#cyber-awareness
#cyber-awareness

Careers

CISO Conversations: Ross McKerchar, CISO at Sophos

fromLondon Business News | Londonlovesbusiness.com

Privacy professionals

Man with @ihackedthegovernment Instagram account tells judge, "I made a mistake"

Information security

The rising cost of data breaches: Why backup and cyber protection must go hand in hand - London Business News | Londonlovesbusiness.com

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

2 weeks ago

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.

Careers

CISO Conversations: Ross McKerchar, CISO at Sophos

Ross McKerchar transitioned from IT to cybersecurity, becoming CISO at Sophos, emphasizing leadership skills and the growing cybersecurity profession.

Man with @ihackedthegovernment Instagram account tells judge, "I made a mistake"

Moore accessed the Supreme Court's filing system and other accounts using stolen credentials, publicly posting sensitive personal information of individuals online.

fromLondon Business News | Londonlovesbusiness.com

The rising cost of data breaches: Why backup and cyber protection must go hand in hand - London Business News | Londonlovesbusiness.com

Cyber incidents now lead to significant financial and reputational damage, necessitating a unified strategy for backup and cyber protection.

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

2 weeks ago

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

more#cybersecurity

fromThe Washington Post

fromwww.independent.co.uk

Inside a growing movement warning AI could turn on humanity

"That requires a bunch of people to go take things that folks here are figuring out and [explain them] to the rest of the world," said Jeffrey Ladish, emphasizing the need for effective communication about AI risks.

US news

UK politics

18 hours ago

Government to host summit about keeping children safe online in age of AI

The Independent focuses on critical issues like reproductive rights and online safety, emphasizing the need for accessible journalism.

#privacy

fromElectronic Frontier Foundation

Privacy technologies

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy technologies

How Push Notifications Can Betray Your Privacy (and What to Do About It)

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

fromElectronic Frontier Foundation

How Push Notifications Can Betray Your Privacy (and What to Do About It)

Push notifications can reveal personal information, and both Apple and Google have restrictions on sharing this data with law enforcement.

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

more#privacy

#ai

fromMedium

6 hours ago

Test smart: how to approach AI and stay sane?

AI tools can enhance productivity but may compromise quality if not used critically.

Information security

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

fromMedium

6 hours ago

Test smart: how to approach AI and stay sane?

AI tools can enhance productivity but may compromise quality if not used critically.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

more#ai

#data-breach

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.

Marketing tech

fromAP News

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies like Google to enhance their defenses against malicious ads.

Marketing tech

fromSFGATE

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.

Marketing tech

fromAP News

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies like Google to enhance their defenses against malicious ads.

more#generative-ai

Women in technology

fromwww.theguardian.com

Online abuse is silencing women on a staggering scale it's a democratic crisis | Sharon Kechula

Susan Kihika faced severe online abuse after maternity leave, highlighting gender-based violence and double standards in political scrutiny against women.

Books

fromSlate Magazine

A New Kind of Scandal Is Growing Online. It's Ruining Careers-and Aimed at the Wrong Target.

A.I. detection controversies highlight concerns over authorship and the impact of technology on writing.

London startup

One year on from the M&S cyber attack: What did we learn? | Computer Weekly

Marks & Spencer experienced a significant cyber attack in April 2025, disrupting services and highlighting vulnerabilities in third-party tech suppliers.

Healthcare

What "The Pitt" Gets Right About Ransomware and What Hospitals Can't Afford to Ignore

Ransomware incidents in healthcare lead to significant operational fallout, requiring extensive recovery efforts beyond just paying the ransom.

Security by Design prevents higher bills

Incorporating security during design reduces costs significantly compared to retrofitting security measures after development.

Information security

Five Top Tips for Building a Strong Security Culture

Software development

Security by Design prevents higher bills

Incorporating security during design reduces costs significantly compared to retrofitting security measures after development.

Information security

Five Top Tips for Building a Strong Security Culture

more#security-by-design

Deliverability

fromenglish.elpais.com

Only 13% of emails are written by people, and more than half end up in the spam folder: This isn't a technical detail; it's a structural change'

Email is increasingly dominated by automated systems, with 87% of traffic generated by them, leading to declining effectiveness and user engagement.

fromNature

Researchers: here's how to audit your fragmented digital identity

A search for 'Guo Wei' in ORCID returned 616 profiles, none affiliated with the Jiangsu University of Science and Technology, highlighting the difficulty in verifying academic identities.

Higher education

Education

fromWIRED

The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought

AI-generated deepfake nude images are impacting nearly 90 schools and over 600 students globally, causing severe emotional distress among victims.

Digital life

fromwww.dw.com

Dangerous Apps In the Web of Data Brokers

Smartphone apps collect detailed location data, often shared with data brokers, posing security risks to users, including soldiers and government officials.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

fromBusiness Matters

How to build an effective employee phishing training program in 2026

Effective employee phishing training programs focus on behavior change and continuous education to reduce security risks and improve reporting rates.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

fromBusiness Matters

How to build an effective employee phishing training program in 2026

Effective employee phishing training programs focus on behavior change and continuous education to reduce security risks and improve reporting rates.

more#phishing

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.

fromFast Company

How to hide your sensitive info (for real) when using ChatGPT and other AI chatbots

Chatbots can be useful for summarizing complex information, but sensitive data must be properly redacted to ensure privacy.

