News

IT security

• December 11, 2025 11 Dec'25

  Microsoft expands bug bounty scheme to include third-party software

  The company is to offer bug bounty awards for people who report security vulnerabilities in third-party and open source software impacting Microsoft services

• December 09, 2025 09 Dec'25

  Microsoft patched over 1,100 CVEs in 2025

  The final Patch Tuesday update of the year brings 56 new CVEs, bringing the year-end total to more than 1,100

• December 09, 2025 09 Dec'25

  How Chinese-owned Radisson Hotel Group split US enterprise resource planning

  During the UK and Ireland SAP user group conference in Birmingham, Computer Weekly met with the SAP platform lead at Radisson Hotel Group

• December 09, 2025 09 Dec'25

  MPs maul digital ID plans in Parliamentary debate

  MPs brand the government’s digital ID plans ‘un-British’ and ‘an attack on civil liberties’ during debate on the controversial policy

• December 09, 2025 09 Dec'25

  Why bug bounty schemes have not led to secure software

  Computer Weekly speaks to Katie Moussouris, security entrepreneur and bug bounty pioneer, about the life of security researchers, bug bounties and the artificial intelligence revolution

• December 09, 2025 09 Dec'25

  OAIC to launch blitz on privacy compliance

  Australia’s privacy watchdog will begin the new year with a compliance sweep targeting businesses that run afoul of privacy rules, including the over-collection of personal information in-person, warning that non-compliance could trigger fines

• December 08, 2025 08 Dec'25

  NCSC warns of confusion over true nature of AI prompt injection

  Malicious prompt injections to manipulate GenAI large language models are being wrongly compared to classical SQL injection attacks. In reality, prompt injection may be a far worse problem, says the UK’s NCSC

• December 08, 2025 08 Dec'25

  How police live facial recognition subtly reconfigures suspicion

  A growing body of research suggests that the use of live facial recognition is reshaping police perceptions of suspicion in ways that undermine supposed human-in-the-loop protections

• December 05, 2025 05 Dec'25

  Cyber teams on alert as React2Shell exploitation spreads

  Exploitation of an RCE flaw in a widely used open source library is spreading quickly, with China-backed threat actors in the driving seat

• December 05, 2025 05 Dec'25

  Cloudflare fixes second outage in a month

  A change to web application firewall policies at Cloudflare caused problems across the internet less than three weeks after another major outage at the service, but no cyber attack is suspected

• December 04, 2025 04 Dec'25

  NCC supporting London councils gripped by cyber attacks

  Three west London councils hit by a cyber attack continue to investigate as services remain disrupted nearly two weeks on

• December 04, 2025 04 Dec'25

  Constrained budgets left security teams short-handed in 2025

  With 2024 seeing surges in security funding cuts, lay-offs and hiring freezes, 2025 brought some relief for cyber pros, but constrained budgets are leaving security teams short-staffed

• December 04, 2025 04 Dec'25

  Home Office launches police facial recognition consultation

  The Home Office has formally opened a 10-week consultation on a legal framework for police use of facial recognition technologies, and will consider extending any new rules to police deployments of other biometric and inferential technologies

• December 04, 2025 04 Dec'25

  Western coalition supplying tech to Ukraine prepared for long war

  Russia is deploying hybrid warfare against Europe as western nations supply critical IT and telecoms equipment to Ukraine’s front line

• December 03, 2025 03 Dec'25

  UK government pledges to rewrite Computer Misuse Act

  Campaigners celebrate as security minister Dan Jarvis commits to amending the outdated Computer Misuse Act to protect security professionals from prosecution

• December 03, 2025 03 Dec'25

  NCSC and BT block a billion dangerous clicks

  A protective service jointly developed by the NCSC and BT has disrupted over a billion potential cyber incidents by stopping members of the public from clicking through to dangerous websites

• December 03, 2025 03 Dec'25

  UK national security strategy failing to account for online world

  The UK government’s national security strategy is falling short on online matters, according to the independent reviewer of terrorism

