The UK's national security is under severe threat from the climate crisis and the looming collapse of vital natural ecosystems, with food shortages and economic disaster potentially just years away, a powerful report by the UK's intelligence chiefs is due to warn. The Guardian: However, the report, which was supposed to launch on Thursday at a landmark event in London, has been delayed, and concerns have been expressed to the Guardian that it may have been blocked by number 10. The destabilising impact of the climate and nature crises on national security is one of the biggest risks facing Britain, the joint intelligence committee report is understood to say. Already, food import supply chains are coming under pressure, with the price of some commodities increasing. This could be exacerbated in the near future, the defence experts have warned, with the UK over-dependent on imports. Other industries will also be affected by ecosystem collapse in places such as the Amazon and by the worsening impacts of extreme weather around the world. These impacts will not be encountered far off in the future as some had complacently assumed, ministers have been told, but are already being felt and will grow in significance as temperatures rise beyond 1.5C above preindustrial levels. The hard-hitting report was to be published on Thursday at a landmark event in London. But the Guardian understands that the report, prepared by experts over many months, has been halted.

Read more of this story at Slashdot.

An anonymous reader shares a report: Universities in the UK reassured arms companies they would monitor students' chat groups and social media accounts after firms raised concerns about campus protests, according to internal emails. One university said it would conduct "active monitoring of social media" for any evidence of plans to demonstrate against Rolls-Royce at a careers fair. A second appeared to agree to a request from Raytheon UK, the British wing of a major US defence contractor, to "monitor university chat groups" before a campus visit. Another university responded to a defence company's "security questionnaire" seeking information about social media posts suggestive of imminent protests over the firm's alleged role in fuelling war, including in Gaza. The universities' apparent compliance with the sensitivities of arms companies before careers fairs has emerged in emails obtained by the Guardian and Liberty Investigates after freedom of information (FoI) requests.

Read more of this story at Slashdot.

The Greater Manchester Police force has 12,677 employees. But they've now suspended work-from-home privileges, reports the BBC, "following an investigation into so-called 'key-jamming', which can allow people to falsely appear to be working. "Twenty-six police officers, staff and contractors are facing misconduct proceedings following the probe, the force said." One constable told a hearing that a police detective working from home had made it look like his computer was in use on 38 different occasions over 12 days, according to an earlier BBC article. The evidence "showed lengthy periods where the only activity is single keystrokes, pressing the 'H' key about 30 times, between 10:28 and 11:56 GMT on 3 December, and then the 'I' key more than 16,000 times." The detective "used key jamming for 45 hours out of a total of 85 he was logged in for and was frequently away from the keyboard for half of his working day." The constable said the detective's motivation was "laziness" — and the detective has already resigned. Thanks to long-time Slashdot reader Bruce66423 for sharing the article.

Read more of this story at Slashdot.

Britain's net public debt has climbed from 35% of GDP in 2005 to 95% today. The government is borrowing over 4% of GDP annually despite no emergency comparable to the financial crisis or pandemic that drove much of the earlier increase. The belt-tightening needed to stabilize debt levels amounts to about 2% of GDP. The Labour government holds a 157-seat majority in Parliament and has four years until the next election. Britain spends about 6% of GDP supporting pensioners, an increase of over a third this century. Some 15% of the working-age population now claims jobless allowances following a surge in disability claims since the pandemic. Labour attempted to reduce spending on pensioners and welfare this year but reversed both reform plans after political outcry from within the party. Tax revenue is already on course to reach 38% of GDP, a historical high for Britain. Labour promised before the election not to raise broad-based taxes on income and consumption. Four in five Britons say the government is mismanaging the economy. Yields on long-term government debt exceed those in any other major rich economy. The economy grew faster than any other G7 country in the first half of 2025, but the fiscal adjustment that would bring Britain to a primary surplus of less than 0.5% remains politically elusive.

Read more of this story at Slashdot.

Imgur, a popular image hosting platform with more than 130 million users, has stopped being available in the UK after regulators signalled their intention to impose penalties over concerns around children's data. From a report: The Information Commissioner's Office (ICO) said that it has reached provisional findings in an investigation in the parent company of image hosting site, Imgur. Its probe was launched earlier this year, as part of the regulator's Children's Code strategy, which is intended to set the standards for how online services handle the personal information of young people. BBC adds: The UK's data watchdog, the Information Commissioner's Office (ICO), said it recently notified the platform's parent company, MediaLab AI, of plans to fine Imgur after probing its approach to age checks and use of children's personal data.

