News

Security policy and user awareness

• May 14, 2026 14 May'26

  BlackBerry doubles down on secure communications

  Having sold its Cylance endpoint security portfolio to Arctic Wolf, the former smartphone pioneer is doubling down on military-grade encryption and post-quantum cryptography to shield critical infrastructure from AI-driven threats

• May 13, 2026 13 May'26

  Computer Misuse Act reform to move forward in National Security Bill

  Reform of the Computer Misuse Act is to be folded into a wider National Security Bill granting more powers for law enforcement to protect the UK against a wider spectrum of threats

• May 13, 2026 13 May'26

  AI threats push Middle East CISOs towards identity-first security

  Deepfakes and shadow AI have rendered the traditional security playbook obsolete, prompting cyber leaders to shift towards resilience-first defences

• May 12, 2026 12 May'26

  Microsoft releases rare zero-day free Patch Tuesday update

  No zero-day flaws were addressed in May’s Patch Tuesday update but as usual there is much for admins to chew over in the coming days

• May 12, 2026 12 May'26

  UAE launches sovereign AI-driven Cyber Factory security initiative

  UAE Cyber Security Council and CPX unveil national cyber manufacturing initiative aimed at strengthening digital sovereignty, AI-powered defence and critical infrastructure resilience

• May 11, 2026 11 May'26

  UK government renews calls to sign Cyber Resilience Pledge

  Westminster renews calls for business leaders to sign up to its yet-to-be-launched Cyber Resilience Pledge, and highlights growth, and challenges, for the UK’s cyber economy

• May 11, 2026 11 May'26

  The Netherlands leads in quantum technology but lags on quantum security

  The Dutch government has invested €615m to build a world-class quantum technology ecosystem, but many institutions have not started any quantum-specific preparations to protect themselves against the security threat

• May 08, 2026 08 May'26

  ESET: Don’t fear the ‘AI Terminator’, but prepare for agent risks

  While fully autonomous hacking bots remain a distant reality, an ESET expert warns that AI is quietly supercharging phishing schemes and creating new vulnerabilities inside organisations

• May 06, 2026 06 May'26

  UK financial security experts participate in sector-wide hackathon

  Teams of security pros from UK financial services organisations came together at the end of April to participate in a hackathon exercise

• May 05, 2026 05 May'26

  CSA: Take AI cyber threats to the boardroom

  Current cyber risk assumptions may no longer be valid given the speed of advanced AI, warns the chief executive of Singapore’s Cyber Security Agency

• May 04, 2026 04 May'26

  UK’s NCSC warns of ‘wave of patches’

  Vulnerability discovery and mitigation continues to exercise the top minds at Britain’s NCSC as cyber experts continue to debate the impact of frontier AI models such as Mythos

• April 30, 2026 30 Apr'26

  Almost half of UK businesses hit by cyber attacks

  The government’s annual cyber security report reveals UK businesses are still struggling with the impact of attacks and breaches

• April 28, 2026 28 Apr'26

  Vect ransomware actually destructive wiper malware

  Analysis of a form of ransomware called Vect has uncovered a serious flaw that breaks its core functionality and turns it from a locker to a wiper

• April 26, 2026 26 Apr'26

  Black Hat Asia: Privacy and cyber security are inseparable

  The separation of privacy and security is no longer tenable in a world where exposed personal data is increasingly the entry point for major cyber incidents, delegates at Black Hat Asia 2026 were told

• April 22, 2026 22 Apr'26

  A tsunami of flaws: When frontier AI and Patch Tuesday collide

  Microsoft’s April Patch Tuesday drop was the second-largest in history, falling just shy of an October 2025 record. What is behind the spike in vulnerability disclosures, and is there a connection to Anthropic’s bug-hunting Claude Mythos AI model?

