UK’s Cyber Crime Down in 2024: Better 'Cyber Hygiene Among Small Businesses

UK’s Cyber Crime Down in 2024: Better 'Cyber Hygiene Among Small Businesses

The proportion of businesses in the UK reporting cyber attacks and data breaches has dropped from 50% to 43% in the last year. A government study has attributed this to the “observed strengthening of cyber hygiene among small businesses.” The prevalence of cyber crime overall among UK businesses and charities of all sizes has remained consistent year-over-year, according to a recent government study. Phishing also remained the most common type of cyber crime, attack, or…

Read More

Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware'

Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware'

Image: nicescene/Adobe Stock Microsoft has detected a zero-day vulnerability in the Windows Common Log File System (CLFS) being exploited in the wild to deploy ransomware. Target industries include IT, real estate, finance, software, and retail, with companies based in the US, Spain, Venezuela, and Saudi Arabia. The vulnerability, tracked as CVE-2025-29824 and rated “important,” is present in the CLFS kernel driver. It allows an attacker who already has standard user access to a system to…

Read More

North Korean Hackers Disguised as IT Workers Targeting UK, European Companies

North Korean Hackers Disguised as IT Workers Targeting UK, European Companies

North Korean hackers who disguise themselves as IT workers are applying for work in the U.K., according to Google Threat Intelligence Group. Success in the U.S. is declining due to rising awareness of their tactics, indictments, and right-to-work verification challenges, prompting them to turn elsewhere. The attackers pose as legitimate remote workers, looking to generate revenue, access sensitive company data, or perform espionage operations through employment. Researchers observed them seeking out login credentials for job…

Read More

3 Ways the UK Government Plans to Tighten Cyber Security Rules with New Bill

3 Ways the UK Government Plans to Tighten Cyber Security Rules with New Bill

Amid a sharp spike in ransomware attacks disrupting essential services and critical infrastructure, the U.K. government has set out the scope of its upcoming Cyber Security and Resilience Bill for the first time. It aims to patch the holes in the country’s existing cyber regulations and protect critical infrastructure from ransomware and other attack types. “The Cyber Security and Resilience Bill, will help make the UK’s digital economy one of the most secure in the…

Read More

Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters

Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters

Image: cynoclub/Envato Elements Apache Tomcat is under attack as cybercriminals actively exploit a recently disclosed vulnerability, enabling remote code execution (RCE). With simple HTTP requests, attackers can trigger the deserialisation of malicious data and gain control over affected systems. The vulnerability, CVE-2025-24813, was disclosed by Apache on March 10, with the first proof of concept being released on GitHub about 30 hours later, posted by user iSee857. Soon after, security firm Wallarm later saw that…

Read More

Google Acquires Startup Wiz for $32B to 'Turbocharge Improved Cloud Security’

Google Acquires Startup Wiz for B to 'Turbocharge Improved Cloud Security’

Image: Wiz Google has announced it is acquiring cybersecurity startup Wiz for $32 billion. The acquisition is parent company Alphabet’s largest to date, more than doubling its previous record-breaking $12.5 billion purchase of Motorola Mobility in 2012. The company appears to have pursued this deal aggressively due to the growing demand for secure cloud services. The surge in generative AI has prompted tech companies to rush for cloud infrastructure, while major security incidents, such as…

Read More

Update Your iPhone Now to Fix Safari Security Flaw

Update Your iPhone Now to Fix Safari Security Flaw

Image: Apple’s Official YouTube Page Apple has released iOS 18.3.2, an operating system update that fixes a vulnerability in WebKit, the browser engine used by Safari to render web pages. The flaw allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device. Apple previously fixed this vulnerability, CVE-2025-24201, with the release of iOS 17.2 back in late 2023,…

Read More

Billions of Devices at Risk of Hacking Due to Hidden Commands

Billions of Devices at Risk of Hacking Due to Hidden Commands

Tarlogic team giving their presentation during RootedCON. Image: Tarlogic Billions of devices worldwide rely on a widely used Bluetooth-Wi-Fi chip that contains undocumented “hidden commands.” Researchers warn these commands could be exploited to manipulate memory, impersonate devices, and bypass security controls. ESP32, manufactured by a Chinese company called Espressif, is a microcontroller that enables Bluetooth and Wi-Fi connections in numerous smart devices, including smartphones, laptops, smart locks, and medical equipment. Its popularity is partly due…

Read More

Women in Cyber Security on the Rise, But Facing More Layoffs and Budget Cuts Than Men

Women in Cyber Security on the Rise, But Facing More Layoffs and Budget Cuts Than Men

Gender diversity in cybersecurity is slowly improving but inequities continue—a new report finds that the field has 5% more women than in 2023, but that they’re more exposed to other workplace challenges than male counterparts. About 32% of women respondents said their organizations experienced security layoffs over the last year compared to just 23% of male respondents. For Women’s History Month this March, ISC2 delved deeper into data collected for its 2024 Cybersecurity Workforce Study….

Read More

Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains

Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains

Threat actors are increasingly targeting trusted business platforms such as Dropbox, SharePoint, and QuickBooks in their phishing email campaigns and leveraging legitimate domains to bypass security measures, a new report released today has found. By embedding sender addresses or payload links within legitimate domains, attackers evade traditional detection methods and deceive unsuspecting users. According to Darktrace’s Annual Threat Report 2024, the authors detected more than 30.4 million phishing emails, reinforcing phishing as the preferred attack…

Read More
1 2 3 131