News

Security policy and user awareness

December 18, 2025 18 Dec'25
Fortinet vulnerabilities prompt pre-holiday warnings

Analysts track exploitation of two vulnerabilities disclosed last week by Fortinet
December 18, 2025 18 Dec'25
AI safeguards improving, says UK government-backed body

Inaugural AI Security Institute report claims that safeguards in place to ensure AI models behave as intended seem to be improving
December 17, 2025 17 Dec'25
ClickFix attacks that bypass cyber controls on the rise

NCC’s monthly threat report details the growing prevalence of ClickFix attacks in the wild
December 08, 2025 08 Dec'25
NCSC warns of confusion over true nature of AI prompt injection

Malicious prompt injections to manipulate GenAI large language models are being wrongly compared to classical SQL injection attacks. In reality, prompt injection may be a far worse problem, says the UK’s NCSC

December 04, 2025 04 Dec'25
NCC supporting London councils gripped by cyber attacks

Three west London councils hit by a cyber attack continue to investigate as services remain disrupted nearly two weeks on
December 03, 2025 03 Dec'25
UK government pledges to rewrite Computer Misuse Act

Campaigners celebrate as security minister Dan Jarvis commits to amending the outdated Computer Misuse Act to protect security professionals from prosecution
December 03, 2025 03 Dec'25
UK national security strategy failing to account for online world

The UK government’s national security strategy is falling short on online matters, according to the independent reviewer of terrorism
December 03, 2025 03 Dec'25
Post Office avoids £1m fine over botched website upgrade data breach

The Information Commissioner’s Office considered fining the Post Office £1m for a 2024 data breach that let subpostmasters down again
December 03, 2025 03 Dec'25
Women in Cybersecurity Middle East marks five years of impact at Black Hat MEA

As AI reshapes the regional cyber security landscape, diversity and skills development remain at the heart of building a resilient digital workforce
November 26, 2025 26 Nov'25
US breach reinforces need to plug third-party security weaknesses

Cyber breach at US financial sector tech provider highlights the risk of third-party vulnerabilities in finance ecosystems

November 20, 2025 20 Nov'25
UK targets ‘bulletproof’ services that hosted ransomware gangs

The UK’s NCA and partners have cracked down on ‘bulletproof’ services that hosted cyber criminal infrastructure
November 19, 2025 19 Nov'25
EU sets out plans to cut red tape on digital

Changes have been proposed to simplify AI Act compliance for smaller businesses, easier cyber security reporting and tweaks to GDPR
November 19, 2025 19 Nov'25
UAE to launch first space-to-ground quantum communication network

Technology Innovation Institute and Space42 unveil a collaboration at the Dubai Airshow to deliver the UAE’s first space-enabled quantum communication network, strengthening national cyber resilience and advancing sovereign leadership in ...
November 18, 2025 18 Nov'25
Ransomware resilience may be improving in the health sector

A Sophos report on ransomware highlights resilience improvements among healthcare organisations but warns that the wider threat is still live and growing
November 18, 2025 18 Nov'25
Fintech leaders call for united front against AI-driven cyber crime

As AI makes financial scams more personalised and convincing, fintech experts have called for deeper collaboration and the use of behavioural analytics and other technologies to protect consumers
November 12, 2025 12 Nov'25
US cyber intel sharing law set for temporary extension

The CISA 2015 cyber intelligence sharing law, which lapsed just over a month ago amid a wider shutdown, will receive a temporary lease of life should attempts to reopen the federal government succeed
November 12, 2025 12 Nov'25
Microsoft users warned over privilege elevation flaw

An elevation of privilege vulnerability in Windows Kernel tops the list of issues to address in the latest monthly Patch Tuesday update
November 07, 2025 07 Nov'25
How Palo Alto Networks is leveraging AI

Palo Alto Networks CIO Meerah Rajavel explains how the company is using AI to sieve through 90 billion security events a day, and why security and user experience are two sides of the same coin
November 05, 2025 05 Nov'25
Darktrace: Developer tools under constant attack

Attackers are using automated tools to target development environments within seconds of them going live, warns Darktrace’s global field chief information security officer
November 05, 2025 05 Nov'25
Dutch boardroom cyber security knowledge gap exposed

Cyber security governance professor warns that executives lack the capability to assess cyber threats in implementation approaches
November 04, 2025 04 Nov'25
The Security Interviews: Colin Mahony, CEO, Recorded Future

Recorded Future’s CEO talks threat intelligence, AI in cyber security and the ever-changing cyber threat landscape
November 04, 2025 04 Nov'25
Fewer data breaches in Australia, but human error now a bigger threat

Australian privacy commissioner warns that the human factor is a growing threat as notifications caused by staff mistakes rose significantly even as total breaches declined 10% from a record high
October 31, 2025 31 Oct'25
European governments opt for open source alternatives to Big Tech encrypted communications

European governments are rolling out decentralised secure messaging and collaboration services as they seek to reduce their reliance on Big Tech companies
October 31, 2025 31 Oct'25
Cyber agencies co-sign Exchange Server security guide

US and allied cyber agencies team up to try to nudge users to pay more attention to securing Microsoft Exchange Server
October 30, 2025 30 Oct'25
Yubico bolsters APAC presence, touts device subscriptions

Yubico is hiring local teams in Singapore and pitching its subscription service to help enterprises secure employee access to corporate networks and applications
October 29, 2025 29 Oct'25
Scope of US state-level privacy laws expands rapidly in 2025

