News

Security policy and user awareness

• August 12, 2025 12 Aug'25

  Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list

  Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update

• August 12, 2025 12 Aug'25

  Researchers firm up ShinyHunters, Scattered Spider link

  ReliaQuest researchers present new evidence that firms up a potential link, or outright partnership, between the ShinyHunters and Scattered Spider cyber gangs

• August 12, 2025 12 Aug'25

  UK work visa sponsors are target of phishing campaign

  Mimecast identifies a phishing campaign targeting UK organisations that sponsor migrant workers and students, opening the door to account compromise and visa fraud

• August 08, 2025 08 Aug'25

  OpenAI closes gap to artificial general intelligence with GPT-5

  As OpenAI’s latest large language model delivers smarter AI, experts are wary of the risks GPT-5 poses to human creativity

• August 06, 2025 06 Aug'25

  Black Hat USA: Startup breaks secrets management tools

  Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms

• August 06, 2025 06 Aug'25

  Cyber criminals would prefer businesses don’t use Okta

  Okta details a phishing campaign in which the threat actor demonstrated some unusually strong opinions on what authentication methods they would like their targets to use

• August 06, 2025 06 Aug'25

  Companies House ID verification to start in November 2025

  Companies House plans to start vetting director identities from mid-November, but its reliance on the troubled One Login digital identity service may be cause for concern

• August 06, 2025 06 Aug'25

  NCSC updates CNI Cyber Assessment Framework

  Updates to the NCSC’s Cyber Assessment Framework are designed to help providers of critical services better manage their risk profiles

• August 06, 2025 06 Aug'25

  Australian scaleup to bring AI-led data protection to the MoD

  The UK’s Ministry of Defence is embracing AI-led data protection in the wake of a major privacy breach, enlisting Australian cyber firm Castlepoint Systems to oversee sensitive records

• August 04, 2025 04 Aug'25

  Black Hat USA: Halcyon and Sophos tag-team ransomware fightback

  Ransomware experts Halcyon and Sophos are to pool their expertise in ransomware, working together to enhance data- and intelligence-sharing and bringing more comprehensive protection to customers

• August 04, 2025 04 Aug'25

  Proliferation of on-premise GenAI platforms is widening security risks

  Research finds increased adoption of unsanctioned generative artificial intelligence platforms is magnifying risk and causing a headache for security teams

• July 30, 2025 30 Jul'25

  Scattered Spider tactics continue to evolve, warn cyber cops

  CISA, the FBI, NCSC and others have clubbed together to update previous guidance on Scattered Spider's playbook, warning of new social engineering tactics and exploitation of legitimate tools, among other things

• July 30, 2025 30 Jul'25

  Apple pushes almost 30 security fixes in mobile update

  Apple pushes what will likely be the last major security update to its current iPhone and iPad operating systems, fixing 29 vulnerabilities in its mobile ecosystem

• July 30, 2025 30 Jul'25

  MS Authenticator users face passkey crunch time

  The deadline for moving to passkeys in Microsoft Authenticator is rapidly approaching, and users are advised to take action now

• July 30, 2025 30 Jul'25

  AI-enabled security pushes down breach costs for UK organisations

  Organisations that are incorporating AI and automation into their cyber security practice are seeing improved outcomes when incidents occur, according to an IBM study

• July 24, 2025 24 Jul'25

  Dutch researchers use heartbeat detection to unmask deepfakes

  Dutch method to counter deepfakes analyses blood flow patterns in faces that current deepfake generation tools cannot yet replicate

• July 24, 2025 24 Jul'25

  Monzo’s £21m fine highlights banks’ cyber security failures

  Monzo’s recent fine over failings in its customer verification processes highlights wider security and privacy shortcomings in the personal finance world

• July 22, 2025 22 Jul'25

  Microsoft confirms China link to SharePoint hacks

  Microsoft confirms two known China-nexus threat actors, and one other suspected state-backed hacking group, are exploiting vulnerabilities in SharePoint Server