EU data protection

CYBERUK '26: UK lagging on legal protections for cyber pros | Computer Weekly

The outdated Computer Misuse Act hinders UK cyber security innovation and needs urgent reform to protect cyber professionals.

#age-verification

fromAbove the Law

Privacy technologies

438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. - Above the Law

EU data protection

fromWIRED

Europe's Online Age Verification App Is Here

The European online age verification app ensures anonymous age verification using ID cards or passports, protecting children from harmful content.

fromThe Verge

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

fromAbove the Law

438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. - Above the Law

Age verification mandates for the internet are technically flawed, threaten privacy, and may cause more harm than good, according to 438 researchers from 32 countries.

EU data protection

fromWIRED

Europe's Online Age Verification App Is Here

The European online age verification app ensures anonymous age verification using ID cards or passports, protecting children from harmful content.

fromThe Verge

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

more#age-verification

UK politics

fromwww.bbc.com

Social media leaders called to Downing Street over children's safety

Social media executives are meeting with UK leaders to discuss children's online safety and responsibilities of tech companies.

Deliverability

fromZDNET

This simple email trick saves me from annoying marketing spam (and it's free to do)

Using a dedicated shopping email can effectively reduce spam and clutter in your primary inbox.

4 hours ago

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

fromThe Verge

Anthropic's new cybersecurity model could get it back in the government's good graces

Anthropic's relationship with the Trump administration has improved due to its new cybersecurity model, Claude Mythos Preview.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

ZionSiphon Malware Targets ICS in Water Facilities

Information security

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Information security

Fake Claude Website Distributes PlugX RAT

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

more#malware

Cloudflare can remember it for you wholesale

Agent Memory enhances AI by providing persistent memory for better recall and smarter interactions.

fromZDNET

A data removal service helped me reclaim my privacy - see if you need one, too

Personal data is collected and sold by brokers, making removal services essential for protecting sensitive information.

fromFortune

AI cybersecurity capabilities require urgent international cooperation, AI godfather Bengio says | Fortune

Yoshua Bengio emphasizes the urgent need for international cooperation in addressing AI's risks, particularly with the release of Anthropic's Mythos model.

#identity-verification

fromwww.businessinsider.com

Claude is requiring some of its users to verify their identity. Here's Anthropic's explanation.

Anthropic is implementing identity verification for some Claude users to combat fraudulent behavior.

Anthropic starts checking ID for some Claude users

Anthropic is implementing identity verification for certain Claude features to enhance platform integrity and compliance.

fromwww.businessinsider.com

Claude is requiring some of its users to verify their identity. Here's Anthropic's explanation.

Anthropic is implementing identity verification for some Claude users to combat fraudulent behavior.

more#identity-verification

Anthropic starts checking ID for some Claude users

Anthropic is implementing identity verification for certain Claude features to enhance platform integrity and compliance.

DevOps

fromInfoQ

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect processed fraudulent charges using real customer data, including names and addresses, to make the charges appear legitimate and maintain a low chargeback ratio.

Privacy professionals

fromHarvard Gazette

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.

fromBusiness Matters

Why Trust and Verification Are Critical for Modern Online Platform Businesses

Trust is essential yet fragile in the digital economy, with platforms facing increasing challenges from sophisticated online scams.

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

fromthenextweb.com

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

fromthenextweb.com

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

#north-korea

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

more#north-korea

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.

How CSOs Can Win Board Support for Gunshot Detection Technology

CSOs must effectively frame gunshot detection technology to gain executive support and align it with corporate risk priorities.

fromInfoWorld

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

fromMedCity News

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Mythos outperformed previous models in TLO tests, showing capability in attacking vulnerable systems but still facing limitations in complex scenarios.

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.

fromLondon Business News | Londonlovesbusiness.com

How to build digital trust in an era of automated scams - London Business News | Londonlovesbusiness.com

Automated scams are increasingly sophisticated, requiring businesses to enhance digital trust through visible actions and layered verification strategies.

FBI announces takedown of phishing operation that targeted thousands of victims | TechCrunch

The FBI dismantled a global phishing operation, W3LL, targeting over 17,000 victims and facilitating over $20 million in fraud.

1 week ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

2 weeks ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload

Attackers deliberately overwhelm SOC analysts with high-volume phishing campaigns to delay investigations and create windows for successful breaches, making analyst capacity a critical vulnerability.

The Great Security Culture Shift: Building a Proactive Defense in an Era of Advanced Threats and Social Engineering

Hackers exploit DLL side-loading on trusted platforms like LinkedIn to deliver malware through seemingly legitimate file attachments, bypassing traditional security defenses and compromising entire corporate networks.

Understanding Breaches Before and After They Happen: What Every Organization Should Know

Most security breaches result from neglected fundamentals—human error, unpatched systems, weak authentication, and poor network segmentation—rather than advanced, novel exploits.

fromZDNET

Half of all cyberattacks start in your browser: 10 essential tips for staying safe

Web browsers are among the top targets for today's cybercriminals, playing a role in nearly half of all security incidents, new research reveals. According to Palo Alto Networks' 2026 Global Incident Response report, an analysis of 750 major cyber incidents recorded last year across 50 countries found that, in total, 48% of cybercrime events involved browser activity. Individuals trying to connect to the web, including business employees, are exposed to cyberthreats on a daily basis.

Information security

Badges, Bytes and Blackmail

418 publicly announced law enforcement actions (2021–mid-2025) compiled into a standardized dataset detailing action types, targeted cybercrimes, and enforcement outcomes.