News

IT security

• December 19, 2025 19 Dec'25

  European Commission renews UK data adequacy agreement, ensuring continued free flow of data

  Despite calls from some data protection campaigners, the UK's agreement to allow data movement with European Economic Area countries is extended until 2031

• December 19, 2025 19 Dec'25

  ‘Sensitive’ data stolen in Westminster City Council cyber attack

  London borough confirms that data breach affecting three neighbouring councils in a shared IT services operation led to personal information being copied by a third party

• December 19, 2025 19 Dec'25

  UK government confirms Foreign Office cyber attack

  Reports blame Chinese hacking group but minister insists the source of the attack is unclear

• December 18, 2025 18 Dec'25

  Fortinet vulnerabilities prompt pre-holiday warnings

  Analysts track exploitation of two vulnerabilities disclosed last week by Fortinet

• December 18, 2025 18 Dec'25

  AI safeguards improving, says UK government-backed body

  Inaugural AI Security Institute report claims that safeguards in place to ensure AI models behave as intended seem to be improving

• December 17, 2025 17 Dec'25

  ClickFix attacks that bypass cyber controls on the rise

  NCC’s monthly threat report details the growing prevalence of ClickFix attacks in the wild

• December 15, 2025 15 Dec'25

  Top IT predictions in APAC in 2026

  Enterprises across the Asia-Pacific region are expected to prioritise sovereign architectures, double down on securing agentic systems and rewrite their infrastructure playbooks, among other tech trends

• December 12, 2025 12 Dec'25

  Streisand effect: Businesses that pay ransomware gangs are more likely to hit the headlines

  Research by ransomware expert Max Smeets suggests companies that pay up to criminal gangs are more likely to attract press attention

• December 12, 2025 12 Dec'25

  Trump plans bonfire of US state-level AI regulation

  US president’s executive order targets state-level AI regulatory frameworks across the country, saying they are too onerous and endangering leadership in the field

• December 12, 2025 12 Dec'25

  Digital Ethics Summit 2025: Open sourcing and assuring AI

  Industry experts met to discuss the ethical challenges associated with assuring AI systems, and how open source approaches can challenge concentrations of capital and power

• December 11, 2025 11 Dec'25

  Microsoft expands bug bounty scheme to include third-party software

  The company is to offer bug bounty awards for people who report security vulnerabilities in third-party and open source software impacting Microsoft services

• December 09, 2025 09 Dec'25

  Microsoft patched over 1,100 CVEs in 2025

  The final Patch Tuesday update of the year brings 56 new CVEs, bringing the year-end total to more than 1,100

• December 09, 2025 09 Dec'25

  How Chinese-owned Radisson Hotel Group split US enterprise resource planning

  During the UK and Ireland SAP user group conference in Birmingham, Computer Weekly met with the SAP platform lead at Radisson Hotel Group

• December 09, 2025 09 Dec'25

  MPs maul digital ID plans in Parliamentary debate

  MPs brand the government’s digital ID plans ‘un-British’ and ‘an attack on civil liberties’ during debate on the controversial policy

• December 09, 2025 09 Dec'25

  Why bug bounty schemes have not led to secure software

  Computer Weekly speaks to Katie Moussouris, security entrepreneur and bug bounty pioneer, about the life of security researchers, bug bounties and the artificial intelligence revolution

• December 09, 2025 09 Dec'25

  OAIC to launch blitz on privacy compliance

  Australia’s privacy watchdog will begin the new year with a compliance sweep targeting businesses that run afoul of privacy rules, including the over-collection of personal information in-person, warning that non-compliance could trigger fines

• December 08, 2025 08 Dec'25

  NCSC warns of confusion over true nature of AI prompt injection

  Malicious prompt injections to manipulate GenAI large language models are being wrongly compared to classical SQL injection attacks. In reality, prompt injection may be a far worse problem, says the UK’s NCSC