• April 17, 2026 17 Apr'26

  Surging CVE disclosures force NIST to shake up workflows

  NIST announces big changes to the way it categorises and manages CVEs, which are set to have a big impact on how organisations manage patching and remediation

• April 16, 2026 16 Apr'26

  CyberUK 2026: UK lagging on legal protections for cyber pros

  Ahead of next week’s CyberUK conference, the CyberUp Campaign for reform of the UK’s hacking laws urges the government to keep focus and proposes a four-pillar framework that would protect cyber professionals from prosecution

• April 15, 2026 15 Apr'26

  UK businesses must face up to AI threat, says government

  Technology secretary Liz Kendall urges Britain’s business community to sit up and pay attention to emerging AI threats, following the debut of Anthropic’s new frontier model, Mythos

• April 09, 2026 09 Apr'26

  Singapore Cyber Security Agency chief: Cyber stability a necessity, not a luxury

  With state-linked attacks rising and international rules unravelling, Singapore’s cyber security commissioner calls for global cooperation to prevent catastrophic conflict in cyber space

• April 02, 2026 02 Apr'26

  How ‘Wikipedia of cyber’ helps SAP make sense of threat data

  SAP runs enormous cloud environments for some of the world’s most heavily-regulated organisations, and in the hyperscale era, data security and compliance were becoming big challenges. It turned to cutting-edge agentic tools from Uptycs to cut ...

• April 02, 2026 02 Apr'26

  NCSC warns high-risk individuals of Signal and WhatsApp social engineering attacks

  NCSC advises on countermeasures for high-risk individuals over phishing attacks on encrypted messaging services, such as Signal, WhatsApp and Facebook Messenger

• March 31, 2026 31 Mar'26

  Shrinking PQC timeline highlights immediate risk to data security

  Google’s decision to move up its timeline for migration to post-quantum cryptography highlights that some of the cyber security risks posed by quantum computing are already reality

• March 25, 2026 25 Mar'26

  US government launches Bureau of Emerging Threats

  The US’ Bureau of Emerging Threats sits within the State Department and will supposedly help address national security threats arising from cyber attacks, the weaponisation of space and other emerging technologies

• March 25, 2026 25 Mar'26

  Google targets 2029 for post-quantum cyber readiness

  Google sets out a timeline for its migration to post-quantum cryptography, saying it will complete its migration before the end of the 2020s

• March 25, 2026 25 Mar'26

  Why AI agents are one prompt away from ransomware

  As AI adoption advances beyond chatbots, security leaders are up against rogue AI agents mirroring threat actors and a generational skills gap as security operations teams become overly dependent on AI

• March 24, 2026 24 Mar'26

  Cyber pros must grasp the vibe coding nettle, says NCSC chief

  At RSA in San Francisco, NCSC chief exec Richard Horne says security professionals have an opportunity and a responsibility to get in front of the security issues raised by the popularity of ‘vibe coding’

• March 24, 2026 24 Mar'26

  US government bans imported routers, raising tough questions

  The US communications regulator has enacted a ban on all router hardware made outside America citing security concerns, but experts say the move may risk creating more issues than it solves

• March 23, 2026 23 Mar'26

  Irish government launches CNI resilience plan

  Ireland’s National Strategy on the Resilience of Critical Entities sets out a pathway to improved cyber resilience for the nation’s critical infrastructure, and establishes compliance with an EU directive

• March 20, 2026 20 Mar'26

  UK Cyber Monitoring Centre plans expansion in US amid risk of Category 5 attack

  Organisations lulled into a false sense of security after Russian invasion of Ukraine are still at risk of a Category 5 attack in 2026

• March 19, 2026 19 Mar'26

  Cisa tells US organisations to harden endpoint management after Stryker attack

  Last week’s cyber attack on the systems of a US medical services company by Iranian hacktivists has prompted an alert from Cisa, urging organisations to reinforce their defensive posture

• March 19, 2026 19 Mar'26

  Gartner: Ditch ‘big transformation’ cyber strategies for continuous improvement

  As artificial intelligence reshapes the enterprise, CISOs must abandon risky big bang security transformation initiatives in favour of incremental changes to build cyber resilience

• March 19, 2026 19 Mar'26

  Apple issues first Background patch for WebKit browser flaw

  Apple’s first ever Background Security Update fixes a WebKit browser engine bug that could enable threat actors to see and steal important data from their victims

• March 17, 2026 17 Mar'26

  Digital IDs edge closer to practical reality for UK businesses

  Industries and policymakers are strongly aligned on the need for digital company IDs for UK businesses, as progress is made towards the implementation of a practical standard

