News
Security policy and user awareness
-
September 11, 2025
11
Sep'25
Students an increasing source of cyber threat in UK schools
Insider threats arising from student activity now appears to be the chief cause of notifiable cyber or data breach incidents in Britain’s schools
-
September 10, 2025
10
Sep'25
Splunk.conf: Cisco and Splunk expand agentic SOC vision
The arrival of agentic AI in the security operations centre heralds an era of simplification for security professionals, Splunk claims
-
September 10, 2025
10
Sep'25
Open source security and sustainability remain unsolved problem
While software bills of materials offer some transparency over software components, they don’t solve the imbalance between corporate consumption of open source software and the lack of investment in its security and health
-
September 09, 2025
09
Sep'25
Splunk.conf: Splunk urges users to eat their ‘cyber veggies’
The dawn of AI-enabled cyber attacks makes it even more important for defenders to bring their A-game, particularly when it comes to getting the basics right
-
September 08, 2025
08
Sep'25
PCI council eyes wider data protection role beyond payments
Hailed as the gold standard for securing credit card information, the Payment Card Industry Data Security Standard (PCI DSS) could be extended to protect other kinds of data following industry feedback
-
September 05, 2025
05
Sep'25
US politicians ponder Wimwig cyber intel sharing law
US cyber data sharing legislation is set to replace an Obama-era law, but time is running out to get it over the line, with global ramifications for the security industry, and intelligence and law enforcement communities
-
August 28, 2025
28
Aug'25
UK cyber security centre helps expose China-based cyber campaign
GCHQ cyber security centre and its international partners release details of malicious cyber activity linked to Chinese businesses
-
August 27, 2025
27
Aug'25
Incident response planning cuts the risk of claiming on cyber security insurance
Proper attention to incident response planning is emerging as a core cyber control when it comes to reducing the risk of having to claim on cyber security insurance, according to a report
-
August 27, 2025
27
Aug'25
Ransomware activity levelled off in July, says NCC
Ransomware levels held steady in the month of July, although the risk remained as persistent as ever
-
August 26, 2025
26
Aug'25
Three new Citrix NetScaler zero-days under active exploitation
Citrix patches three new vulnerabilities in its NetScaler lines warning of active zero-day exploitation by an undisclosed threat actor
-
August 25, 2025
25
Aug'25
Ransomware attack volumes up nearly three times on 2024
During the first six months of 2025, the number of observed and tracked ransomware attacks far outpaced the volume seen in 2024
-
August 21, 2025
21
Aug'25
Moscow exploiting seven-year-old Cisco flaw, says FBI
US authorities warn of an uptick in state-sponsored exploitation of a seven-year-old vulnerability in Cisco's operating system software
-
August 21, 2025
21
Aug'25
Scale of MoD Afghan data breaches widens dramatically
Many more data breaches at the MoD's Arap programme to relocate at-risk Afghan citizens to Britain have emerged following an FoI request by BBC journalists
-
August 21, 2025
21
Aug'25
Apple iOS update fixes new iPhone zero-day flaw
Latest Apple zero-day found in the ImageIO framework opens the door for targeted zero-click attacks on iPhone users
-
August 19, 2025
19
Aug'25
Google spins up agentic SOC to speed up incident management
Google Cloud elaborates on its vision for securing artificial intelligence unveiling new protections and capabilities across its product suite
-
August 19, 2025
19
Aug'25
Deepfake AI scammers target the Big Yin
Cyber criminal scammers exploiting GenAI to create deepfake AI tools are targeting one of the UK’s most beloved comics, and one of its strongest accents
-
August 19, 2025
19
Aug'25
ISACA launches AI security management certification
ISACA accredited security professionals can now pursue a new AI security management credential
-
August 19, 2025
19
Aug'25
Singapore board directors to get cyber crisis training
The Singapore Institute of Directors and Ensign InfoSecurity have launched a programme to equip 1,000 board leaders with the skills to navigate high-stakes decisions during a cyber crisis
-
August 18, 2025
18
Aug'25
Workday hit in wave of social engineering attacks
A campaign of voice-based social engineering attacks targeting users of Salesforce’s services appears to have struck HR platform Workday
-
August 18, 2025
18
Aug'25
L’Oréal to promote cyber resilience for Britain’s beauty salons
L’Oréal UK and Ireland will work with law enforcement, cyber educators and students, and other large organisations to help thousands of small salons across the UK improve their cyber resilience practice
-
August 15, 2025
15
Aug'25
US trade body calls on Washington to cut cyber red tape
The US Information Technology Industry Council has called on the White House’s Office of the National Cyber Director to cut burdensome regulations in areas such as AI and incident reporting, and to do more to build a unified security regime
-
August 12, 2025
12
Aug'25
Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list
Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update
-
August 12, 2025
12
Aug'25
Researchers firm up ShinyHunters, Scattered Spider link
ReliaQuest researchers present new evidence that firms up a potential link, or outright partnership, between the ShinyHunters and Scattered Spider cyber gangs
-
August 12, 2025
12
Aug'25
UK work visa sponsors are target of phishing campaign
Mimecast identifies a phishing campaign targeting UK organisations that sponsor migrant workers and students, opening the door to account compromise and visa fraud
-
August 08, 2025
08
Aug'25
OpenAI closes gap to artificial general intelligence with GPT-5
As OpenAI’s latest large language model delivers smarter AI, experts are wary of the risks GPT-5 poses to human creativity
-
August 06, 2025
06
Aug'25
Black Hat USA: Startup breaks secrets management tools
Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms
