As part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook.

Health service has given US tech firm ‘unlimited access’ to certain data to build integrated platform, according to reports

• UK politics live – latest updates

MPs have warned that an NHS decision to grant Palantir access to identifiable patient information in its plan to use AI to improve the health service is “dangerous” and will fuel public fears that data privacy is not being prioritised.

NHS England has allowed staff from the US tech firm and other contractors to access patient data before it has been pseudonymised, despite internal fears of a “risk of loss of public confidence”, the Financial Times reported.

Continue reading...

© Photograph: David Levene/The Guardian

© Photograph: David Levene/The Guardian

© Photograph: David Levene/The Guardian

As part of its 20th anniversary celebration, Dark Reading looks back on 20 of the biggest newsmaking events from the past two decades that influenced the risk landscape for today's cybersecurity teams.

Two decades ago, pen tester Steve Stasiukonis caused a sensation by sprinkling rigged thumb drives around a credit union parking lot and following what curious employees did next. This episode looks back at the history-making event.

Chris Inglis was the head civilian in charge at the NSA when the Snowden leaks exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spotting potential threats, media disclosures, and "enculturation."

Ridge Security released PurpleRidge 3.0 at RSAC 2026, a self-service penetration testing platform that uses agentic AI to give small and mid-sized businesses the kind of offensive security validation that has traditionally required dedicated teams and six-figure budgets. The upgrade marks a shift from the platform’s earlier machine-learning architecture to one built on agentic AI,..

The post Ridge Security Brings Agentic AI Pentesting to SMBs With PurpleRidge 3.0 appeared first on Security Boulevard.

RSA opened RSAC 2026 with a new deployment model for its ID Plus identity platform, aimed squarely at government agencies, financial services firms, and critical infrastructure operators that need identity security to work even when everything else fails. RSA ID Plus Sovereign Deployment is a “deploy anywhere” identity and access management solution that gives organizations..

The post RSA Launches ID Plus Sovereign Deployment for Organizations That Can’t Afford Identity Downtime appeared first on Security Boulevard.

Bindplane, the OpenTelemetry-based telemetry pipeline company, is bringing two new capabilities to RSAC 2026: Global Intelligence for autonomous pipeline management and Threat Intel Enrichment for real-time threat detection at the data layer. Global Intelligence monitors security data pipelines around the clock and surfaces recommendations to optimize their configuration. The long-term plan is for it to..

The post Bindplane Adds Autonomous Pipeline Monitoring and Threat Intel Enrichment Ahead of RSAC appeared first on Security Boulevard.

CTG, now operating under the Cegeka Group, is rolling out a cyber resilience scoring dashboard at RSAC 2026 that boils an organization’s security posture down to one number. The dashboard consolidates results from multiple security assessments into a single view. It produces an overall resilience score, domain-level maturity indicators, and progress tracking mapped to NIST,..

The post CTG Launches Cyber Resilience Scoring Dashboard to Give CISOs a Single Risk Number appeared first on Security Boulevard.

Booz Allen Hamilton is bringing a full product suite to RSAC 2026, and the pitch is blunt: human-speed defense no longer cuts it. The company’s new Vellox lineup spans five AI-native tools designed to match the pace of attackers who, according to Booz Allen’s own threat report, now move from initial access to lateral movement..

The post Booz Allen Rolls Out Vellox, a Five-Product AI Cyber Suite Built on Adversary Tradecraft appeared first on Security Boulevard.

Saloni Nanwate, AVP – Security Engineering, Protectt.ai Labs Pvt Ltd

India’s digital economy now lives on the smartphone. Banking, investing, healthcare consultations, shopping, even government services all sit inside mobile applications that people use dozens of times a day. For businesses this shift has unlocked enormous reach and convenience. It has also created a new reality for cybersecurity. Attackers are no longer trying only to break into enterprise networks or data centres. Increasingly they are going after the mobile applications where transactions actually happen. That is where money moves, identities are verified, and sensitive customer data lives. For industries such as banking, fintech and digital commerce, the mobile application has quietly become the most exposed point in the entire technology stack.

The Growing Cyber Risk in Mobile First Platforms

Mobile apps run on devices that companies do not control. Each user’s phone can have a different operating system version, different security posture and sometimes even malicious software already present. From a security perspective, this makes the mobile environment unpredictable. Cybercriminals are taking advantage of this reality. Instead of attacking infrastructure directly, they manipulate how apps behave once they are running on the device. Techniques such as reverse engineering, runtime tampering, session hijacking and overlay attacks allow attackers to interfere with legitimate app behaviour without triggering traditional security systems. Many organisations still rely heavily on perimeter defences that protect networks and backend infrastructure. But once an application is operating on a user’s device, that perimeter no longer exists. This is why mobile security strategies are gradually shifting toward protection mechanisms that are embedded directly within the application itself. Technologies such as runtime application self protection are becoming essential in this model. By monitoring application behaviour during execution, these systems allow apps to detect tampering, malicious tools or suspicious environments and respond immediately. In simple terms, the app becomes capable of defending itself while it is running.

