惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cyberwarzone
Cyberwarzone
F
Full Disclosure
V
Visual Studio Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
有赞技术团队
有赞技术团队
J
Java Code Geeks
博客园 - 【当耐特】
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
L
LINUX DO - 最新话题
T
Threatpost
S
SegmentFault 最新的问题
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
C
Cyber Attacks, Cyber Crime and Cyber Security
Google DeepMind News
Google DeepMind News
Know Your Adversary
Know Your Adversary
S
Schneier on Security
V
Vulnerabilities – Threatpost
D
DataBreaches.Net
G
GRAHAM CLULEY
Latest news
Latest news
P
Privacy International News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
Scott Helme
Scott Helme
L
Lohrmann on Cybersecurity
T
The Exploit Database - CXSecurity.com
Security Latest
Security Latest
G
Google Developers Blog
L
LangChain Blog
MyScale Blog
MyScale Blog
Project Zero
Project Zero
N
News and Events Feed by Topic
Hacker News - Newest:
Hacker News - Newest: "LLM"
大猫的无限游戏
大猫的无限游戏
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
阮一峰的网络日志
阮一峰的网络日志
N
News | PayPal Newsroom
www.infosecurity-magazine.com
www.infosecurity-magazine.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
SecWiki News
SecWiki News
T
Tor Project blog
C
Check Point Blog
Google Online Security Blog
Google Online Security Blog
GbyAI
GbyAI
The Last Watchdog
The Last Watchdog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学

The Register - Security: CSO

Anthropic's Mythos has The Kettle crew curious, skeptical 'People's Panel' to check if UK wants controversial Digital ID will cost £630K Top npm package backdoored to drop dirty RAT on dev machines Lightning-fast exploits mean patch fast, says Cisco Talos Lightning-fast exploits mean patch fast, says Cisco Talos Smooth criminals talking their way into cloud environments, Google says Cybercrime up 245% since the start of the Iran war Scattered Lapsus$ Hunters seeks women to defraud helpdesks Every day in every way, passwords are getting worse CISA quietly updated ransomware flags on 59 flaws last year Deepfake job seeker applied to work for an AI security firm Deepfake job seeker applied to work for an AI security firm AI-powered cyberattack kits are 'just a matter of time' AI-powered cyberattack kits are 'just a matter of time' FortiGate SSO bug still exploitable despite December patch FortiGate SSO bug still exploitable despite December patch Judge tosses CrowdStrike shareholder suit over 2024 outage DRAM shortage may drive firewall prices higher: analysts Ransomware attacks kept climbing in 2025 as gangs refused to stay dead Around 1,000 systems compromised in ransomware attack on Romanian water agency 1,000 systems pwned in Romanian Waters ransomware attack Half of exposed React servers remain unpatched amid attacks CISA warns spyware crews are breaking into Signal and WhatsApp accounts FCC guts Salt Typhoon telco rules despite espionage risk CISA orders feds to patch Oracle Identity Manager zero-day SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere SEC bails on SolarWinds lawsuit Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood Palo Alto kit sees massive surge in malicious activity Countries use cyber targeting to plan strikes: Amazon CSO Overconfidence is the new zero-day as teams stumble through cyber simulations Cyber insurers paid out over twice as much for UK ransomware attacks last year Cyberpunks mess with Canada's water, energy, and farm systems Trump's workforce cuts blamed as America's cyber edge dulls Feds flag active exploitation of patched Windows SMB vuln How malware vaccines could stop ransomware's rampage Salesforce refuses to pay ransomware crims' extortion demand Germany slams brakes on EU's Chat Control snoopfest Germany slams brakes on EU's Chat Control snoopfest Employees regularly paste company secrets into ChatGPT Oracle tells Clop-targeted EBS users to apply July patch Red Hat repos raided, claims cybercrew, files stolen Suspected Chinese spies broke into 'numerous' enterprises UK gov acknowledges 'strong case' for JLR financial support JLR extends shutdown – again – as toll on workers laid bare UK chancellor blames cyberattacks on Russia despite evidence Fortra discloses 10/10 severity bug in GoAnywhere MFT Entra ID bug could have granted access to every tenant UEFI Secure Boot for Linux Arm64 – where do we stand? JLR says cyber cleanup to take additional week Insider blamed for FinWise data breach affecting nearly 700K Nork snoops whip up fake military ID with help from ChatGPT UK government dragged for incomplete security reforms Church of England abuse victims exposed by lawyer's email US spy chief claims UK backdown on Apple backdoor demand Workday confirms CRM breach via social engineering Black Hat/DEF CON: AI more useful for defense than hacking Ex-White House cyber guru talks Microsoft security fails CISA releases malware analysis for Sharepoint Server attack China: US spies used Microsoft Exchange 0-day to steal info Security pros drowning in threat-intel data Identity attacks surge 156% as phishermen get craftier Organizations can’t keep up with supply chain security musts Amazon CISO: Iranian hacking crews ‘on high alert’ UK data watchdog fines 23andMe £2.3M over 2023 breach Employers are demanding too much from junior cyber recruits FCA warned four staffers who pocketed regulator data Ransomware just wrecked your network – now what? Ivanti RCE attacks 'ongoing,' exploitation hits clouds Ex-NSA listened to Scattered Spider's calls: 'They're good' Snowflake CISO talks lessons learned from breaches, improv Why CVSS is failing us and what we can do about it Infosec pros still aren't nailing the basics of AI security Ransomware crims targeting systems between IT and operations Why aggregating asset inventory leads to better security NCSC and industry at odds over how to tackle shoddy software Powerschool extortionists may not have deleted stolen data CrowdStrike trims workforce by 5 percent, aims to rely on AI NSO Group must pay Meta $168M in WhatsApp spy case Ghost in the shell script: Boffins seek code correctness How Intruder finds what others miss in cloud security Linux malware can avoid syscall-based endpoint protection Infosec pro blabs about alleged malware mishap on LinkedIn The future of AI in cybersecurity in a word – optimistic CVE board 'kept in the dark' on funding, members say Security snafus caused by third parties up from 15% to 30% Blue Shield shared 4.7M people's health info with Google Ads Who needs phishing when your login's already in the wild? US cyber defenses are being dismantled from the inside Bug hunter obtains an SSL cert for Alibaba Cloud in 5 steps
UK's Cyber Security and Resilience Bill makes Parliamentary debut
2025-11-12 · via The Register - Security: CSO

