News
Security policy and user awareness
-
April 22, 2025
22
Apr'25
Secure Future Initiative reveals Microsoft staff focus
IT security is now a metric in the Microsoft employee appraisal process
-
April 17, 2025
17
Apr'25
Tariff turmoil is making supply chain security riskier
Many businesses around the world are taking the decision to alter their supplier mix in the face of tariff uncertainty, but in doing so are creating more cyber risks for themselves, according to a report
-
April 16, 2025
16
Apr'25
CISA extends Mitre CVE contract at last moment
The US Cybersecurity and Infrastructure Security Agency has ridden to the rescue of the under-threat Mitre CVE Programme, approving a last-minute, 11-month contract extension to preserve the project’s vital security vulnerability work
-
April 16, 2025
16
Apr'25
CVE Foundation pledges continuity after Mitre funding cut
With news that Mitre’s contract to run the world-renowned CVE Programme is abruptly terminating, a breakaway group is setting up a non-profit foundation to try to ensure the project’s continuity
-
April 16, 2025
16
Apr'25
Security leaders grapple with AI-driven threats
Experts warn of AI’s dual role in both empowering and challenging cyber defences, and called for intelligence sharing and the need to strike a balance between AI-driven innovation and existing security practices
-
April 15, 2025
15
Apr'25
Mitre warns over lapse in CVE coverage
Mitre, the operator of the world-renowned CVE repository, has warned of significant impacts to global cyber security standards, and increased risk from threat actors, as it emerges its US government contract will lapse imminently
-
April 08, 2025
08
Apr'25
NCSC issues warning over Chinese Moonshine and BadBazaar spyware
Two spyware variants are being used to target the mobile devices of persons of interest to Chinese intelligence, including individuals in the Taiwanese, Tibetan and Uyghur communities
-
April 07, 2025
07
Apr'25
UK SMEs losing over £3bn a year to cyber incidents
A lack of access to technology, little to no staff training, and competing priorities are losing UK SMEs up to £3.4bn to cyber incidents every year
-
April 07, 2025
07
Apr'25
NIST calls time on older vulnerabilities amid surging disclosures
The National Institute of Standards and Technology is deferring future updates to thousands of cyber vulnerabilities discovered prior to 2018 amid surging volumes of new submissions
-
April 04, 2025
04
Apr'25
Norway and Nordic financial sector ramps up cyber security
Finans Norge sets up cyber security unit CTSU to support the finance sector in Norway amid increasing threats
-
April 01, 2025
01
Apr'25
Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order
Home Office refuses to answer questions from Lords over technical capability notice issued against Apple’s iCloud Advanced Data Protection encryption services
-
March 25, 2025
25
Mar'25
ETSI launches first post-quantum encryption standard
European telco standards body launches its first post-quantum cryptography cyber standard, covering the security of critical data and communications
-
March 21, 2025
21
Mar'25
NCSC, DSIT enlist IBM to spearhead cyber diversity agenda
IBM signs on to a partnership deal in support of the popular NCSC CyberFirst Girls scheme designed to foster gender diversity in the cyber security profession
-
March 19, 2025
19
Mar'25
Clop resurgence drives ransomware attacks in February
The exploitation of two new vulnerabilities in a popular file transfer service saw the Clop ransomware gang soar in February, according to NCC
-
March 18, 2025
18
Mar'25
Seaco charts course for unified security strategy
Shipping container leasing giant consolidates security tools onto a single platform, leveraging AI and extended detection and response to improve security operations
-
March 13, 2025
13
Mar'25
SuperBlack ransomware may have ties to LockBit
Forescout researchers report on a new ransomware gang that appears to be keeping the legacy of the notorious LockBit crew alive
-
March 12, 2025
12
Mar'25
iPhone, iPad update fixes critical WebKit flaw
iPhone and iPad users are advised to update their devices as Apple addresses an out-of-bounds write issue in the WebKit browser engine that appears to have been exploited in targeted cyber attacks