• December 03, 2025 03 Dec'25

  Interview: Florence Mottay, global CISO, Zalando

  Florence Mottay moved from mathematics to software engineering, and is now leading security at Zalando, a high-tech online fashion retailer

• December 03, 2025 03 Dec'25

  Post Office avoids £1m fine over botched website upgrade data breach

  The Information Commissioner’s Office considered fining the Post Office £1m for a 2024 data breach that let subpostmasters down again

• December 03, 2025 03 Dec'25

  Women in Cybersecurity Middle East marks five years of impact at Black Hat MEA

  As AI reshapes the regional cyber security landscape, diversity and skills development remain at the heart of building a resilient digital workforce

• December 03, 2025 03 Dec'25

  Black Hat MEA: Saudi Vision 2030 fuels surge in cyber security innovation

  Global cyber firms are racing to support the Kingdom’s mega-projects, but building trusted partnerships remains key, says Exabeam CEO Pete Harteveld

• December 02, 2025 02 Dec'25

  UK prosecution of alleged Chinese spies was ‘shambolic’ says Parliamentary committee

  The Joint Committee on National Security Strategy reports that China was engaged in malicious cyber attacks against UK Parliament and democratic institutions

• December 02, 2025 02 Dec'25

  AWS targets vulnerable code with security agent

  At AWS re:Invent 2025, the cloud giant unveiled a security agent designed to bridge the gap between development speed and security validation, along with the general availability of Security Hub analytics

• December 02, 2025 02 Dec'25

  Strategic shift pays off as Okta bids to ease agentic AI risk

  Nine months after restructuring its go-to-market, Okta is buoyed by a growing recognition of how crucial identity has become thanks to the spread of AI agents

• December 02, 2025 02 Dec'25

  Use of digital ID in UK achieves statutory status

  A formal regime of certification and governance is now in place for digital identity services – just as the UK government presses ahead with its controversial plan for a national ID scheme

• December 01, 2025 01 Dec'25

  Mandatory digital ID paves way for surveillance and exclusion, MPs hear

  It is currently unclear how the UK’s government’s proposed mandatory digital ID scheme will help with its stated goal of curbing illegal migration and working

• December 01, 2025 01 Dec'25

  SASE, SD-WAN evolve as enterprises prioritise unified network security

  Research confirms trend that software-defined wide-area network implementations are increasingly tied to security, with the continual rise of cyber security incidents worldwide only accelerating this dynamic

• December 01, 2025 01 Dec'25

  Interview: Mariano Albera, CTO, Checkout.com

  Checkout.com’s chief technology officer has spent most of his career in the e-commerce industry, and now he is applying what he learned to the finance sector that serves it

• November 26, 2025 26 Nov'25

  London councils endure wave of cyber attacks, shared IT services hit

  Four London councils – Kensington and Chelsea; Hackney; Westminster; and Hammersmith and Fulham – have suffered cyber attacks, disrupting services and prompting NCSC-supported investigation

• November 26, 2025 26 Nov'25

  US breach reinforces need to plug third-party security weaknesses

  Cyber breach at US financial sector tech provider highlights the risk of third-party vulnerabilities in finance ecosystems

• November 21, 2025 21 Nov'25

  UK digital ID scheme cash will come from existing funds

  UK Parliamentary committee hearing reveals there will be no permanent government chief digital officer going forward, and digital ID scheme will be funded by existing budgets

• November 20, 2025 20 Nov'25

  Russian money launderers bought a bank to disguise ransomware profit

  A billion-dollar money laundering network active in the UK funnelled money, including the profits of ransomware attacks, into its own bank to circumvent sanctions on Russia and help fund its attacks on Ukraine

• November 20, 2025 20 Nov'25

  UK targets ‘bulletproof’ services that hosted ransomware gangs

  The UK’s NCA and partners have cracked down on ‘bulletproof’ services that hosted cyber criminal infrastructure

