May 2026

AI security needs a shift from models to systems, researchers argue – CSO Online

May 25, 2026

Enterprises cannot secure AI agents by making the underlying models more robust and must instead enforce security controls at the system level around them, researchers behind a paper published this…

Cyber Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks – The Hacker News

May 25, 2026

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the…

CSO Online Cyber

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free – CSO Online

May 25, 2026

As AI coding assistants accelerate software development, one OWASP-backed open-source project is arguing that dependency security tooling still arrives too late to be truly useful. CVE Lite CLI, a JavaScript…

Cyber Hacker News

The Alert Firehose Finally Meets Its Match – The Hacker News

May 25, 2026

Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear “Noisy,” “Too much data.” But ask the teams running NDR that includes agentic AI capabilities…

Cyber Hacker News

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms – The Hacker News

May 25, 2026

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations.…

CSO Online Cyber

To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data – CSO Online

May 25, 2026

If you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization would…

Cyber Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO – The Hacker News

May 25, 2026

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across…

Law Gazette Legal News

Lessons of the failed Kneecap prosecution – Law Gazette – Features

May 25, 2026

Criminal law. – Read More

Law Gazette Legal News

When a claim form is ‘issued’ under the CPR – Law Gazette – Features

May 25, 2026

Civil procedure. – Read More

Law Gazette Legal News

We need to talk about diversity on the bench – Law Gazette – Features

May 25, 2026

Women in law. – Read More

Law Gazette Legal News

New director can build on Ephgrave’s legacy – Law Gazette – Features

May 25, 2026

Serious Fraud Office. – Read More

Law Gazette Legal News

Serious Fraud Office: To catch a thief – Law Gazette – Features

May 25, 2026

Dogged by failed prosecutions, disclosure headaches and obsolete technology, the Serious Fraud Office continues to face an uncertain future despite recent improvements. Maria Shahid reports. – Read More

Cyber Hacker News

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks – The Hacker News

May 23, 2026

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages…

Cyber Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware – The Hacker News

May 23, 2026

A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although the…

Cyber Hacker News

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software – The Hacker News

May 23, 2026

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the…

AI security needs a shift from models to systems, researchers argue – CSO Online

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks – The Hacker News

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free – CSO Online

The Alert Firehose Finally Meets Its Match – The Hacker News

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms – The Hacker News

To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data – CSO Online

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO – The Hacker News

Lessons of the failed Kneecap prosecution – Law Gazette – Features

When a claim form is ‘issued’ under the CPR – Law Gazette – Features

We need to talk about diversity on the bench – Law Gazette – Features

New director can build on Ephgrave’s legacy – Law Gazette – Features

Serious Fraud Office: To catch a thief – Law Gazette – Features

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks – The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware – The Hacker News

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software – The Hacker News

You Missed

Class action firm writes of £14m in fees after ‘drop hands’ settlement – Legal Futures

Rape conviction quashed due to defence barrister’s failings – Legal Futures

Crown prosecutor struck off for child cruelty conviction – Legal Futures

“First hard evidence” of legal advice improving lives – Legal Futures