• March 11, 2026 11 Mar'26

  Cyber industry welcomes women, but challenges persist

  Three-quarters of women working in security say they feel comfortable in the field, but women are still much more likely to be laid off and face persistent challenges around career advancement, according to a report

• March 11, 2026 11 Mar'26

  Welsh government boosts funding for cyber education

  The Welsh government’s Tech Valleys programme is providing three-quarters of a million pounds to help reach thousands of primary school children with security education and careers guidance

• March 10, 2026 10 Mar'26

  Microsoft patches zero-days in .NET and SQL Server

  Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft’s March Patch Tuesday update

• March 10, 2026 10 Mar'26

  WA auditor general flags weak Microsoft 365 security controls across state entities

  Western Australia’s Office of the Auditor General has uncovered weaknesses in M365 configurations across seven government agencies, leading to compromised accounts and data breaches

• March 09, 2026 09 Mar'26

  UK to launch cyber fraud squad in April

  The UK’s Online Crime Centre, launching next month, will bring together government, police, intelligence agencies, banks, mobile networks and tech firms to take coordinated action against cyber fraud

• March 09, 2026 09 Mar'26

  Trump looks to power up post-quantum, AI security

  The US has unveiled a six-pillar national cyber security strategy, with developing technological areas such as post-quantum cryptography and artificial intelligence front and centre

• March 06, 2026 06 Mar'26

  Scattered Spider attack on TfL affected 10 million people

  The 2024 Scattered Spider attack on Transport for London affected approximately 10 million people, many of whom remain blissfully unaware their data was compromised

• March 04, 2026 04 Mar'26

  Iranian hacktivists muster their forces but state APTs lay low

  Hacktivist activity surrounding the Iran war is sky-high but Iran’s state-backed cyber espionage actors have yet to show their hands, giving security teams a valuable window of time to shore up their defences

• March 04, 2026 04 Mar'26

  Zero-day in Android phone chips under active attack

  Google and Qualcomm have tag-teamed a serious vulnerability in the chipsets used in Android mobile devices, which has been exploited in the wild as a zero-day

• March 04, 2026 04 Mar'26

  Tycoon2FA phishing platform dismantled in major operation

  A Europol-led sting against the infamous Tycoon2FA MFA bypass phishing service has been successful, with operations disrupted and ringleaders and cyber criminal users identified

• March 03, 2026 03 Mar'26

  NCSC: No increase in cyber threat from Iran, but be prepared

  While cyber threat levels remain stable following the outbreak of war in the Middle East at the weekend, at-risk organisations in the UK should take steps to ward off potential reprisals from Iran-linked threat actors

• February 26, 2026 26 Feb'26

  CrowdStrike touts agentic SOC to tackle security woes

  By embedding AI agents across its platform, CrowdStrike is looking to help security teams automate repetitive security tasks, enabling them to focus on complex and stealthier threats that could slip under the radar

• February 25, 2026 25 Feb'26

  Cisco Catalyst SD-WAN users targeted in series of cyber attacks

  The NCSC, Cisa, and other Five Eyes agencies have warned of mass exploitation of vulnerabilities in Cisco Catalyst SD-WAN, which Cisco is attributing to an unknown threat actor called UAT-8616

• February 25, 2026 25 Feb'26

  Application exploitation back in vogue, says IBM cyber unit

  IBM’s X-Force unit observes an uptick in the exploitation of vulnerable public-facing software applications

• February 25, 2026 25 Feb'26

  How AI code generation is pushing DevSecOps to machine speed

  Organisations should adopt shared platforms and automated governance to keep pace with the growing use of generative AI tools that are helping developers produce code at unprecedented volumes

• February 24, 2026 24 Feb'26

  Cyber association launches code of conduct for security pros

  ISC2’s Code of Professional Conduct will supposedly establish a worldwide framework dedicated to principled and ethical practices in the security trade

• February 23, 2026 23 Feb'26

  Why crypto agility is key to quantum readiness

  With quantum computing threatening current encryption standards, experts call for organisations to achieve crypto agility by managing the lifecycle of certificates and cryptographic keys through automation