Read more of this story at Slashdot.

The UK government will underwrite a $2 billion loan guarantee to Jaguar Land Rover in a bid to support its suppliers as a cyber-attack continues to halt production at the car maker. BBC: Business Secretary Peter Kyle said the loan, from a commercial bank, would protect jobs in the West Midlands, Merseyside and across the UK. The manufacturer has been forced to suspend production for weeks after being targeted by hackers at the end of August. There have been growing concerns some suppliers, mostly small businesses, could go bust due to the prolonged shutdown. About 30,000 people are directly employed at the company's UK plants with about 100,000 working for firms in the supply chain. Some of these firms supply parts exclusively to JLR, while others sell components to other carmakers as well. It is believed to be the first time that a company has received government help as a result of a cyber-attack.

Read more of this story at Slashdot.

The government has announced a support package, but a cybersecurity expert has raised some concerns.

The post Cyberattack on JLR Prompts £1.5 Billion UK Government Intervention appeared first on SecurityWeek.

The 19-year-old U.K. national who was arrested at his London residence last week was a highly prolific cybercriminal and a core member of the nebulous hacker subset of The Com, researchers told CyberScoop.

Authorities’ yearslong quest to uncover the identities of Scattered Spider associates and charge them with serious crimes reached a tipping point with last week’s arrest of Thalha Jubair, who is accused of direct, prominent involvement in at least 120 cyberattacks, including extortion of 47 U.S.-based organizations and the January attack on the U.S. federal court system. 

Authorities said they traced a combined total of at least $89.5 million in cryptocurrency, at the time of payments, to Bitcoin addresses and servers controlled by Jubair. Two financial services firms paid Jubair $25 million and $36.2 million, respectively, in Bitcoin between June and November 2023, according to an unsealed criminal complaint against Jubair. 

The high number of attacks and ransom payments officials linked to Jubair highlights the central role he played in attacks more broadly attributed to Scattered Spider. Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, said Jubair was one of the principal operators behind the loose-knit cybercrime network. 

“He was one of the four principal people that we associated with Scattered Spider,” and one of the two most core players, Meyers told CyberScoop. 

Other cybercrime experts shared similar assessments of Jubair’s involvement and importance to Scattered Spider’s sweeping extortion scheme. While The Com, of which Scattered Spider is an offshoot, doesn’t operate with formal leaders in the traditional sense, Jubair acted as a leader, said Jon DiMaggio, chief security strategist at Analyst1.

“There are many other pockets of activity within the broader collective, and I would consider Jubair a leader within several of the clusters he supported and influenced,” DiMaggio said. 

Flashpoint analysts described Jubair as a large player within these communities who participated in attacks against multiple sectors for years. “Their growth and evolution appear consistent with the growth and scale of attacks ascribed to Scattered Spider,” analysts at the threat intelligence company said in an email.

Federal authorities attribute Scattered Spider to attacks on organizations in many sectors, including manufacturing, entertainment, retail, aviation, insurance, finance, business process and customer service outsourcing, construction, hospitality, technology, telecommunications and multiple forms of critical infrastructure. Victims of those attacks paid at least $115 million in ransom payments, authorities said.

“They were cleaning up, and this is just the amount the FBI knows about,” Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, said in a post on LinkedIn.

Researchers knew the identity of Jubair, who went by many aliases online including “EarthtoStar,” “Brad,” “Austin,” “Everylynn” and “@autistic,” for more than a year. He was on their radar, and even more so after law enforcement seized cryptocurrency worth about $36 million at the time on wallets stored on a server allegedly controlled by Jubair in July 2024. 

“It did take several years and they had quite a run when everybody was paying attention to them,” Meyers said. Officials “knew who he was a year ago. I think what it highlights is that they needed a way to be able to make a case, which is where law enforcement, frankly, ends up at a bit of a disadvantage.”

Investigators bolstered their case against Jubair through blockchain analysis. Officials said they traced cryptocurrency transactions from a wallet on a server Jubair controlled to gift card purchases that were used for a food delivery service to his apartment complex and a gaming account. 

“His arrest underscores the difficulties in remaining anonymous online,” Flashpoint analysts said. 

While Jubair was “extremely careful,” using an amnesiatic operating system — which is designed to forget everything a user does after it’s shut down — and virtual private networks, according to Meyers, his personal activity led investigators to his doorstep.