• December 08, 2025 08 Dec'25

  How police live facial recognition subtly reconfigures suspicion

  A growing body of research suggests that the use of live facial recognition is reshaping police perceptions of suspicion in ways that undermine supposed human-in-the-loop protections

• December 05, 2025 05 Dec'25

  Cyber teams on alert as React2Shell exploitation spreads

  Exploitation of an RCE flaw in a widely used open source library is spreading quickly, with China-backed threat actors in the driving seat

• December 05, 2025 05 Dec'25

  Cloudflare fixes second outage in a month

  A change to web application firewall policies at Cloudflare caused problems across the internet less than three weeks after another major outage at the service, but no cyber attack is suspected

• December 04, 2025 04 Dec'25

  NCC supporting London councils gripped by cyber attacks

  Three west London councils hit by a cyber attack continue to investigate as services remain disrupted nearly two weeks on

• December 04, 2025 04 Dec'25

  Constrained budgets left security teams short-handed in 2025

  With 2024 seeing surges in security funding cuts, lay-offs and hiring freezes, 2025 brought some relief for cyber pros, but constrained budgets are leaving security teams short-staffed

• December 04, 2025 04 Dec'25

  Home Office launches police facial recognition consultation

  The Home Office has formally opened a 10-week consultation on a legal framework for police use of facial recognition technologies, and will consider extending any new rules to police deployments of other biometric and inferential technologies

• December 04, 2025 04 Dec'25

  Western coalition supplying tech to Ukraine prepared for long war

  Russia is deploying hybrid warfare against Europe as western nations supply critical IT and telecoms equipment to Ukraine’s front line

• December 03, 2025 03 Dec'25

  UK government pledges to rewrite Computer Misuse Act

  Campaigners celebrate as security minister Dan Jarvis commits to amending the outdated Computer Misuse Act to protect security professionals from prosecution

• December 03, 2025 03 Dec'25

  NCSC and BT block a billion dangerous clicks

  A protective service jointly developed by the NCSC and BT has disrupted over a billion potential cyber incidents by stopping members of the public from clicking through to dangerous websites

• December 03, 2025 03 Dec'25

  UK national security strategy failing to account for online world

  The UK government’s national security strategy is falling short on online matters, according to the independent reviewer of terrorism

• December 03, 2025 03 Dec'25

  Interview: Florence Mottay, global CISO, Zalando

  Florence Mottay moved from mathematics to software engineering, and is now leading security at Zalando, a high-tech online fashion retailer

• December 03, 2025 03 Dec'25

  Post Office avoids £1m fine over botched website upgrade data breach

  The Information Commissioner’s Office considered fining the Post Office £1m for a 2024 data breach that let subpostmasters down again

• December 03, 2025 03 Dec'25

  Women in Cybersecurity Middle East marks five years of impact at Black Hat MEA

  As AI reshapes the regional cyber security landscape, diversity and skills development remain at the heart of building a resilient digital workforce

• December 03, 2025 03 Dec'25

  Black Hat MEA: Saudi Vision 2030 fuels surge in cyber security innovation

  Global cyber firms are racing to support the Kingdom’s mega-projects, but building trusted partnerships remains key, says Exabeam CEO Pete Harteveld

• December 02, 2025 02 Dec'25

  UK prosecution of alleged Chinese spies was ‘shambolic’ says Parliamentary committee

  The Joint Committee on National Security Strategy reports that China was engaged in malicious cyber attacks against UK Parliament and democratic institutions

• December 02, 2025 02 Dec'25

  AWS targets vulnerable code with security agent

  At AWS re:Invent 2025, the cloud giant unveiled a security agent designed to bridge the gap between development speed and security validation, along with the general availability of Security Hub analytics

• December 02, 2025 02 Dec'25

  Strategic shift pays off as Okta bids to ease agentic AI risk

  Nine months after restructuring its go-to-market, Okta is buoyed by a growing recognition of how crucial identity has become thanks to the spread of AI agents

