News

Security policy and user awareness

September 17, 2025 17 Sep'25
Microsoft scores win against Office 365 credential thieves

Microsoft’s Digital Crimes Unit disrupts a major phishing-as-a-service operation that targeted and stole Office 365 usernames and credentials
September 17, 2025 17 Sep'25
Lufthansa pilots EU Digital Identity Wallet-based travel

Travellers will only be required to tap their phone to pass the various steps of checking in and boarding aircraft
September 16, 2025 16 Sep'25
Exabeam: Treat AI agents as the new insider threat

As artificial intelligence agents are given more power inside organisations, Exabeam’s chief AI officer, Steve Wilson, argues they must be monitored for rogue behaviour just like their human counterparts
September 15, 2025 15 Sep'25
Arqit to support NCSC’s post-quantum cryptography pilot

Quantum specialist Arqit will provide specialised post-quantum migration planning services to organisations preparing to address the imminent risks to traditional cryptography

September 11, 2025 11 Sep'25
Students an increasing source of cyber threat in UK schools

Insider threats arising from student activity now appears to be the chief cause of notifiable cyber or data breach incidents in Britain’s schools
September 10, 2025 10 Sep'25
Splunk.conf: Cisco and Splunk expand agentic SOC vision

The arrival of agentic AI in the security operations centre heralds an era of simplification for security professionals, Splunk claims
September 10, 2025 10 Sep'25
Open source security and sustainability remain unsolved problem

While software bills of materials offer some transparency over software components, they don’t solve the imbalance between corporate consumption of open source software and the lack of investment in its security and health
September 09, 2025 09 Sep'25
Splunk.conf: Splunk urges users to eat their ‘cyber veggies’

The dawn of AI-enabled cyber attacks makes it even more important for defenders to bring their A-game, particularly when it comes to getting the basics right
September 08, 2025 08 Sep'25
PCI council eyes wider data protection role beyond payments

Hailed as the gold standard for securing credit card information, the Payment Card Industry Data Security Standard (PCI DSS) could be extended to protect other kinds of data following industry feedback
September 05, 2025 05 Sep'25
US politicians ponder Wimwig cyber intel sharing law

US cyber data sharing legislation is set to replace an Obama-era law, but time is running out to get it over the line, with global ramifications for the security industry, and intelligence and law enforcement communities

August 28, 2025 28 Aug'25
UK cyber security centre helps expose China-based cyber campaign

GCHQ cyber security centre and its international partners release details of malicious cyber activity linked to Chinese businesses
August 27, 2025 27 Aug'25
Incident response planning cuts the risk of claiming on cyber security insurance

Proper attention to incident response planning is emerging as a core cyber control when it comes to reducing the risk of having to claim on cyber security insurance, according to a report
August 27, 2025 27 Aug'25
Ransomware activity levelled off in July, says NCC

Ransomware levels held steady in the month of July, although the risk remained as persistent as ever
August 26, 2025 26 Aug'25
Three new Citrix NetScaler zero-days under active exploitation

Citrix patches three new vulnerabilities in its NetScaler lines warning of active zero-day exploitation by an undisclosed threat actor
August 25, 2025 25 Aug'25
Ransomware attack volumes up nearly three times on 2024

During the first six months of 2025, the number of observed and tracked ransomware attacks far outpaced the volume seen in 2024
August 21, 2025 21 Aug'25
Moscow exploiting seven-year-old Cisco flaw, says FBI

US authorities warn of an uptick in state-sponsored exploitation of a seven-year-old vulnerability in Cisco's operating system software
August 21, 2025 21 Aug'25
Scale of MoD Afghan data breaches widens dramatically

Many more data breaches at the MoD's Arap programme to relocate at-risk Afghan citizens to Britain have emerged following an FoI request by BBC journalists
August 21, 2025 21 Aug'25
Apple iOS update fixes new iPhone zero-day flaw

Latest Apple zero-day found in the ImageIO framework opens the door for targeted zero-click attacks on iPhone users
August 19, 2025 19 Aug'25
Google spins up agentic SOC to speed up incident management

Google Cloud elaborates on its vision for securing artificial intelligence unveiling new protections and capabilities across its product suite
August 19, 2025 19 Aug'25
Deepfake AI scammers target the Big Yin

Cyber criminal scammers exploiting GenAI to create deepfake AI tools are targeting one of the UK’s most beloved comics, and one of its strongest accents
August 19, 2025 19 Aug'25
ISACA launches AI security management certification

ISACA accredited security professionals can now pursue a new AI security management credential
August 19, 2025 19 Aug'25
Singapore board directors to get cyber crisis training

The Singapore Institute of Directors and Ensign InfoSecurity have launched a programme to equip 1,000 board leaders with the skills to navigate high-stakes decisions during a cyber crisis
August 18, 2025 18 Aug'25
Workday hit in wave of social engineering attacks

A campaign of voice-based social engineering attacks targeting users of Salesforce’s services appears to have struck HR platform Workday
August 18, 2025 18 Aug'25
L’Oréal to promote cyber resilience for Britain’s beauty salons

L’Oréal UK and Ireland will work with law enforcement, cyber educators and students, and other large organisations to help thousands of small salons across the UK improve their cyber resilience practice
August 15, 2025 15 Aug'25
US trade body calls on Washington to cut cyber red tape

The US Information Technology Industry Council has called on the White House’s Office of the National Cyber Director to cut burdensome regulations in areas such as AI and incident reporting, and to do more to build a unified security regime
August 12, 2025 12 Aug'25
Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list

Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update
August 12, 2025 12 Aug'25
Researchers firm up ShinyHunters, Scattered Spider link

ReliaQuest researchers present new evidence that firms up a potential link, or outright partnership, between the ShinyHunters and Scattered Spider cyber gangs
August 12, 2025 12 Aug'25
UK work visa sponsors are target of phishing campaign

Mimecast identifies a phishing campaign targeting UK organisations that sponsor migrant workers and students, opening the door to account compromise and visa fraud
August 08, 2025 08 Aug'25
OpenAI closes gap to artificial general intelligence with GPT-5

As OpenAI’s latest large language model delivers smarter AI, experts are wary of the risks GPT-5 poses to human creativity
August 06, 2025 06 Aug'25
Black Hat USA: Startup breaks secrets management tools

Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms
August 06, 2025 06 Aug'25
Cyber criminals would prefer businesses don’t use Okta

Okta details a phishing campaign in which the threat actor demonstrated some unusually strong opinions on what authentication methods they would like their targets to use
August 06, 2025 06 Aug'25
Companies House ID verification to start in November 2025

Companies House plans to start vetting director identities from mid-November, but its reliance on the troubled One Login digital identity service may be cause for concern
August 06, 2025 06 Aug'25
NCSC updates CNI Cyber Assessment Framework

Updates to the NCSC’s Cyber Assessment Framework are designed to help providers of critical services better manage their risk profiles
August 06, 2025 06 Aug'25
Australian scaleup to bring AI-led data protection to the MoD

The UK’s Ministry of Defence is embracing AI-led data protection in the wake of a major privacy breach, enlisting Australian cyber firm Castlepoint Systems to oversee sensitive records
August 04, 2025 04 Aug'25
Black Hat USA: Halcyon and Sophos tag-team ransomware fightback

Ransomware experts Halcyon and Sophos are to pool their expertise in ransomware, working together to enhance data- and intelligence-sharing and bringing more comprehensive protection to customers
August 04, 2025 04 Aug'25
Proliferation of on-premise GenAI platforms is widening security risks

Research finds increased adoption of unsanctioned generative artificial intelligence platforms is magnifying risk and causing a headache for security teams
July 30, 2025 30 Jul'25
Scattered Spider tactics continue to evolve, warn cyber cops

CISA, the FBI, NCSC and others have clubbed together to update previous guidance on Scattered Spider's playbook, warning of new social engineering tactics and exploitation of legitimate tools, among other things
July 30, 2025 30 Jul'25
Apple pushes almost 30 security fixes in mobile update

Apple pushes what will likely be the last major security update to its current iPhone and iPad operating systems, fixing 29 vulnerabilities in its mobile ecosystem
July 30, 2025 30 Jul'25
MS Authenticator users face passkey crunch time

The deadline for moving to passkeys in Microsoft Authenticator is rapidly approaching, and users are advised to take action now
July 30, 2025 30 Jul'25
AI-enabled security pushes down breach costs for UK organisations

Organisations that are incorporating AI and automation into their cyber security practice are seeing improved outcomes when incidents occur, according to an IBM study
July 24, 2025 24 Jul'25
Dutch researchers use heartbeat detection to unmask deepfakes

Dutch method to counter deepfakes analyses blood flow patterns in faces that current deepfake generation tools cannot yet replicate
July 24, 2025 24 Jul'25
Monzo’s £21m fine highlights banks’ cyber security failures

Monzo’s recent fine over failings in its customer verification processes highlights wider security and privacy shortcomings in the personal finance world
July 22, 2025 22 Jul'25
Microsoft confirms China link to SharePoint hacks

Microsoft confirms two known China-nexus threat actors, and one other suspected state-backed hacking group, are exploiting vulnerabilities in SharePoint Server
July 22, 2025 22 Jul'25
Chinese cyber spies among those linked to SharePoint attacks

Exploitation of the ToolShell RCE zero-day in Microsoft SharePoint continues to gather pace, with evidence emerging of exploitation by nation state-backed threat actors
July 22, 2025 22 Jul'25
UK government to bring in ransomware payment ban

Critical infrastructure operators, hospitals, local councils and schools will be among those banned from giving in to cyber criminal demands as the UK moves forward with proposals to address the scourge of ransomware
July 22, 2025 22 Jul'25
UK government signs partnership with OpenAI

Deal sees firm behind ChatGPT collaborate with government on AI security research to explore investment opportunities
July 21, 2025 21 Jul'25
The Security Interviews: Jason Nurse, University of Kent

Jason Nurse, reader in cyber security at the University of Kent, discusses the psychological side of cyber and online safety, why placing blame on users as ‘the weakest link’ is wrong – and why security pros should think about user needs more
July 16, 2025 16 Jul'25
Scattered Spider playbook evolving fast, says Microsoft

Microsoft warns users over notable evolutions in Scattered Spider’s attack playbook, and beefs up some of the defensive capabilities it offers to customers in response
July 15, 2025 15 Jul'25
Current approaches to patching unsustainable, report says

Organisations are struggling to prioritise vulnerability patching appropriately, leading to situations where everything is a crisis, which helps nobody, according to a report
July 14, 2025 14 Jul'25
Brits clinging to Windows 10 face heightened risk, says NCSC

Businesses and consumers alike may not feel the need to upgrade to Windows 11 as its predecessor approaches end-of-life, but they are putting their own security at risk, says the NCSC