‘Mortified’ OBR chair hopes inquiry into budget leak will report next week
Reuters news agency says it obtained document after visiting URL it predicted file would be uploaded toHow Rachel Reeves’s budget was leaked 40 minutes earlyThe chair of the Office for Budget Responsibility has said he felt mortified by the early release of its budget forecasts as the watchdog launched a rapid inquiry into how it had “inadvertently made it...
China Software Developer Network – 6,414,990 breached accounts
In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords. - Read more
London councils enact emergency plans after three hit by cyber-attack
Kensington and Westminster councils investigating whether data has been compromised as Hammersmith and Fulham also reports hackThree London councils have reported a cyber-attack, prompting the rollout of emergency plans and the involvement of the National Crime Agency (NCA) as they investigate whether any data has been compromised.The Royal Borough of Kensington and Chelsea (RBKC), and Westminster city council, which...
npm (Shai-Hulud) Supply Chain Attack
What is the Attack? On November 24, 2025, Shai Hulud launches a second supply-chain attack, compromising Zapier, ENS, AsyncAPI, PostHog, and Postman, along with over 25,000 affected repositories across ~350 unique users. Shai Hulud 2.0 Strikes Again: Malware Supply-Chain Attack Hits Zapier & ENS...
Behind the Bargains: Why Phishing Peaks on Black Friday
Black Friday has evolved into one of the most active shopping periods of the year. No longer is it just one day of shopping after Thanksgiving; the sales have now turned into a full week of high-volume promotions, beginning before Thanksgiving and stretching through Black Friday and Cyber Monday, with many retailers extending deals even longer. Unsurprisingly, this surge...
The Shai-Hulud 2.0 npm worm: analysis, and what you need to know
Learn more about the Shai-Hulud 2.0 npm worm. - Read more
Tracking RondoDox: Malware Exploiting Many IoT Vulnerabilities
Over a dozen exploits were used to target IoT devices. - Read more
New “Generation Y” Hierarchy of Root and Intermediate Certificates
In a ceremony held in September, Let’s Encrypt generated two new Root Certification Authorities (CAs) and six new Intermediate CAs, which we’re collectively calling the “Generation Y” hierarchy. Now we’re moving to begin issuing certificates from this new hierarchy, and to submit it to various root programs for inclusion in their trust stores.
The two new roots look very similar...
Why Datadog is a 2025 Cloud Security Leader
A recap of Datadog's awards from the 2025 Latio Cloud Security Market Report - Read more
Latest article
Vulnerability monitoring service secures public-sector websites faster
An automated scanning system has cut the time it takes to fix cybersecurity vulnerabilities across public sector IT systems, reducing...
Chrome Gemini Vulnerability Lets Attackers Access Victims’ Camera and Microphone Remotely
A high-severity security vulnerability has been discovered in Google Chrome’s integrated Gemini AI assistant, exposing users to unauthorized camera and microphone access, local file...
2nd March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 2nd March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Wynn Resorts, a...
Chrome Unveils Plan For Quantum-Safe HTTPS Certificates
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS - Read more
