Articles about cybersecurity

Although the UK's Online Safety Act has made significant strides in holding online platforms accountable for harmful content, new research reveals a concerning gap in personal cybersecurity awareness among British internet users.

The study from AstrillVPN analysed search data from Google Keyword Planner to identify the privacy concerns most frequently searched by Britons. The results show password security and anonymous browsing are currently dominating the public’s attention.

Continue reading →

The death of the password has been predicted for a very long time, though other methods are now gaining significant traction.

Perhaps the most successful of these is the use of biometrics. We talked to David Stauffer, director of sales North America at Veridas, about how biometrics is transforming authentication across financial services and telcos, and how voice-based verification enhances security against fraud, user experience and operational efficiency.

Continue reading →

Experts from NordVPN are warning about a rise in ‘invisible’ attacks that can steal payment details on legitimate eCommerce sites.

Known as e-skimming this involves malicious JavaScript code being injected into legitimate eCommerce sites to steal customers’ payment data during checkout. This is the online equivalent of physical skimming devices found on ATMs or gas pumps.

Continue reading →

New research from Miggo Security suggests that CISA’s Known Exploited Vulnerabilities (KEV) catalog now reflects only a small slice of real-world exploit risk in open source, and it raises questions about how the industry should be using KEV going forward.

Using open source code speeds innovation but expands the attack surface with every imported library and dependency. The result is a growing catalog of vulnerabilities, each one a potential entry point for attackers.

Continue reading →

Every year, the holiday season brings a predictable spike in online activity. However, in 2025, new reports suggest the volume of newly created malicious infrastructure, account compromise activity, and targeted exploitation of eCommerce systems is markedly higher.

Fortinet’s FortiGuard labs identified more than 18,000 holiday-themed domains registered in the past three months, including terms such as ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale.’ At least 750 of these were confirmed malicious. This indicates many domains are still considered non-malicious, posing a potential risk.

Continue reading →

New research from Bitsight finds that events synced in your digital calendar could be exposing you to phishing, malware and AI jailbreak attacks.

Bitsight’s TRACE research team discovered more than 390 abandoned domains related to iCal sync requests for subscribed calendars, potentially putting around four million devices at risk.

Continue reading →

Most ransomware attacks occur during weekends and holidays, times of distraction or disruption when the majority of SOCs are not adequately staffed.

A new report from Semperis finds that 52 percent of surveyed organizations in the US, UK, France, Germany, Italy, Spain, Singapore, Canada, Australia and New Zealand were targeted at holidays or weekends.

Continue reading →

A new survey of 750 senior cyber security professionals across the US, UK and Australia, carried out by Opinion Matters for ThreatQuotient, finds 97 percent now regard automation, increasingly powered by AI technologies, as essential to business operations.

However, despite 49 percent of respondents obtaining net new budget allocation for cybersecurity automation this year -- up from 39 percent last year -- 96 percent still face persistent challenges, particularly around technology limitations, lack of trust in the outcomes of automated processes, and insufficient time to implement solutions.

Continue reading →

The network firewall was designed for a world that doesn’t exist anymore. When corporate assets sat behind a data center perimeter, inspecting packets between ‘inside’ and ‘outside’ made sense.

But today, with workloads spread across multiple clouds, SaaS platforms, and edge environments, that perimeter has dissolved. Attackers don’t need to smash through firewalls when they can compromise privileged credentials and operate from within. A rogue or stolen admin account can cause catastrophic damage, something no network firewall can stop. The battlefield has shifted from networks to identities.

Continue reading →

Retailers aren’t the only ones to want to make the most of Black Friday, it’s a boom time for scammers too. New analysis by Check Point reveals that one in 11 newly registered Black Friday-themed domains is classified as harmful.

October saw 158 new Black Friday related domains, a 93 percent increase over the 2025 monthly average. Early November intensified that growth, with more than 330 new related domains appearing in only the first 10 days.

Continue reading →

A new report finds that the Common Vulnerabilities and Exposures (CVE) system struggles to keep pace with the realities of modern software development.

The study from Sonatype analyzed 1,552 open source vulnerabilities disclosed in 2025 and found that nearly two-thirds (64 percent) lacked severity scores from the National Vulnerability Database (NVD).

Continue reading →

As the number of CVEs continues to rise, a new study finds 46 percent of respondents say that the volume of vulnerabilities has placed additional strain on their security teams’ resources impacting not only organizational security but also staff well being.

The report from Hackuity also shows that 26 percent, admit this pressure has contributed to a data breach, while 36 percent, report it resulted in a regulatory fine.

Continue reading →

You may have noticed that yesterday ChatGPT, X and a number of other websites -- including BetaNews for a while -- were unavailable due to an issue with online security service Cloudflare. So what went wrong?

According to the company the problem occurred after a configuration file designed to handle threat traffic did not work as intended and ‘triggered a crash’ in its software handling traffic for its wider services.

Continue reading →

Most high-value digital assets, including source code, financial reports, strategic roadmaps, patents and proprietary research, don’t contain traditional sensitive data identifiers. As a result, they’re invisible to legacy pattern-matching tools.

This blind spot exposes organizations to intellectual property theft, insider threats, and accidental leaks through modern collaboration platforms and shadow AI tools. This is why Nightfall is today announcing the launch of AI File Classifier Detectors, a solution that uses large language models (LLMs) to classify and protect business-critical documents that traditional DLP tools can‘t see.

Continue reading →

A new study from WanAware shows a widening disconnect between how prepared organizations believe they are for cybersecurity incidents and how they actually perform under real-world conditions.

The survey of 600 leaders across industries finds 80 percent of cybersecurity and IT decision-makers claim they can detect and contain a cyber incident in under eight hours. However, external benchmarks, including IBM’s Cost of a Data Breach 2025 report, show attackers dwell inside environments undetected for an average of 181 days and breaches take 60 days to contain.

Continue reading →