, 2025 18 Aug'25

  Workday hit in wave of social engineering attacks

  A campaign of voice-based social engineering attacks targeting users of Salesforce’s services appears to have struck HR platform Workday

• August 18, 2025 18 Aug'25

  Extremist hacker who defaced websites and stole data imprisoned

  Hacker Al-Tahery Al-Mashriky pled guilty to attacking multiple websites based on extremist political and religious ideology

• August 18, 2025 18 Aug'25

  L’Oréal to promote cyber resilience for Britain’s beauty salons

  L’Oréal UK and Ireland will work with law enforcement, cyber educators and students, and other large organisations to help thousands of small salons across the UK improve their cyber resilience practice

• August 18, 2025 18 Aug'25

  Okta: AI adoption fuels problems for identity management

  Okta research indicates the emergence and growth of novel security problems, connected with the spread of AI agents and non-human identities

• August 15, 2025 15 Aug'25

  Warlock claims ransomware attack on network services firm Colt

  UK network services firm Colt is attempting to recover various customer-facing systems following a cyber attack that has been claimed by the Warlock ransomware gang and may have arisen via a SharePoint flaw

• August 15, 2025 15 Aug'25

  UK cyber leaders feel impact of Trump cutbacks

  The ripple effects of US cyber security cutbacks have reached this side of the Atlantic, according to a report

• August 15, 2025 15 Aug'25

  US trade body calls on Washington to cut cyber red tape

  The US Information Technology Industry Council has called on the White House’s Office of the National Cyber Director to cut burdensome regulations in areas such as AI and incident reporting, and to do more to build a unified security regime

• August 15, 2025 15 Aug'25

  Whitehall IT projects face complex challenges, Nista report finds

  The annual report from the National Infrastructure and Service Transformation Authority gives major police IT project ‘red’ rating, while several others are rated ‘amber’, including Gov.uk One Login and Making Tax Digital

• August 14, 2025 14 Aug'25

  Professional services firms stuck in network security IT doom loop

  Survey reveals a widening disconnect in the professional services sector where, despite near-universal adoption of SaaS and cloud strategies, core network and security services are failing to keep up through the likes of SASE

• August 13, 2025 13 Aug'25

  BlackSuit ransomware payment recovered in takedown operation

  US authorities reveal how over a million dollars’ worth of cryptocurrency assets laundered by the BlackSuit ransomware gang were seized ahead of a July takedown operation

• August 12, 2025 12 Aug'25

  Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list

  Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update

• August 12, 2025 12 Aug'25

  Researchers firm up ShinyHunters, Scattered Spider link

  ReliaQuest researchers present new evidence that firms up a potential link, or outright partnership, between the ShinyHunters and Scattered Spider cyber gangs

• August 12, 2025 12 Aug'25

  UK work visa sponsors are target of phishing campaign

  Mimecast identifies a phishing campaign targeting UK organisations that sponsor migrant workers and students, opening the door to account compromise and visa fraud

• August 12, 2025 12 Aug'25

  Workday research: 75% of employees will work with artificial intelligence, but not for it

  Workday research finds 75% of workers like AI as a teammate, but only 30% want it to be the boss. Trust in the technology may grow with use, but human focus, clear roles and governance are key

• August 12, 2025 12 Aug'25

  Norway fixing Big Bang e-health botch with fintech security

  Experts call for Europe’s health sector to protect medical APIs with security originated from UK open banking as officials take urgent measures against unprecedented attacks

• August 11, 2025 11 Aug'25

  McCullough Review into PSNI spying on journalists and lawyers delayed

  Angus McCullough KC is to present findings of an independent review of police spying on phone data of lawyers, journalists and NGOs in Northern Ireland in October  

• August 11, 2025 11 Aug'25

  Watching the watchers: Is the Technical Advisory Panel a match for MI5, MI6 and GCHQ?

  Dame Muffy Calder is chair of the Technical Advisory Panel (TAP), a small group of experts that advises the Investigatory Powers Commissioner on surveillance technology. Do they have what it takes to oversee the intelligence community?

• August 08, 2025 08 Aug'25

  OpenAI closes gap to artificial general intelligence with GPT-5

  As OpenAI’s latest large language model delivers smarter AI, experts are wary of the risks GPT-5 poses to human creativity

• August 06, 2025 06 Aug'25

  Black Hat USA: Startup breaks secrets management tools

  Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms

• August 06, 2025 06 Aug'25

  Cyber criminals would prefer businesses don’t use Okta

  Okta details a phishing campaign in which the threat actor demonstrated some unusually strong opinions on what authentication methods they would like their targets to use

• August 06, 2025 06 Aug'25

  Companies House ID verification to start in November 2025

  Companies House plans to start vetting director identities from mid-November, but its reliance on the troubled One Login digital identity service may be cause for concern

• August 06, 2025 06 Aug'25

  NCSC updates CNI Cyber Assessment Framework

  Updates to the NCSC’s Cyber Assessment Framework are designed to help providers of critical services better manage their risk profiles

• August 06, 2025 06 Aug'25

  Australian scaleup to bring AI-led data protection to the MoD

  The UK’s Ministry of Defence is embracing AI-led data protection in the wake of a major privacy breach, enlisting Australian cyber firm Castlepoint Systems to oversee sensitive records

• August 05, 2025 05 Aug'25

  Attacker could defeat Dell firmware flaws with a vegetable

  Cisco Talos discloses five vulnerabilities in cyber security firmware used on Dell Latitude and Precision devices, including one that could enable an attacker to log on with a spring onion

• August 04, 2025 04 Aug'25

  Black Hat USA: Halcyon and Sophos tag-team ransomware fightback

  Ransomware experts Halcyon and Sophos are to pool their expertise in ransomware, working together to enhance data- and intelligence-sharing and bringing more comprehensive protection to customers

• August 04, 2025 04 Aug'25

  Proliferation of on-premise GenAI platforms is widening security risks

  Research finds increased adoption of unsanctioned generative artificial intelligence platforms is magnifying risk and causing a headache for security teams

• August 04, 2025 04 Aug'25

  Agentic AI a target-rich zone for cyber attackers in 2025

  At Black Hat USA 2025, CrowdStrike warns that cyber criminals and nation-states are weaponising GenAI to scale attacks and target AI agents, turning autonomous systems against their makers

• August 01, 2025 01 Aug'25

  Met Police to double facial recognition use amid budget cuts

  The UK’s largest police force is massively expanding its use of live facial recognition technology as it prepares to lose 1,700 officers and staff