• December 02, 2025 02 Dec'25

  Use of digital ID in UK achieves statutory status

  A formal regime of certification and governance is now in place for digital identity services – just as the UK government presses ahead with its controversial plan for a national ID scheme

• December 01, 2025 01 Dec'25

  Mandatory digital ID paves way for surveillance and exclusion, MPs hear

  It is currently unclear how the UK’s government’s proposed mandatory digital ID scheme will help with its stated goal of curbing illegal migration and working

• December 01, 2025 01 Dec'25

  SASE, SD-WAN evolve as enterprises prioritise unified network security

  Research confirms trend that software-defined wide-area network implementations are increasingly tied to security, with the continual rise of cyber security incidents worldwide only accelerating this dynamic

• December 01, 2025 01 Dec'25

  Interview: Mariano Albera, CTO, Checkout.com

  Checkout.com’s chief technology officer has spent most of his career in the e-commerce industry, and now he is applying what he learned to the finance sector that serves it

• November 26, 2025 26 Nov'25

  London councils endure wave of cyber attacks, shared IT services hit

  Four London councils – Kensington and Chelsea; Hackney; Westminster; and Hammersmith and Fulham – have suffered cyber attacks, disrupting services and prompting NCSC-supported investigation

• November 26, 2025 26 Nov'25

  US breach reinforces need to plug third-party security weaknesses

  Cyber breach at US financial sector tech provider highlights the risk of third-party vulnerabilities in finance ecosystems

• November 21, 2025 21 Nov'25

  UK digital ID scheme cash will come from existing funds

  UK Parliamentary committee hearing reveals there will be no permanent government chief digital officer going forward, and digital ID scheme will be funded by existing budgets

• November 20, 2025 20 Nov'25

  Russian money launderers bought a bank to disguise ransomware profit

  A billion-dollar money laundering network active in the UK funnelled money, including the profits of ransomware attacks, into its own bank to circumvent sanctions on Russia and help fund its attacks on Ukraine

• November 20, 2025 20 Nov'25

  UK targets ‘bulletproof’ services that hosted ransomware gangs

  The UK’s NCA and partners have cracked down on ‘bulletproof’ services that hosted cyber criminal infrastructure

• November 20, 2025 20 Nov'25

  Swedish welfare authorities suspend ‘discriminatory’ AI model

  A machine learning model used by Sweden’s social security agency to flag benefit fraud has been discontinued following investigations by media outlets and the country’s data protection watchdog

• November 19, 2025 19 Nov'25

  Cloudflare contrite after worst outage since 2019

  Cloudflare CEO Matthew Prince apologises for the firm’s worst outage in years and shares details of how a change to database system permissions caused a cascading effect that brought down some of the web’s biggest names

• November 19, 2025 19 Nov'25

  EU sets out plans to cut red tape on digital

  Changes have been proposed to simplify AI Act compliance for smaller businesses, easier cyber security reporting and tweaks to GDPR

• November 19, 2025 19 Nov'25

  UAE to launch first space-to-ground quantum communication network

  Technology Innovation Institute and Space42 unveil a collaboration at the Dubai Airshow to deliver the UAE’s first space-enabled quantum communication network, strengthening national cyber resilience and advancing sovereign leadership in ...

• November 19, 2025 19 Nov'25

  Cisco: Network architectures must be rebuilt for agentic AI

  Rising traffic volumes, AI-powered security threats and the move to agentic workflows will require organisations to modernise their network infrastructure

• November 18, 2025 18 Nov'25

  Microsoft unveils AI agents to automate security operations

  Tech giant bakes AI agents into its security products to democratise advanced security capabilities, automate repetitive tasks and provide context-aware intelligence for cyber defenders

• November 18, 2025 18 Nov'25

  Ransomware resilience may be improving in the health sector

  A Sophos report on ransomware highlights resilience improvements among healthcare organisations but warns that the wider threat is still live and growing