• July 22, 2025 22 Jul'25

  Chinese cyber spies among those linked to SharePoint attacks

  Exploitation of the ToolShell RCE zero-day in Microsoft SharePoint continues to gather pace, with evidence emerging of exploitation by nation state-backed threat actors

• July 22, 2025 22 Jul'25

  UK government to bring in ransomware payment ban

  Critical infrastructure operators, hospitals, local councils and schools will be among those banned from giving in to cyber criminal demands as the UK moves forward with proposals to address the scourge of ransomware

• July 22, 2025 22 Jul'25

  UK government signs partnership with OpenAI

  Deal sees firm behind ChatGPT collaborate with government on AI security research to explore investment opportunities

• July 21, 2025 21 Jul'25

  The Security Interviews: Jason Nurse, University of Kent

  Jason Nurse, reader in cyber security at the University of Kent, discusses the psychological side of cyber and online safety, why placing blame on users as ‘the weakest link’ is wrong – and why security pros should think about user needs more

• July 16, 2025 16 Jul'25

  Scattered Spider playbook evolving fast, says Microsoft

  Microsoft warns users over notable evolutions in Scattered Spider’s attack playbook, and beefs up some of the defensive capabilities it offers to customers in response

• July 15, 2025 15 Jul'25

  Current approaches to patching unsustainable, report says

  Organisations are struggling to prioritise vulnerability patching appropriately, leading to situations where everything is a crisis, which helps nobody, according to a report

• July 14, 2025 14 Jul'25

  Brits clinging to Windows 10 face heightened risk, says NCSC

  Businesses and consumers alike may not feel the need to upgrade to Windows 11 as its predecessor approaches end-of-life, but they are putting their own security at risk, says the NCSC

• July 10, 2025 10 Jul'25

  Four arrested in M&S cyber attack investigation

  Police have made four arrests in connection with a trio of cyber attacks on UK retailers Marks & Spencer, Co-op and Harrods

• July 09, 2025 09 Jul'25

  Qantas details impact of data breach on 5.7 million customers

  Australian flag carrier begins notifying millions of individuals after a cyber attack on a call centre, confirming that while financial and passport details are safe, a significant volume of other personal information was compromised

• July 08, 2025 08 Jul'25

  M&S calls for mandatory ransomware reporting

  The government should extend ransomware reporting mandates to businesses to help gather more intelligence and better support victims, says M&S chairman Archie Norman

• July 07, 2025 07 Jul'25

  Digital warfare is blurring civilian front lines

  Singapore’s defence cyber chief warns that the traditional lines between military conflict and civilian life are blurring, with adversaries now targeting civilian systems and using AI to put the threat landscape on steroids

• July 02, 2025 02 Jul'25

  US CISA agency extends Iran cyber alert, warns of CNI threat

  The US Cybersecurity and Infrastructure Security Agency reiterates guidance for operators of critical national infrastructure as it eyes the possibility of cyber attacks from Iran

• July 02, 2025 02 Jul'25

  Scattered Spider link to Qantas hack is likely, say experts

  A developing cyber attack at Australian airline Qantas that started at a third-party call centre is already being tentatively attributed to Scattered Spider. Find out more and learn about the next steps for those affected

• July 02, 2025 02 Jul'25

  Dutch study uncovers cognitive biases undermining cyber security board decisions

  Dutch research reveals how cognitive biases can lead to catastrophic security decisions

• June 27, 2025 27 Jun'25

  Ciaran Martin: AI might disturb attacker-defender security balance

  The founder of the National Cyber Security Centre spoke with Computer Weekly at Infosecurity Europe 2025 about how artificial intelligence might disturb the attacker-defender security equilibrium