Nine state-level data protection laws have come into force in the US this year, and three more are slated for January 2026. Navigating this complex landscape is becoming a challenge
October 28, 2025 28 Oct'25
Effective cyber sanctions require a joined-up approach, says Rusi

Calling out and sanctioning cyber threat actors can be an effective tool, but is not a universal panacea, and needs to be considered as part of a wider, strategic approach, say Rusi think tank analysts
October 27, 2025 27 Oct'25
LockBit 5.0 expands targeting amid ransomware escalation

The LockBit RaaS operation is back in action, with technical features and expanded targeting, and is contributing to a steadily growing number of ransomware attacks
October 24, 2025 24 Oct'25
UK ramps up ransomware fightback with supply chain security guide

Multinational guidance, developed by the UK and Singapore, is designed to help organisations reinforce their supply chain against ransomware attacks
October 23, 2025 23 Oct'25
Amid CISA cuts, US state launches first VDP

Legislators in Annapolis, Maryland, have teamed up with Bugcrowd to launch a statewide vulnerability disclosure programme
October 22, 2025 22 Oct'25
Jaguar Land Rover attack to cost UK £1.9bn, say cyber monitors

The UK's Cyber Monitoring Centre calculates the overall cost of the Jaguar Land Rover cyber attack will be almost two billion pounds
October 22, 2025 22 Oct'25
Building security and trust in AI agents

AI agents require standardised guidelines, clear human responsibility and a shared language between developers and policymakers to be secure and trusted, experts say
October 21, 2025 21 Oct'25
New cyber resilience centre to help SMEs fend off cyber threats

Spearheaded by the Singapore Business Federation, the cyber resilience centre will equip SMEs in the city-state with cyber security capabilities to mitigate and recover from cyber attacks
October 16, 2025 16 Oct'25
Gitex 2025: Help AG aims to be global cyber force as UAE leads AI security transformation

Acting CEO Aleksandar Valjarevic discusses how Help AG is evolving from a regional cyber security authority into a global innovation-driven player, powered by sovereign services, AI automation and managed security models
October 15, 2025 15 Oct'25
Obsession with cyber breach notification fuelling costly mistakes

The race to meet security breach notification deadlines is leading to staff burnout, destroyed evidence and a culture of blame, warns a Trend Micro risk and security strategist
October 14, 2025 14 Oct'25
NCSC calls for action after rise in ‘nationally significant’ cyber incidents

National Cyber Security Centre says businesses should take action now as the number of nationally significant cyber incidents doubles
October 07, 2025 07 Oct'25
The Security Interviews: David Bradbury, CSO, Okta

Okta’s chief security officer talks security by default and explains why he thinks time is running out for the shared responsibility model
October 01, 2025 01 Oct'25
US government shutdown stalls cyber intel sharing

A key US law covering cyber security intelligence sharing has expired without an extension or replacement amid a total shutdown of the federal government, putting global security collaboration at risk.
September 26, 2025 26 Sep'25
Over half of India-based companies suffer security breaches

Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year
September 26, 2025 26 Sep'25
Okta CEO: AI security and identity security are one and the same

At Oktane 2025 in Las Vegas, Okta CEO Todd McKinnon describes AI security and identity security as inseparable as he tees up a series of agentic security innovations
September 25, 2025 25 Sep'25
Netherlands establishes cyber resilience network to strengthen public-private digital defence

Network will connect organisations in a cyber crime defence initiative that goes way beyond information sharing
September 23, 2025 23 Sep'25
SolarWinds warns over dangerous RCE flaw

A newly uncovered RCE flaw in SolarWinds’ helpdesk product bypasses two previously issued fixes, and users should prioritise updates as exploitation is likely to occur
September 23, 2025 23 Sep'25
‘Our worst day’: The untold story of the Electoral Commission cyber attack

As head of digital at The Electoral Commission, Andrew Simpson’s mettle was tested when threat actors gained access to the regulator’s email systems and accessed sensitive voter data. Three years on, he tells his story to Computer Weekly
September 19, 2025 19 Sep'25
UK cyber action plan lays out path to resilience

A report produced for the government by academics at Imperial College London and the University of Bristol sets out nine recommendations to strengthen the UK’s cyber sector
September 17, 2025 17 Sep'25
Microsoft scores win against Office 365 credential thieves

Microsoft’s Digital Crimes Unit disrupts a major phishing-as-a-service operation that targeted and stole Office 365 usernames and credentials
September 17, 2025 17 Sep'25
Lufthansa pilots EU Digital Identity Wallet-based travel

Travellers will only be required to tap their phone to pass the various steps of checking in and boarding aircraft
September 16, 2025 16 Sep'25
Exabeam: Treat AI agents as the new insider threat

As artificial intelligence agents are given more power inside organisations, Exabeam’s chief AI officer, Steve Wilson, argues they must be monitored for rogue behaviour just like their human counterparts
September 15, 2025 15 Sep'25
Arqit to support NCSC’s post-quantum cryptography pilot

Quantum specialist Arqit will provide specialised post-quantum migration planning services to organisations preparing to address the imminent risks to traditional cryptography
September 11, 2025 11 Sep'25
Students an increasing source of cyber threat in UK schools

Insider threats arising from student activity now appears to be the chief cause of notifiable cyber or data breach incidents in Britain’s schools
September 10, 2025 10 Sep'25
Splunk.conf: Cisco and Splunk expand agentic SOC vision

The arrival of agentic AI in the security operations centre heralds an era of simplification for security professionals, Splunk claims