-
March 11, 2025
11
Mar'25
March Patch Tuesday brings 57 fixes, multiple zero-days
The third Patch Tuesday of 2025 brings fixes for 57 flaws and a hefty number of zero-days
-
March 11, 2025
11
Mar'25
Perimeter security appliances source of most ransomware hits
Perimeter security appliances and devices, particularly VPNs, prove to be the most popular entry points into victim networks for financially motivated ransomware gangs, according to reports
-
March 11, 2025
11
Mar'25
Dutch police disrupt half of ransomware operations, finds embedded PHD student
Dutch PhD study reveals the impact of centralised intelligence and strategic interventions in the fight against ransomware
-
March 11, 2025
11
Mar'25
Post Office scandal data leak interim compensation offers made
Some subpostmasters affected by Post Office data breach offered interim compensation payments
-
March 11, 2025
11
Mar'25
Singapore IT leaders boost AI security defences
Study reveals a surge in perceived importance of artificial intelligence for cyber security in Singapore, but declining investment in traditional measures raises concerns as sophisticated cyber attacks intensify
-
March 10, 2025
10
Mar'25
How CISOs are tackling cyber security challenges
Security chiefs at the recent Gartner Security and Risk Management Summit in Sydney share insights on navigating board communication, organisational resilience and the importance of understanding business needs
-
March 07, 2025
07
Mar'25
Managing security in the AI age
Gartner experts offer guidance on harnessing AI’s power while mitigating its risks, from managing shadow AI to implementing security controls and policies
-
March 06, 2025
06
Mar'25
UK cyber security damaged by ‘clumsy Home Office political censorship’
Britain’s National Cyber Security Centre secretly censors computer security guidance and drops references to encryption
-
March 05, 2025
05
Mar'25
NHS investigating how API flaw exposed patient data
NHS patient data was left vulnerable by a flaw in an application programming interface used at online healthcare provider Medefer
-
March 04, 2025
04
Mar'25
Aussie businesses ramp up security spending
Australian organisations are set to spend A$6.2bn on security and risk management in 2025, a 14.4% jump from the previous year, driven by the rise of AI and a growing threat landscape
-
March 03, 2025
03
Mar'25
Singapore’s HomeTeamNS hit by ransomware attack
The non-profit organisation suffered a ransomware attack that affected some servers containing employee and member data, prompting an investigation and enhanced security measures
-
March 01, 2025
01
Mar'25
Ransomware: from REvil to Black Basta, what do we know about Tramp?
This key member of the Black Basta ransomware gang is wanted by the US justice system. He narrowly escaped extradition at the end of June 2024 - with the help of highly-placed contacts in Moscow, according to him
-
February 28, 2025
28
Feb'25
NHS staff lack confidence in health service cyber measures
NHS staff understand their role in protecting the health service from cyber threats and the public backs them in this aim, but legacy tech and a lack of training are hindering efforts, according to BT
-
February 27, 2025
27
Feb'25
CVE volumes head towards 50,000 in 2025, analysts claim
Many trends, notably a big shift to open source tools, are behind an expected boom in the number of disclosed vulnerabilities
-
February 26, 2025
26
Feb'25
CISOs spending more on insider risk
Insider risk management budgets have more than doubled in the past 12 months and look set to grow further still in 2025, according to a report
-
February 25, 2025
25
Feb'25
Ransomware: on the murky trail of one of the leaders of Black Basta
The internal exchanges within the Black Basta group revealed last week offer a new opportunity to investigate one of its leaders: Tramp. He may have been arrested in Armenia in June 2024, before being released
-
February 24, 2025
24
Feb'25
European Union calls for more cyber data-sharing with Nato
Updates to the EU’s Cyber Blueprint, establishing best practice for multilateral security incident response in Europe, include calls for more collaboration with Nato member states, as the geopolitical environment becomes ever more fractious
