Cybersecurity Updates: UK Targeted in Latest Data Breach – March 31, 2025
UK warned of inadequate readiness against state-backed cyberattacks, NCSC roadmap for post-quantum cryptography migration, UK government to update software vendor security code, Google patches Chrome zero-day, and UK considers ransomware payment ban.
“
In the latest cybersecurity news digest from the UK and beyond, concerns are raised about the country’s susceptibility to state-sponsored cyber threats. A recent report by the National Cyber Security Centre (NCSC) highlights a 16% uptick in severe cyber incidents affecting critical national infrastructure in 2024. With 64% of public sector IT leaders feeling uncertain about the best practices, the looming threats are exacerbated by outdated legacy systems, posing risks to sectors like energy and healthcare as they undergo digital transformations.
The NCSC has released a roadmap for migrating to post-quantum cryptography (PQC) to shield against quantum computing threats. The directive advises critical infrastructure operators to start preparations now, with system discovery and risk assessments slated for completion by 2028 and full migration expected by 2035. The emphasis is on cryptographic flexibility and risk-oriented planning to counter future quantum threats effectively.
Moreover, an updated voluntary code of practice for software vendors will be issued by the UK government following a public consultation. The revised framework is set to feature more explicit technical requirements and a fresh attestation mechanism for vendors to showcase compliance efforts. The overarching goal is to heighten cybersecurity standards in commercial software utilized by British enterprises and public services.
In light of the recent security concerns, Google has swiftly rolled out an emergency fix for Chrome to address CVE-2025-2783, a critical zero-day vulnerability actively exploited in the wild. The flaw allowed threat actors to circumvent sandbox protections, urging all users to promptly update their browsers. This incident marks the second notable Chrome zero-day reported in 2025.
Lastly, the UK government is contemplating a potential ban on ransomware payments for public sector entities and critical infrastructure providers. While the objective is to deter threat actors, experts caution that such a move could intensify pressure on inadequately prepared organizations and redirect attacks towards entities lacking rapid recovery capabilities.
Published on: 2025-03-31 04:08:00 | Author:
