Policy
-
UK introduces Cyber Security and Resilience Bill to bolster critical infrastructure defenses
The UK government has introduced the Cyber Security and Resilience Bill to tighten protections for hospitals, energy, water and transport systems, build on the NIS Regulations, require managed service providers to meet security standards and report major incidents quickly, and impose turnover-based penalties for serious breaches.
-
Proofpoint links new UNK_SmudgedSerpent cluster to targeted phishing of Iran experts
Proofpoint has identified a new threat cluster, UNK_SmudgedSerpent, that used political lures, impersonation and malicious installers to target academics and Iran policy experts between June and August 2025, deploying RMM tools including PDQ Connect and possibly ISL Online.
-
U.S. Treasury sanctions eight people and two firms tied to North Korean money‑laundering and cybercrime
The U.S. Treasury has sanctioned eight individuals and two entities alleged to have laundered proceeds from North Korean cybercrime and fraudulent IT‑worker schemes, naming banks, an IT company and several representatives in China and Russia and linking crypto flows to those operations.
-
Swedish privacy authority opens probe after Miljödata cyberattack that exposed up to 1.5 million people
Sweden’s privacy authority is investigating a cyberattack on Miljödata that exposed data tied to up to 1.5 million people. The breach disrupted municipal services, was posted on the dark web by the Datacarry group, and appears in Have I Been Pwned with roughly 870,000 affected records; IMY has prioritised probes of Miljödata and several municipalities.
-
Europol urges coordinated EU response as caller ID spoofing drives phone and text fraud
Europol says caller ID spoofing is driving much of Europe’s phone and text fraud, estimating EUR 850 million in annual losses and calling for EU-wide technical standards, an international traceback system and aligned legal frameworks to improve cross-border investigations.
-
Python Software Foundation withdraws $1.5M NSF proposal over DEI restriction
The Python Software Foundation has withdrawn a $1.5 million NSF grant proposal after the agency attached a clause barring recipients from operating programs that “advance or promote diversity, equity, and inclusion,” a condition the PSF said conflicts with its mission.
-
UK data watchdog fines sole trader £200,000 over nearly 1m spam texts targeting people in debt
The Information Commissioner’s Office fined Bharat Singh Chand £200,000 after finding he sent 966,449 unsolicited texts about debt and energy grants from hundreds of numbers; the ICO said the messages lacked sender identification, prompted calls from a firm calling itself The Debt Relief Team, generated more than 19,000 complaints and that Chand has appealed the…
-
UK regulator declines formal probe into MoD Afghan data leak, commissioner tells MPs
The UK Information Commissioner told MPs his office decided not to open a formal investigation into a Ministry of Defence data breach that exposed details of Afghan resettlement applicants, citing concerns an inquiry might hinder the MoD’s response and noting resource limits for handling classified material.
-
China’s MSS says NSA carried out ‘premeditated’ cyber operation against national time service
China’s Ministry of State Security said in a WeChat post it uncovered ‘irrefutable evidence’ that the U.S. NSA carried out a multi-year cyber operation against the National Time Service Center, alleging credential theft, deployment of a platform with 42 tools, and attempts to disrupt timing systems; the MSS said Chinese agencies neutralized the activity.
-
CISA says Windows SMB privilege-escalation bug CVE-2025-33073 is being exploited
CISA warned that threat actors are actively exploiting CVE-2025-33073, a high-severity SMB privilege-escalation bug affecting Windows Server, Windows 10 and Windows 11 up to 24H2. Microsoft patched the flaw in June 2025 and attributed discovery to multiple researchers, while CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog and set a Nov. 10 deadline…