• June 25, 2025 25 Jun'25

  Latest Citrix vulnerability could be every bit as bad as Citrix Bleed

  A Citrix NetScaler flaw that was quietly patched earlier in June is gathering widespread attention after experts noted strong similarities to the Citrix Bleed vulnerability that caused chaos in late 2023

• June 23, 2025 23 Jun'25

  Police to gain powers to grab online data when they seize phones and laptops

  Academics and civil liberties experts say that proposed ‘authoritarian’ powers to allow police to trawl online and cloud services used by owners of seized devices should require approval from a judge

• June 17, 2025 17 Jun'25

  Cyber action plan kicks off to ‘supercharge’ UK security sector

  UK government says its cyber growth action plan will provide a large boost to Britain’s security industry as it sets out to create a roadmap for future growth

• June 11, 2025 11 Jun'25

  NHS IT the big winner in Reeves’ Spending Review

  The chancellor of the exchequer has significantly upped spending on digital and technology initiatives in the current Spending Review period, with the NHS receiving a 50% tech funding increase

• June 05, 2025 05 Jun'25

  HMRC phishing breach wholly avoidable, but hard to stop

  A breach at HMRC saw innocent taxpayers tricked into letting scammers impersonate them through simple phishing attacks leading to account takeover. Such attacks are avoidable, but hard to stop

• June 04, 2025 04 Jun'25

  Put ROCs before SOCs, Qualys tells public sector

  Putting risk operations before security operations may help government agencies and other public sector bodies better manage the myriad threats they face, and make better decisions for the security of all

• June 04, 2025 04 Jun'25

  NCSC sets out how to build cyber safe cultures

  The UK’s National Cyber Security Centre has published guidance for security teams and leaders on how to foster accessible and appropriate cyber security cultures in their organisations

• June 04, 2025 04 Jun'25

  Infosecurity 2025: SMEs feel on their own in the face of cyber attacks

  Project findings to be presented at Infosecurity Europe 2025 highlight vulnerability of SMEs to cyber attack

• June 03, 2025 03 Jun'25

  SailPoint charts course for AI-driven identity security

  SailPoint is driving the use of agentic AI in identity security with its Harbor Pilot offering while preparing to help enterprises govern and secure AI agents

• June 02, 2025 02 Jun'25

  US cyber agency CISA faces stiff budget cuts

  CISA is one of several US agencies facing drastic budget cuts under the Trump administration

• June 02, 2025 02 Jun'25

  Cyber and digital get over £1bn to enhance UK’s national security

  The government has set out plans to spend over a billion pounds on digital and cyber warfare capabilities to enhance the UK’s ability to defend itself and fight offensive wars

• May 30, 2025 30 May'25

  Dutch businesses lag behind in cyber resilience as threats escalate

  The Netherlands is facing a growing cyber security crisis, with a staggering 66% of Dutch businesses lacking adequate cyber resilience, according to academic research.  

• May 30, 2025 30 May'25

  Cloud migration demands contractual safeguards and clear strategy

  Cyber security experts urge organisations to define clear objectives, understand shared security models and implement strong data governance when migrating workloads to the cloud

• May 27, 2025 27 May'25

  US makes fresh indictments over DanaBot, Qakbot malwares

  US charges the operators of two malwares, DanaBot and Qakbot, whose actions led to millions of dollars worth of cyber theft and fraud

• May 27, 2025 27 May'25

  Armed forces charity steps in to address cyber mental health crisis

  CIISec and military charity PTSD Resolution hope to address a gathering mental health crisis among frontline cyber professionals

• May 21, 2025 21 May'25

  NCSC: Russia’s Fancy Bear targeting logistics, tech organisations

  The NCSC and its partner agencies have blown the whistle on an extensive campaign of malicious cyber attacks orchestrated by the Russian state Fancy Bear operation

• May 21, 2025 21 May'25

  Ransomware attacks dropped by a third last month

  Reported ransomware attacks eased off during April following a dramatic spike in the first quarter of 2025