• November 20, 2025 20 Nov'25

  Swedish welfare authority suspends ‘discriminatory’ AI model

  A machine learning model used by Sweden’s social security agency to flag benefit fraud has been discontinued following investigations by media outlets and the country’s data protection watchdog

• November 19, 2025 19 Nov'25

  Cloudflare contrite after worst outage since 2019

  Cloudflare CEO Matthew Prince apologises for the firm’s worst outage in years and shares details of how a change to database system permissions caused a cascading effect that brought down some of the web’s biggest names

• November 19, 2025 19 Nov'25

  EU sets out plans to cut red tape on digital

  Changes have been proposed to simplify AI Act compliance for smaller businesses, easier cyber security reporting and tweaks to GDPR

• November 19, 2025 19 Nov'25

  UAE to launch first space-to-ground quantum communication network

  Technology Innovation Institute and Space42 unveil a collaboration at the Dubai Airshow to deliver the UAE’s first space-enabled quantum communication network, strengthening national cyber resilience and advancing sovereign leadership in ...

• November 19, 2025 19 Nov'25

  Cisco: Network architectures must be rebuilt for agentic AI

  Rising traffic volumes, AI-powered security threats and the move to agentic workflows will require organisations to modernise their network infrastructure

• November 18, 2025 18 Nov'25

  Microsoft unveils AI agents to automate security operations

  Tech giant bakes AI agents into its security products to democratise advanced security capabilities, automate repetitive tasks and provide context-aware intelligence for cyber defenders

• November 18, 2025 18 Nov'25

  Ransomware resilience may be improving in the health sector

  A Sophos report on ransomware highlights resilience improvements among healthcare organisations but warns that the wider threat is still live and growing

• November 18, 2025 18 Nov'25

  Cloudflare outage disrupts public web services

  An outage at web traffic management specialist Cloudflare has caused disruption across the internet

• November 18, 2025 18 Nov'25

  Fintech leaders call for united front against AI-driven cyber crime

  As AI makes financial scams more personalised and convincing, fintech experts have called for deeper collaboration and the use of behavioural analytics and other technologies to protect consumers

• November 16, 2025 16 Nov'25

  Australia lags regional peers in AI adoption

  Report finds governance gaps, a lack of training and fear of risks as key reasons for the nation’s slow uptake of artificial intelligence compared with regional peers

• November 14, 2025 14 Nov'25

  Cl0p claims ransomware hit on NHS

  Ransomware gangsters claim to have attacked the NHS, but clarity on the nature of the incident is yet to emerge

• November 14, 2025 14 Nov'25

  Jaguar Land Rover cyber attack costs firm £485m in the quarter

  Jaguar Land Rover’s quarterly financial statement discloses a £485m loss due to the late August cyber attack that halted production for six weeks, damaging the UK economy

• November 14, 2025 14 Nov'25

  MI5 made multiple applications for phone data to identify BBC journalist’s sources

  MI5 discloses it made and authorised unlawful ‘sequential applications’ for Vincent Kearney’s phone data during his time at the BBC, but will neither confirm nor deny whether it undertook further ‘lawful’ surveillance of BBC journalists

• November 13, 2025 13 Nov'25

  Scottish government to launch cyber observatory

  The observatory will analyse and share warnings on public sector cyber threats, and identify emerging risks

• November 12, 2025 12 Nov'25

  Hungry for data: Inside Europol’s secretive AI programme

  The EU’s law enforcement agency has been quietly amassing data to feed an ambitious but secretive artificial intelligence development programme that could have far-reaching privacy implications for people across the bloc

• November 12, 2025 12 Nov'25

  US cyber intel sharing law set for temporary extension

  The CISA 2015 cyber intelligence sharing law, which lapsed just over a month ago amid a wider shutdown, will receive a temporary lease of life should attempts to reopen the federal government succeed

• November 12, 2025 12 Nov'25

  Microsoft users warned over privilege elevation flaw

  An elevation of privilege vulnerability in Windows Kernel tops the list of issues to address in the latest monthly Patch Tuesday update