Jubair faces charges in the United Kingdom and United States. U.K. authorities last week charged him for crimes related to the cyberattack on the Transport for London in September 2024. He was also charged in the U.S. District Court for the District of New Jersey with computer fraud conspiracy, two counts of computer fraud, wire fraud conspiracy, two counts of wire fraud, and money laundering conspiracy.

The Justice Department hasn’t said if efforts are underway to extradite Jubair to the United States, where he faces up to 95 years in prison if convicted.

While veteran threat hunters hail Jubair’s arrest, they remain exasperated by the persistent challenges and delays that were highlighted by a case involving a known and allegedly highly prolific cybercriminal. 

“It took a long time. There’s still a lot of frustration in how long it took, and how much information we had on these guys and the way that the investigation went down,” Meyers said. 

Nonetheless, Jubair’s “arrest is a big deal, maybe one of the biggest in this circle,” DiMaggio said. 

“Given Jubair’s alleged involvement across many operations and aliases, removing him likely hurts how things are done in multiple criminal clusters. It might force others to change how they operate or slow some attacks,” he added. 

“But because the group is spread out and loosely organized, I don’t think this one arrest stops things entirely,” DiMaggio said. Jubair’s arrest is “very impactful, and among the most important arrests in The Com so far, but we shouldn’t assume it’s a knockout blow.”

The post Teen arrested in UK was a core figure in Scattered Spider’s operations appeared first on CyberScoop.

Thalha Jubair and Owen Flowers were charged in the UK and the US with hacking critical infrastructure organizations.

The post Two Scattered Spider Suspects Arrested in UK; One Charged in US appeared first on SecurityWeek.

Two teenagers were arrested in the United Kingdom this week, accused of associating with the sprawling criminal collective known as The Com, and participating in many high-profile and damaging cyberattacks on critical infrastructure globally.

Thalha Jubair, 19 of London, and Owen Flowers, 18 of Walsall, England, were arrested at their residences Tuesday and charged with crimes related to the cyberattack on the Transport for London in September 2024, the U.K.’s National Crime Agency said.

Jubair and Flowers were allegedly highly involved in many other cyberattacks attributed to Scattered Spider, a nebulous offshoot of The Com that commits ransomware and data extortion. The Com is composed of thousands of members, splintered into three primary subsets of interconnected networks that commit swatting, extortion and sextortion of minors, violent crime and various other cybercrimes, according to the FBI.

The Justice Department on Thursday unsealed charges against Jubair, a U.K. national, accusing him of participating in at least 120 cyberattacks as part of Scattered Spider’s sweeping extortion scheme from May 2022 to September 2025, including 47 U.S.-based organizations. Victims of those attacks paid at least $115 million in ransom payments, authorities said. 

“These malicious attacks caused widespread disruption to U.S. businesses and organizations, including critical infrastructure and the federal court system, highlighting the significant and growing threat posed by brazen cybercriminals,” Matthew Galeotti, acting assistant attorney general in the Justice Department’s Criminal Division, said in a statement. 

Jubair and co-conspirators allegedly broke into networks of U.S. companies via social engineering, stole and encrypted data, demanded ransom payments and committed money laundering. 

Law enforcement seized cryptocurrency wallets on a server allegedly controlled by Jubair in July 2024 and seized cryptocurrency worth about $36 million at the time. He allegedly transferred a portion of cryptocurrency that originated from one of his victims, worth about $8.4 million at the time, to another wallet.

Authorities also specifically accused Jubair, also known as “EarthtoStar,” “Brad,” “Austin” and “@autistic,” of intruding networks of a U.S.-based critical infrastructure company and the U.S. courts in October 2024 and January 2025.

Flowers was initially arrested by British police last year for his alleged involvement in the attack on Transport of London, just days after the incident. At that time, investigators found evidence of and have since charged Flowers for alleged involvement in other attacks, specifically those targeting U.S.-based health care companies SSM Health Care Corp. and Sutter Health in 2023. 

“Finally,” Allison Nixon, chief research officer at Unit 221B, said in reaction to news of Jubair and Flowers’ arrests. “Jubair and Flowers are like many members of The Com who seek to achieve heroic status by committing so many crimes they get famous for harming society on a massive scale.”

Jubair is charged in the U.S. District Court for the District of New Jersey with computer fraud conspiracy, two counts of computer fraud, wire fraud conspiracy, two counts of wire fraud, and money laundering conspiracy. He faces up to 95 years in prison if convicted.

Jubair and Flowers were both scheduled to appear in court in the U.K. on Thursday to face charges under the country’s Computer Misuse Act. 