Women Leaders Are Helping Redefine Cybersecurity Thinking

While the cyber threat landscape is evolving quickly, the cybersecurity industry itself is also changing. One of the most encouraging shifts has been the growing presence of women in leadership roles across cybersecurity and digital risk management. Cybersecurity is often viewed purely as a technical discipline. In reality it is equally about strategy, foresight and understanding human behaviour. Women leaders are increasingly shaping how organisations think about these dimensions of security. In the context of mobile platforms this perspective becomes particularly important. Securing digital ecosystems is not just about deploying tools. It requires understanding how users interact with applications, how fraudsters exploit human behaviour and how security can be built into digital experiences without frustrating legitimate users. Across the industry many women leaders are pushing organisations to adopt a security by design mindset. Instead of treating security as something that is added later, they advocate integrating protection throughout the application lifecycle. Security considerations begin during development, continue through testing and remain active even after the application reaches users. This approach reflects a broader shift in cybersecurity thinking. Prevention is no longer enough. Detection and response must happen continuously and in real time.

Building a Stronger Cybersecurity Ecosystem

Another area where women leaders are making a significant impact is collaboration. Cyber threats rarely respect industry boundaries. Attackers share tools and techniques across regions and sectors, which means defenders must do the same. Many women leaders are actively encouraging stronger collaboration between enterprises, security researchers, regulators and technology providers. Knowledge sharing and cross industry dialogue are becoming increasingly important in identifying emerging threats before they spread widely. At the same time the industry faces a growing shortage of cybersecurity professionals. Encouraging more women to enter the field is not only about diversity. It is about strengthening the talent pool needed to defend an increasingly complex digital ecosystem. As India continues its transition toward a mobile driven digital economy, trust will remain the foundation of every digital interaction. Every secure transaction, every protected user session and every resilient mobile application contributes to maintaining that trust. It’s a moment to truly appreciate and recognise the incredible women shaping the future of cybersecurity. Through leadership, innovation and collaboration they are strengthening the defenses that protect millions of digital users every day. The next phase of digital growth will depend not only on new technologies but also on the people guiding how those technologies are secured. Women leaders are playing a vital role in ensuring that the mobile ecosystems powering today’s digital economy remain safe, resilient and trustworthy.

Exclusive: Lab tests discover ‘new form of insider risk’ with artificial intelligence agents engaging in autonomous, even ‘aggressive’ behaviours

Robert Booth UK technology editor

Rogue artificial intelligence agents have worked together to smuggle sensitive information out of supposedly secure systems, in the latest sign cyber-defences may be overwhelmed by unforeseen scheming by AIs.

With companies increasingly asking AI agents to carry out complex tasks in internal systems, the behaviour has sparked concerns that supposedly helpful technology could pose a serious inside threat.

Continue reading...

© Photograph: Andrey Kryuchkov/Alamy

© Photograph: Andrey Kryuchkov/Alamy

© Photograph: Andrey Kryuchkov/Alamy

Starmer’s team is wary of spies but such fears are not new – with Theresa May once warned to get dressed under a duvet

When prime ministers travel to China, heightened security arrangements are a given – as is the quiet game of cat and mouse that takes place behind the scenes as each country tests out each other’s tradecraft and capabilities.

Keir Starmer’s team has been issued with burner phones and fresh sim cards, and is using temporary email addresses, to prevent devices being loaded with spyware or UK government servers being hacked into.

Continue reading...

© Photograph: Simon Dawson/Simon Dawson/10 Downing Street

© Photograph: Simon Dawson/Simon Dawson/10 Downing Street

© Photograph: Simon Dawson/Simon Dawson/10 Downing Street

Reuters news agency says it obtained document after visiting URL it predicted file would be uploaded to

• How Rachel Reeves’s budget was leaked 40 minutes early

The chair of the Office for Budget Responsibility has said he felt mortified by the early release of its budget forecasts as the watchdog launched a rapid inquiry into how it had “inadvertently made it possible” to see the documents.

Richard Hughes said he had written to the chancellor, Rachel Reeves, and the chair of the Treasury select committee, Meg Hillier, to apologise.

Continue reading...

© Photograph: Kirsty O’Connor/Treasury

© Photograph: Kirsty O’Connor/Treasury

© Photograph: Kirsty O’Connor/Treasury

Kensington and Westminster councils investigating whether data has been compromised as Hammersmith and Fulham also reports hack

Three London councils have reported a cyber-attack, prompting the rollout of emergency plans and the involvement of the National Crime Agency (NCA) as they investigate whether any data has been compromised.

