443 articles · Page 1 of 23
43% of UK businesses breached. Revenue impact doubled. Board engagement finally rising. Mauven MacLeod reads between the lines of the DSIT survey.
Read more →
Microsoft calls CVE-2026-41615 information disclosure. It is an MFA bypass. The Authenticator app leaks work account tokens after one user tap.
Read more →
The NCSC's Windows guidance has recommended TPM plus PIN for years. Most UK organisations ignored it. YellowKey just changed what that decision costs.
Read more →
MFA bypass-as-a-service is now sophisticated enough to defeat most SMB defences. Vidar is back, rebuilt in Go, and harder to detect than ever.
Read more →
CISA confirmed active exploitation of a Microsoft Exchange vulnerability this week. UK small businesses running on-premise email need to act today.
Read more →
Europol have just published the closest thing to an honest map of organised cybercrime. Your security supplier has not mentioned it. Why?
Read more →
A days-old NGINX vulnerability is already being probed and exploited. Grafana's source code was stolen via a single access token. Two stories, one theme: patch windows are collapsing.
Read more →
Two weeks ago we swallowed the 43% headline whole. Today, having read every page of the CSBS 2025/2026, here is what we should have told you the first time.
Read more →
NGINX powers roughly a third of the web. CVE-2026-42945 is being exploited right now. Here is what UK small businesses need to do before Friday.
Read more →
BitLocker is on, so we're fine. Five days after YellowKey dropped, that sentence has become a confession. Here is what the default actually protects against.
Read more →
Every business owner who chose the cheaper IT quote just made an insurance decision. They did not know that. Most of them still do not. That is the whole problem.
Read more →
Three active threats converge today: an exploited Exchange zero-day, a surge in device code phishing targeting Microsoft 365, and a supply chain attack that caught OpenAI. All three have direct implications for UK SMBs.
Read more →
Three critical flaws landed overnight. WordPress sites, Microsoft Authenticator, and on-premises email are all in the frame. Here is the data, without the spin.
Read more →
KNP Logistics had antivirus, firewalls, backups, and insurance. No MFA. No EDR. One guessed password later, 700 people were out of work and a 158-year-old company was gone.
Read more →
Quantum computing could break encryption soon. UK SMBs must act now to secure data. Learn the steps to protect your business and gain a competitive edge.
Read more →
An initial access broker is using Microsoft Teams to own corporate networks in five minutes flat. A Linux kernel privilege escalation with working exploit code dropped today. Neither is theoretical.
Read more →
A wormable Windows Server flaw, a payment platform with a forgeable secret key, and 130 patches. Here is what matters to your business this week.
Read more →
Seven questions. Ask them calmly, in writing, before your next contract renewal. A good provider will welcome them. A bad one will hand-wave. That is the test.
Read more →
137 patches. 30 critical. No zero-days. The four bugs UK SMBs must fix this week, plus the perfect-10 one that needs no action at all.
Read more →
A new ransomware operation with Qilin connections is accelerating. Supply chain attacks are poisoning developer tools and AI platforms. Here is what matters today.
Read more →