The Justice Department didn’t say if efforts are underway to extradite Jubair to face charges in the United States. The agency did not immediately respond to a request for comment. 

“Today’s charges make it clear that no cybercriminal is beyond our reach,” Brett Leatherman, assistant director of the FBI’s Cyber Division, said in a statement. “If you attack American companies or citizens, we will find you, we will expose you and we will seek justice.”

The post UK arrests two teens accused of heavy involvement in yearslong Scattered Spider attack spree appeared first on CyberScoop.

Both OpenAI and Anthropic said earlier this month they are working with the U.S. and U.K. governments to bolster the safety and security of their commercial large language models in order to make them harder to abuse or misuse.

In a pair of blogs posted to their websites Friday, the companies said for the past year or so they have been working with researchers at the National Institute of Standards and Technology’s U.S. Center for AI Standards for Innovation and the U.K. AI Security Institute.

That collaboration included granting government researchers access to the  companies’ models, classifiers, and training data. Its purpose has been to enable independent experts to assess how resilient the models are to outside attacks from malicious hackers, as well as their effectiveness in blocking legitimate users from leveraging the technology for legally or ethically questionable purposes.

OpenAI’s blog details the work with the institutes, which studied  the capabilities of ChatGPT in cyber, chemical-biological and “other national security relevant domains.”That partnership has since been expanded to newer products, including red-teaming the company’s AI agents and exploring new ways for OpenAI “to partner with external evaluators to find and fix security vulnerabilities.”

OpenAI already works with selected red-teamers who scour their products for vulnerabilities, so the announcement suggests the company may be exploring a separate red-teaming process for its AI agents.

According to OpenAI, the engagement with NIST yielded insights around two novel vulnerabilities affecting their systems. Those vulnerabilities “could have allowed a sophisticated attacker to bypass our security protections, and to remotely control the computer systems the agent could access for that session and successfully impersonate the user for other websites they’d logged into,” the company said.

Initially, engineers at OpenAI believed the vulnerabilities were unexploitable and “useless” due to existing security safeguards. But researchers identified a way to combine the vulnerabilities with a known AI hijacking technique — which corrupts the underlying context data the agent relies on to guide its behavior — that allowed them to take over another user’s agent with a 50% success rate.  

Between May and August, OpenAI worked  with researchers at the U.K. AI Security Institute to test and improve safeguards in GPT5 and ChatGPT Agent. The engagement focused on red-teaming the models to prevent biological misuse —  preventing the model from providing step-by-step instructions for making bombs, chemical or biological weapons.

The company said it provided the British government with non-public prototypes of its safeguard systems, test models stripped of any guardrails, internal policy guidance on its safety work, access to internal safety monitoring models and other bespoke tooling.

Anthropic also said it gave U.S. and U.K. government researchers access to its Claude AI systems for ongoing testing and research at different stages of development, as well as its classifier system for finding jailbreak vulnerabilities.

That work identified several prompt injection attacks that bypassed safety protections within Claude — again by poisoning the context the model relies on with hidden, malicious prompts — as well as a new universal jailbreak method capable of evading standard detection tools. The jailbreak vulnerability was so severe that Anthropic opted to restructure its entire safeguard architecture rather than attempt to patch it.

Anthropic said the collaboration taught the company that giving government red-teamers deeper access to their systems could lead to more sophisticated vulnerability discovery.

“Governments bring unique capabilities to this work, particularly deep expertise in national security areas like cybersecurity, intelligence analysis, and threat modeling that enables them to evaluate specific attack vectors and defense mechanisms when paired with their machine learning expertise,” Anthropic’s blog stated.

OpenAI and Anthropic’s work with the U.S. and U.K. comes as some AI safety and security experts have questioned whether those governments and AI companies may be deprioritizing technical safety guardrails as policymakers seek to give their domestic industries maximal freedom to compete with China and other competitors for global market dominance.

After coming into office, U.S. Vice President JD Vance downplayed the importance of AI safety at international summits, while British Labour Party Prime Minister Keir Starmer reportedly walked back a promise in the party’s election manifesto to enforce safety regulations on AI companies following Donald Trump’s election. A more symbolic example: both the U.S. and U.K. government AI institutes changed their names this earlier year to remove the word “safety.”

But the collaborations indicate that some of that work remains ongoing, and not every security researcher agrees that the models are necessarily getting worse.

Md Raz, a Ph.D student at New York University who is part of a team of researchers that study cybersecurity and AI systems, told CyberScoop that in his experience commercial models are getting harder, not easier, to jailbreak with each new release.

