Kirsten Doyle

Barts Health, the UK’s largest NHS trust, which runs five major hospitals across London, has confirmed that patient and staff data was stolen in ransomware gang Cl0p’s mass-exploitation of Oracle’s EBS.  “We are taking urgent action and seeking a High Court order to ban the publication, use or sharing of this data by anyone,” Barts Health said in an update on its website. Cl0p posted several stolen files on the dark web, including names and addresses of people who were liable to pay for treatment or services at a Barts Health hospital over several years. Several former employees are also listed because…

A Gartner report is recommending companies to block AI-powered “agentic browsers” due to severe security risks, including data leaks to cloud systems, prompt injection vulnerabilities, and potential for malicious manipulation. The analyst giant’s advisory said organizations should block AI browsers for now due to significant security risks, mostly because their default settings prioritize user experience and automation over security controls.   It said agentic browsers can be hijacked to transfer sensitive data to attackers. Gartner analysts, including Dennis Xu, Evgeny Mirolyubov, and John Watts, issued an advisory titled “Cybersecurity Must Block AI Browsers for Now”. The key points from their analysis include: Enterprises Aren’t Fully Prepared …

ISC2 has released its 2025 Cybersecurity Workforce Study, and while the economic headwinds that battered security teams last year appear to be stabilizing, the industry’s skills gap is getting worse.   The report, based on responses from more than 16,000 cybersecurity professionals, indicates that layoffs and budget cuts have ceased to accelerate.   Reports of budget cuts (36%) and layoffs (24%) dipped slightly year over year. However, that modicum of relief isn’t translating into stronger teams. A third of respondents claimed their firms still can’t afford to staff security properly, and nearly as many reported they can’t hire the expertise they need. Unsurprisingly, 72% agreed that shrinking headcount directly increases the risk of breach. …

Cyber extortion is on the rise. New data from the Orange Cyberdefense Security Navigator 2026, highlighted how Cy-X victims rose 44.5% year-over-year, reaching 6,142 cases between October 2024 and September 2025.   The ecosystem fueling these attacks has also expanded, with 91 distinct Cy-X brands now active, up from 76 the previous year. That growth, combined with an 18% jump in victims per actor, reveals how shared infrastructure and affiliate models are driving industrial-scale efficiency. While criminal groups mature, state-sponsored operations are becoming more methodical. Campaigns such as Salt Typhoon relied on known, unpatched vulnerabilities rather than zero-days to compromise routers, VPNs, and firewalls across 80 countries.  …

Microsoft said it experienced a widespread outage that affected its Microsoft Defender portal, preventing many customers from accessing security alerts, device inventories, and threat-hunting dashboards. “We’re investigating an issue where users may experience issues when trying to access the Microsoft Defender portal. Additional information will be provided in the admin center under DZ1191468,” the company said on X. It all started when a sudden spike in traffic caused high CPU use on the backend components that are responsible for powering the Defender portal’s core functions.   During the outage, users were met with missing devices, blank alert pages, and a portal that simply wouldn’t load, basically everything you don’t want from a security dashboard when you’re trying to keep an eye on risk. Microsoft rolled out mitigations, boosting…

The Cleafy Threat Intelligence team has discovered a new Android malware family, called Albiriox, that is making its way across the cybercrime ecosystem. It is offered as a full-fledged Malware-as-a-Service (MaaS) and already shows the hallmarks of modern mobile banking threats.   First noticed in September this year during a quiet recruitment phase on underground forums, the operation went fully public a month later. Early signals, including forum chatter and infrastructure footprints, point to Russian-speaking threat actors behind the scourge. Albiriox is built for On-Device Fraud. Instead of spoofing activity from outside the device, the malware lets attackers operate inside legitimate banking and crypto apps in…

A major piece of the internet’s invisible plumbing faltered recently when Cloudflare (the infrastructure giant that protects and accelerates millions of sites) experienced a global outage that left users staring at error messages across the web. Platforms including X and OpenAI suffered elevated disruption, while some site owners couldn’t even access their dashboards.  Cloudflare eventually traced the root cause to a configuration file that ballooned beyond its expected size, crashing a key traffic-handling component. By mid-afternoon on the same day, the company announced a fix and apologised “to customers and the internet in general for letting you down today,” adding that it would…

Several London councils have spent the past few days grappling with cyber-attacks that have disrupted key systems and forced emergency plans into action, the BBC has reported. The Royal Borough of Kensington & Chelsea (RBKC) confirmed that it and Westminster City Council are dealing with a “cyber incident affecting some shared IT systems.” Phone lines and other services have been intermittently unavailable, and both councils say they are working with cyber specialists and the National Cyber Security Centre to contain the issue and protect data. The Met Police has opened an investigation. According to the Royal Borough of Kensington and Chelsea (RBKC), the…

ReliaQuest has uncovered what appears to be a coordinated campaign by the threat group Scattered Lapsus$ Hunters (SLSH) to target organizations using the customer service platform Zendesk.   The findings, published in a new ReliaQuest blog, point to a sustained effort to weaponize help-desk workflows as a path into corporate systems. Researchers identified a cluster of newly created infrastructure over the past six months, including typosquatted domains and impersonation URLs crafted to mimic legitimate Zendesk environments. Many of these pages host phishing portals (some posing as SSO login screens) designed to steal user credentials before the genuine Zendesk authentication process even begins. ReliaQuest also reports signs that attackers have been submitting fraudulent…

Harvard University has disclosed a vishing attack that exposed the personal information of students, parents, alumni (and some of their spouses, partners), donors, staff, and faculty members.    Exposed data includes “biographical information pertaining to University fundraising and alumni engagement activities” as well as emails, phone numbers, home and business addresses, attendance records, and donation details. The University said it acted immediately to remove the actor’s access to its systems and prevent further unauthorized access. “Our investigation is currently ongoing. We are working with third-party cybersecurity experts and law enforcement to investigate this incident. This website will be updated.” Harvard said it is working with third-party…