UK government introduced the Cyber Security and Resilience (CSR) Bill to Parliament today, marking a significant overhaul of local cybersecurity legislation to sharpen the security posture of the most critical sectors.

First teased during the 2024 King's Speech, the Cyber Security and Resilience (CSR) Bill builds on the NIS 2018 regulations. While largely unchanged from the draft revealed by former tech secretary Peter Kyle in April, it now confirms datacenters will fall under the new regulations - an expected move after they were designated critical national infrastructure in September 2024.

Prior to the bill's introduction to Parliament today, the Department for Science, Technology and Innovation (DSIT) stated: "Datacenters keep the UK running, from patient records and payments to email services and AI development. The bill will bring them into scope of the regulations, ensuring they meet robust cybersecurity standards."

Managed service providers (MSPs) will also be covered by the laws once passed, a change originally planned for the NIS 2022 update that didn't come into force.

The full list of organizations and sectors in scope of the CSR Bill has not yet been codified, but the current regulations cover two main types of entity:

  • Operators of essential services (OES): Critical infrastructure providers such as those in digital infrastructure, healthcare, energy, transport, and water
  • Relevant digital service providers (RDSPs): Other types of digital service providers, such as cloud computing, online marketplaces, and search engines

DSIT said new rules will also apply to organizations that oversee the delivery of electricity to smart appliances, including devices such as electric vehicle charging points and smart heating appliances in homes.

The government sees the bill as "a step change" toward stronger national security, putting the current cost of cyberattacks to the economy at £14.7 billion ($19.3 billion, roughly 0.5 percent of the UK's GDP).

Richard Horne, CEO at the UK's National Cyber Security Centre (NCSC), said: "The real-world impacts of cyberattacks have never been more evident than in recent months, and so we welcome the move to strengthen legislation and regulatory powers to help drive up the level of defence and resilience across critical national infrastructure."

Greater powers

The bill today also confirms plans to hand the government new powers to issue specific security demands to in-scope organizations, similar to how the US Cybersecurity and Infrastructure Security Agency (CISA) can compel federal agencies to patch vulnerabilities on tight deadlines.

These emergency instructions will be sent down to regulators from the technology secretary, Liz Kendall, including demands such as improved monitoring or system isolation during national security threats.

Kendall said: "Cybersecurity is national security. This legislation will enable us to confront those who would disrupt our way of life. I'm sending them a clear message: the UK is no easy target. 

"We all know the disruption daily cyberattacks cause. Our new laws will make the UK more secure against those threats. It will mean fewer cancelled NHS appointments, less disruption to local services and businesses, and a faster national response when threats emerge."

Penalities for serious violations under the new rules will reach daily fines equivalent to £100,000 ($131,000), or 10 percent of the organization's daily turnover - whichever is higher.

Organizations suffering "more harmful" cyberattacks will also have report themselves to the relevant regulator and the NCSC within 24 hours under the CSR Bill's current wording, and issue a full report issued within 72 hours.

The rule is part of with the government's ambition to gain better clarity on cyberattacks on the UK's most critical sectors, so that actionable advice can be quickly issued to defenders. ®