The Royal Borough of Kensington and Chelsea (RBKC), and Westminster city council, which share some IT infrastructure, said a number of systems had been affected across both authorities, including phone lines. The councils shut down several computerised systems as a precaution to limit further possible damage.

Continue reading...

© Photograph: Artur Marciniec/Alamy

© Photograph: Artur Marciniec/Alamy

© Photograph: Artur Marciniec/Alamy

Sensitive information relates to more than 100 individuals and their referees

Personal details submitted by applicants for a job at Tate art galleries have been leaked online, exposing their addresses, salaries and the phone numbers of their referees, the Guardian has learned.

The records, running to hundreds of pages, appeared on a website unrelated to the government-sponsored organisation, which operates the Tate Modern and Tate Britain galleries in London, Tate St Ives in Cornwall and Tate Liverpool.

Continue reading...

© Photograph: Justin Kase zsixz/Alamy

© Photograph: Justin Kase zsixz/Alamy

© Photograph: Justin Kase zsixz/Alamy

Hackers stole personal information of 6.6m people but outsourcing firm did not shut device targeted for 58 hours

The outsourcing company Capita has been fined £14m for data protection failings after hackers stole the personal information of 6.6 million people, including staff details and those of its clients’ customers.

John Edwards, the UK information commissioner who levied the fine, said the March 2023 data theft from the group and companies it supported, including 325 pension providers, caused anxiety and stress for those affected.

Continue reading...

© Photograph: Dado Ruvić/Reuters

© Photograph: Dado Ruvić/Reuters

© Photograph: Dado Ruvić/Reuters

As Keir Starmer aims to revive ID card system first proposed by Tony Blair, we look at the arguments for and against

It is 21 years since Tony Blair’s government made proposals for an ID card system to tackle illegal working and immigration, and to make it more convenient for the public to access services.

The same issues are on the agenda again as Keir Starmer revives what became one of New Labour’s most controversial policies. He is about to find out if he can defeat the argument that David Cameron’s Conservatives made before scrapping it. They said the ID card approach to personal privacy was “the worst of all worlds – intrusive, ineffective and enormously expensive”.

Continue reading...

© Photograph: Amer Ghazzal/Shutterstock

© Photograph: Amer Ghazzal/Shutterstock

© Photograph: Amer Ghazzal/Shutterstock

How to prove your identity after your account gets hacked and how to improve security for the future

• Phone lost or stolen? Practical steps to restore peace of mind
• UK passport lost or stolen? Here are the steps you need to take

Your Facebook or Instagram account can be your link to friends, a profile for your work or a key to other services, so losing access can be very worrying. Here’s what to do if the worst happens.

If you have access to the phone number or email account associated with your Facebook or Instagram account, try to reset your password by clicking on the “Forgot password?” link on the main Facebook or Instagram login screen. Follow the instructions in the email or text message you receive.

If you no longer have access to the email account linked to your Facebook account, use a device with which you have previously logged into Facebook and go to facebook.com/login/identify. Enter any email address or phone number you might have associated with your account, or find your username which is the string of characters after Facebook.com/ on your page. Click on “No longer have access to these?”, “Forgotten account?” or “Recover” and follow the instructions to prove your identity and reset your password.

If your account was hacked, visit facebook.com/hacked or instagram.com/hacked/ on a device you have previously used to log in and follow the instructions. Visit the help with a hacked account page for Facebook or Instagram.

Change the password to something strong, long and unique, such as a combination of random words or a memorable lyric or quote. Avoid simple or guessable combinations. Use a password manager to help you remember it and other important details.

Turn on two-step verification in the “password and security” section of the Accounts Centre. Use an authentication app or security key for this, not SMS codes. Save your recovery codes somewhere safe in case you lose access to your two-step authentication method.

Turn on “unrecognised login” alerts in the “password and security” section of the Accounts Centre, which will alert you to any suspicious login activity.

Remove any suspicious “friends” from your account – these could be fake accounts or scammers.

If you are eligible, turn on “advanced protection for Facebook” in the “password and security” section of the Accounts Centre.

Continue reading...

© Photograph: bigtunaonline/Alamy

© Photograph: bigtunaonline/Alamy

British defence firms have reportedly warned staff not to connect their phones to Chinese-made EVs

Mobile phones and desktop computers are longstanding targets for cyber spies – but how vulnerable are electric cars?

On Monday the i newspaper claimed that British defence firms working for the UK government have warned staff against connecting or pairing their phones with Chinese-made electric cars, due to fears that Beijing could extract sensitive data from the devices.

Continue reading...

© Photograph: Ying Tang/NurPhoto/REX/Shutterstock

© Photograph: Ying Tang/NurPhoto/REX/Shutterstock