-
February 23, 2025
23
Feb'25
Check Point co-founder on AI, quantum and independence
Gil Shwed, Check Point’s co-founder and executive chairman, discusses the company’s focus on artificial intelligence-driven security and his commitment to remaining an independent force in the cyber security market
-
February 14, 2025
14
Feb'25
Gartner: CISOs struggling to balance security, business objectives
Only 14% of security leaders can ‘effectively secure organisational data assets while also enabling the use of data to achieve business objectives’, according to Gartner
-
February 14, 2025
14
Feb'25
Lenovo CSO: AI adoption fuels security paranoia
Doug Fisher, Lenovo’s chief security officer, outlines the company’s approach to security and AI governance, and the importance of having a strong security culture to combat cyber threats amplified by the use of AI
-
February 11, 2025
11
Feb'25
Google: Cyber crime meshes with cyber warfare as states enlist gangs
A report from the Google Threat Intelligence Group depicts China, Russia, Iran and North Korea as a bloc using cyber criminal gangs to attack the national security of western countries
-
February 07, 2025
07
Feb'25
US lawmakers move to ban DeepSeek AI tool
US politicians have introduced a bill seeking to ban the use of the DeepSeek AI tool on government-owned devices, citing national security concerns due to its alleged links to the Chinese state
-
February 03, 2025
03
Feb'25
Government sets out cyber security practice code to stoke AI growth
The government has set out a cyber security code of practice for developers to follow when building AI products
-
February 03, 2025
03
Feb'25
DeepSeek-R1 more readily generates dangerous content than other large language models
Research scientists at cyber firm Enkrypt AI publish concerning findings from a red team exercise conducted against DeepSeek, the hot new generative AI tool
-
January 31, 2025
31
Jan'25
AI jailbreaking techniques prove highly effective against DeepSeek
Researchers at Palo Alto have shown how novel jailbreaking techniques were able to fool breakout GenAI model DeepSeek into helping to create keylogging tools, steal data, and make a Molotov cocktail
-
January 29, 2025
29
Jan'25
How government hackers are trying to exploit Google Gemini AI
Google’s threat intel squad has shared information on how nation state threat actors are attempting to exploit its Gemini AI tool for nefarious ends
-
January 29, 2025
29
Jan'25
Vallance rejects latest charge to reform UK hacking laws
Science minister Patrick Vallance rejects proposed amendments to the Computer Misuse Act, arguing that they could create a loophole for cyber criminals to exploit
-
January 28, 2025
28
Jan'25
NAO: UK government cyber resilience weak in face of mounting threats
The National Audit Office has found UK government cyber resilience wanting, weakened by legacy IT and skills shortages, and facing mounting threats
-
January 27, 2025
27
Jan'25
Inside CyberArk’s security strategy
CyberArk CIO Omer Grossman talks up the company’s security-first ethos, the importance of an assumed breach mentality and how the company is addressing threats from the growing use of AI
-
January 24, 2025
24
Jan'25
CISOs boost board presence by 77% over two years
A global research study, from Splunk and Oxford Economics, into how chief information security officers interact with boards finds greater participation but enduring gaps
-
January 23, 2025
23
Jan'25
ICO launches major review of cookies on UK websites
ICO sets out 2025 goals, including a review of cookie compliance across the UK’s top 1,000 websites, as it seeks to achieve its ultimate goal of giving the public meaningful control over how their data is used
-
January 22, 2025
22
Jan'25
Privacy professionals expect budget cuts, lack confidence
Over 50% of privacy professionals in Europe expect to see less money earmarked for data security initiatives in 2025, and many don’t have faith their organisations are taking the issue seriously, according to an ISACA report
-
January 22, 2025
22
Jan'25
Funksec gang turned up ransomware heat in December
The criminal ransomware fraternity was hard at work over the festive period, with attack volumes rising and a new threat actor emerging on the scene