-
August 06, 2025
06
Aug'25
Cyber criminals would prefer businesses don’t use Okta
Okta details a phishing campaign in which the threat actor demonstrated some unusually strong opinions on what authentication methods they would like their targets to use
-
August 06, 2025
06
Aug'25
Companies House ID verification to start in November 2025
Companies House plans to start vetting director identities from mid-November, but its reliance on the troubled One Login digital identity service may be cause for concern
-
August 06, 2025
06
Aug'25
NCSC updates CNI Cyber Assessment Framework
Updates to the NCSC’s Cyber Assessment Framework are designed to help providers of critical services better manage their risk profiles
-
August 06, 2025
06
Aug'25
Australian scaleup to bring AI-led data protection to the MoD
The UK’s Ministry of Defence is embracing AI-led data protection in the wake of a major privacy breach, enlisting Australian cyber firm Castlepoint Systems to oversee sensitive records
-
August 04, 2025
04
Aug'25
Black Hat USA: Halcyon and Sophos tag-team ransomware fightback
Ransomware experts Halcyon and Sophos are to pool their expertise in ransomware, working together to enhance data- and intelligence-sharing and bringing more comprehensive protection to customers
-
August 04, 2025
04
Aug'25
Proliferation of on-premise GenAI platforms is widening security risks
Research finds increased adoption of unsanctioned generative artificial intelligence platforms is magnifying risk and causing a headache for security teams
-
July 30, 2025
30
Jul'25
Scattered Spider tactics continue to evolve, warn cyber cops
CISA, the FBI, NCSC and others have clubbed together to update previous guidance on Scattered Spider's playbook, warning of new social engineering tactics and exploitation of legitimate tools, among other things
-
July 30, 2025
30
Jul'25
Apple pushes almost 30 security fixes in mobile update
Apple pushes what will likely be the last major security update to its current iPhone and iPad operating systems, fixing 29 vulnerabilities in its mobile ecosystem
-
July 30, 2025
30
Jul'25
MS Authenticator users face passkey crunch time
The deadline for moving to passkeys in Microsoft Authenticator is rapidly approaching, and users are advised to take action now
-
July 30, 2025
30
Jul'25
AI-enabled security pushes down breach costs for UK organisations
Organisations that are incorporating AI and automation into their cyber security practice are seeing improved outcomes when incidents occur, according to an IBM study
-
July 24, 2025
24
Jul'25
Dutch researchers use heartbeat detection to unmask deepfakes
Dutch method to counter deepfakes analyses blood flow patterns in faces that current deepfake generation tools cannot yet replicate
-
July 24, 2025
24
Jul'25
Monzo’s £21m fine highlights banks’ cyber security failures
Monzo’s recent fine over failings in its customer verification processes highlights wider security and privacy shortcomings in the personal finance world
-
July 22, 2025
22
Jul'25
Microsoft confirms China link to SharePoint hacks
Microsoft confirms two known China-nexus threat actors, and one other suspected state-backed hacking group, are exploiting vulnerabilities in SharePoint Server
-
July 22, 2025
22
Jul'25
Chinese cyber spies among those linked to SharePoint attacks
Exploitation of the ToolShell RCE zero-day in Microsoft SharePoint continues to gather pace, with evidence emerging of exploitation by nation state-backed threat actors
-
July 22, 2025
22
Jul'25
UK government to bring in ransomware payment ban
Critical infrastructure operators, hospitals, local councils and schools will be among those banned from giving in to cyber criminal demands as the UK moves forward with proposals to address the scourge of ransomware
-
July 22, 2025
22
Jul'25
UK government signs partnership with OpenAI
Deal sees firm behind ChatGPT collaborate with government on AI security research to explore investment opportunities
-
July 21, 2025
21
Jul'25
The Security Interviews: Jason Nurse, University of Kent
Jason Nurse, reader in cyber security at the University of Kent, discusses the psychological side of cyber and online safety, why placing blame on users as ‘the weakest link’ is wrong – and why security pros should think about user needs more
-
July 16, 2025
16
Jul'25
Scattered Spider playbook evolving fast, says Microsoft
Microsoft warns users over notable evolutions in Scattered Spider’s attack playbook, and beefs up some of the defensive capabilities it offers to customers in response
-
July 15, 2025
15
Jul'25
Current approaches to patching unsustainable, report says
Organisations are struggling to prioritise vulnerability patching appropriately, leading to situations where everything is a crisis, which helps nobody, according to a report
-
July 14, 2025
14
Jul'25
Brits clinging to Windows 10 face heightened risk, says NCSC
Businesses and consumers alike may not feel the need to upgrade to Windows 11 as its predecessor approaches end-of-life, but they are putting their own security at risk, says the NCSC
-
July 10, 2025
10
Jul'25
Four arrested in M&S cyber attack investigation
Police have made four arrests in connection with a trio of cyber attacks on UK retailers Marks & Spencer, Co-op and Harrods
-
July 09, 2025
09
Jul'25
Qantas details impact of data breach on 5.7 million customers
Australian flag carrier begins notifying millions of individuals after a cyber attack on a call centre, confirming that while financial and passport details are safe, a significant volume of other personal information was compromised
-
July 08, 2025
08
Jul'25
M&S calls for mandatory ransomware reporting
The government should extend ransomware reporting mandates to businesses to help gather more intelligence and better support victims, says M&S chairman Archie Norman
-
July 07, 2025
07
Jul'25
Digital warfare is blurring civilian front lines
Singapore’s defence cyber chief warns that the traditional lines between military conflict and civilian life are blurring, with adversaries now targeting civilian systems and using AI to put the threat landscape on steroids