The UK government is preparing to outlaw ransomware payments by public sector and critical national infrastructure (CNI) organisations. This is part of a broader plan to cut off funding streams to cybercriminals and shrink the attack surface across the economy. The move follows a 12-week public consultation and lands as ransomware continues to dominate the national threat landscape. The July 2025 response paper outlines the government’s intention: to deter attacks by making targeted organisations less lucrative, while bolstering visibility through mandatory reporting. Critics and supporters alike agree. This is a significant step. But whether it hits the right targets is…
Kirsten Doyle
Kirsten Doyle
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Phishing remains the blunt instrument of choice for cybercriminals. And in Q2 2025, they wielded it with more precision (and more imagination) than ever. Microsoft is still the most mimicked brand online. But the bigger story may be who joined it. Check Point Research’s Phishing Trends Q2 2025 report revealed a striking shift in attackers’ priorities: streaming services, travel platforms, and social networks are no longer second-tier targets. They’re front and centre. Spotify, for instance, has re-entered the phishing charts after a six-year absence. Booking.com scams are proliferating. And trusted tech names like Google, Apple, and Adobe are still being…
When it comes to “vibe coding,” automation is king. Tools like Cursor (an AI-based code editor rapidly gaining popularity among developers) promise faster workflows, smarter completions, and agentic autonomy with minimal human oversight. But speed comes with risk. Cursor’s flagship feature, auto-run, is designed to let its AI agents act on your behalf, reading, writing, and executing commands without your intervention. To keep things “safe,” it uses a denylist: you list dangerous commands, and the agent won’t run them unless you explicitly allow it. In theory, this should stop rogue commands in their tracks. In practice, it doesn’t. A False…
One week after Israeli strikes on Iranian nuclear infrastructure, Lookout Threat Intelligence discovered four new samples of DCHSpy, a mobile surveillance tool tied to Iran’s Ministry of Intelligence and Security. The malware, attributed to the Iranian APT group MuddyWater, is back, and it’s watching. DCHSpy collects WhatsApp messages, contact lists, SMS, call logs, stored files, and location data. It can also take photos and record audio. The latest samples show expanded capability: scanning for files of interest and extracting WhatsApp data with precision. The lure this time? Starlink. One of the new samples was disguised as a VPN app named…
Microsoft has released an out-of-band security update to address ToolShell, a critical SharePoint vulnerability that’s already being exploited in the wild. The flaw, tracked as CVE-2025-53770, enables unauthenticated remote code execution; no login, prompts, or user interaction are required. The Washington Post reported the breach impacted US federal and state agencies, universities, energy firms, and an Asian telecom company, citing sources from state officials and private researchers. Until now, there was no fix. Only mitigations. But that changed overnight. “Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update,”…
With summer in full swing, the world is moving again. Airports are crowded, business trips are back, and employees are logging in from cafés, taxis, and terminals. But as travel picks up, so do the risks, particularly for the mobile devices we carry with us everywhere. According to Zimperium’s latest research, more than 5 million unsecured public Wi-Fi networks have been discovered globally since January. One-third of users are connecting to them. And attackers are waiting. “Phones and tablets have become essential productivity tools for a mobile workforce,” Zimperium researchers wrote. “But without the right protections, they can become serious…
A critical vulnerability in Microsoft SharePoint is under active attack, putting thousands of on-premise servers at risk. The flaw, tracked as CVE-2025-53770 and dubbed “ToolShell,” allows unauthenticated remote code execution and requires no user interaction. Microsoft confirmed the zero-day on 19 July. A day later, CISA followed suit, adding the bug to its Known Exploited Vulnerabilities catalog. SharePoint Online (used in Microsoft 365) is not affected. But all supported on-premise versions from SharePoint 2013 onward are in the blast radius. There is no patch yet. The attack is simple and effective. Threat actors send malicious serialized data to the server,…
Cybercriminals have found a new way to stay hidden in plain sight. They’re using artificial intelligence to cloak phishing sites, fake stores, and malware traps, shielding them from scanners while still reaching real victims. This was revealed by recent research from SlashNext. It’s not a trick, but a service. And it’s catching on fast. These platforms (part of a growing ecosystem known as cloaking-as-a-service or CaaS)use machine learning and behavioral profiling to show one version of a website to security systems and another to everyone else. To a crawler, the page looks clean. To a person, it’s a scam. A…
Cyber attacks are rising. Fast. In the second quarter of 2025, entities around the world faced an average of 1,984 cyber attacks each week. This was revealed by new research from Check Point. That’s a 21% increase from the same period last year, and 58% higher than two years ago. The upward trend is clear, but the regional and sector-specific data shows where the pressure is building most. Europe saw the sharpest rise, with attacks jumping 22% year over year. The region’s mix of geopolitical friction, regulatory fragmentation, and a high concentration of sensitive data is proving irresistible to bad…
A global police operation has dealt a heavy blow to the pro-Russian cybercrime network dubbed NoName057(16), which has been accused of launching disruptive digital attacks in support of Moscow’s war against Ukraine. Between 14 and 17 July, law enforcement agencies from across Europe and North America carried out coordinated raids and seizures under Operation Eastwood. The crackdown was led by Europol and Eurojust, and supported by a wide coalition of countries and cybersecurity experts. It dismantled a major portion of the group’s infrastructure, took servers offline, issued arrest warrants, and warned hundreds of suspected sympathisers. NoName057(16) is known for orchestrating…