NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”
The UK's National Cyber Security Centre is urging organizations to prepare for glut of new software updates
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The UK's National Cyber Security Centre is urging organizations to prepare for glut of new software updates
Investigators found the malware, dubbed Firestarter, on a federal agency's network in a campaign dating back to at least September 2025. The post US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied appeared first on CyberScoop.
The National Cyber Security Centre wants UK firms to patch CVE-2025-53521
PLUS: Veeam patches critical vuln; Crims bribing dark web insiders; UK school takedown; And more infosec in brief Meta has fixed a flaw in its Instagram service that allowed third parties to generate password reset emails, but denied the problem led to theft of users’ personal information.…
Also, North Korean Hackers Remotely Wipe Android DevicesThis week, the U.K. government probed Chinese electric buses for a kill switch, APT37 abused Google's Find Hub in South Korea, Conduent said its January hack will cost it more, Hyundai disclosed a breach and Patch Tuesday. OWASP added two new categories to its Top 10 web application vulnerabilities.
CISA gives feds 24 hours to patch, NCSC urges rapid action as flaws linked to ArcaneDoor spies Cybersecurity agencies on both sides of the Atlantic are sounding the alarm over Cisco firewall vulnerabilities that are being exploited by an "advanced threat actor."…
Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is already being actively exploited in the wild.…
Also: New 'Quishing' Tactics, Pro-Houthi Hacker Sentenced to 20 MonthsThis week, a Scattered Spider hacker sentenced, new squishing tricks, a pro-Houthi hacker gets 20 months in the United Kingdom, a Taiwanese web hosting provider hacked, the Business Council of New York and Ohio Medical Cannabis Center breached, North Korean hackers target Seoul and an Apple Patch.
Also, O Canada, Oh Brother and More Probable Chinese HackingThis week, ransomware kills, Salt Typhoon hit Canada, Russian backdoors, SAP and Citrix patches, China hackers in the oil and energy sector. Brother printers have an unfixable flaw. Ransomware hit a U.S. dairy cooperative. Hackers in Albania and Oxford. European lawmakers heard cybersecurity advice.
Researcher finds VoLTE metadata could be used to locate users within 100 meters UK telco Virgin Media O2 has fixed an issue with its 4G Calling feature that allowed users' general location to be discerned by those who called them.…
A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. [...]
Urges Companies to Regularly Patch Their ProductsIn a bid to prevent disruptive hacks, the English National Health Service is prodding suppliers to commit to voluntary cybersecurity measures, which include regularly patching IT systems, instituting MFA, and monitoring systems to allow prompt incident response.
Urges Companies to Regularly Patch Their ProductsThe British National Health Service is prodding suppliers to commit to voluntary cybersecurity measures in a bid to prevent disruptive hacks. Among the proposed measures are regularly patching IT systems, instituting multifactor authentication and requiring IT suppliers to monitor and log their systems to allow prompt incident response.
The UK’s National Cyber Security Agency has called on Next.js users to patch CVE-2025-29927
The United Kingdom's Information Commissioner's Office (ICO) revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities. [...]
You know when we all said quit using MD5? We really meant it Most Windows-powered datacenter systems and applications remain vulnerable to a spoofing bug in CryptoAPI that was disclosed by the NSA and the UK National Cyber Security Center (NCSC) and patched by Microsoft last year, according to Akamai's researchers.…
Brit solicitor fined after admitting it took 5 months to install critical update Criminal defense law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.…