“Definitely over the past few years I think between GPT4 and GPT 5 … I saw a lot more guardrails in GPT5, where GPT5 will put the pieces together before it replies and sometimes it will say, ‘no, I’m not going to do that.’”

Other AI tools, like coding models “are a lot less thoughtful about the bigger picture” of what they’re being asked to do and whether it’s malicious or not, he added, while open-source models are “most likely to do what you say” and existing guardrails can be more easily circumvented.

The post Top AI companies have spent months working with US, UK governments on model safety appeared first on CyberScoop.

The UK's data-protecting Information Commissioner's Office has issued a warning about what it calls a worrying trend, reports the BBC: "students hacking their own school and college IT systems for fun or as part of dares." Since 2022, the the Information Commissioner's Office (ICO) has investigated 215 hacks and breaches originating from inside education settings and says 57% were carried out by children. Other breaches are thought to come from staff, third party IT suppliers and other organisations with access. According to the new data, almost a third of the breaches involved students illegally logging into staff computer systems by guessing passwords or stealing details from teachers. In one incident, a seven-year-old was involved in a data breach and subsequently referred to the National Crime Agency's Cyber Choices programme to help them understand the seriousness of their actions... In another incident three Year 11 students aged 15 or 16 unlawfully accessed school databases containing the personal information of more than 1,400 students. The pupils used hacking tools downloaded from the internet to break passwords and security protocols. When questioned, they said they were interested in cyber security and wanted to test their skills and knowledge. Another example the ICO gave is of a student illegally logging into their college's databases with a teachers' details to change or delete personal information belonging to more than 9,000 staff, students and applicants. The system stored personal information such as name and home address, school records, health data, safeguarding and pastoral logs and emergency contacts. Schools are facing an increasing number of cyber attacks, with 44% of schools reporting an attack or breach in the last year according the government's most recent Cyber Security Breaches Survey. "Youth cyber crime culture is a growing threat linked to English-speaking teen gangs," the article argues, noting breaches at major companies to suggest it's a kind of "gateway" crime. The ICO's principal cyber specialist tells the BBC that "What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure."

Read more of this story at Slashdot.

LNER said the security incident involved a third-party supplier and resulted in contact information and other data being compromised.

The post UK Train Operator LNER Warns Customers of Data Breach appeared first on SecurityWeek.

Volodymyr Tymoshchuk allegedly hit hundreds of organizations with the LockerGoga, MegaCortex, and Nefilim ransomware families.

The post US Offers $10 Million Reward for Ukrainian Ransomware Operator appeared first on SecurityWeek.

Defendant Used Ransomware to Attack Hundreds of Victims Worldwide; Proactive Law Enforcement Action Led to Prevention and Decryption Earlier today, the U.S. District Court for the Eastern District of New York unsealed a superseding indictment charging Volodymyr Viktorovich Tymoshchuk — also known as deadforz, Boba, msfv, and farnetwork — a Ukrainian national, with serving as...

Source

UK weather agency Met Office, in a blog post: Provisional Met Office statistics confirm that summer 2025 is officially the warmest summer on record for the UK. Analysis by Met Office climate scientists has also shown that a summer as hot or hotter than 2025 is now 70 times more likely than it would be in a 'natural' climate with no human caused greenhouse gas emissions. The UK's mean temperature from 1 June to 31 August stands at 16.10C, which is 1.51C above the long-term meteorological average. This surpasses the previous record of 15.76C, set in 2018, and pushes the summer of 1976 out of the top five warmest summers in a series dating back to 1884.

Read more of this story at Slashdot.

An Armenian national is in federal custody and faces charges stemming from their alleged involvement in a spree of attacks in 2019 and 2020 involving Ryuk ransomware, the Justice Department said Wednesday.

Karen Serobovich Vardanyan, 33, was extradited from Ukraine to the United States on June 18 and pleaded not guilty to the charges in his first appearance in federal court June 20. Vardanyan is awaiting a seven-day jury trial scheduled to begin Aug. 26.

Prosecutors charged Vardanyan with conspiracy, fraud in connection with computers and extortion in connection with computers. He faces a maximum of five years in federal prison and a fine of $250,000 for each charge.

Vardanyan and his co-conspirators — a pair of 53-year-old Ukrainian nationals, Oleg Nikolayevich Lyulyava and Andrii Leonydovich Prykhodchenko, and 45-year-old Armenian national Levon Georgiyovych Avetisyan — are accused of illegally accessing computer networks to deploy Ryuk ransomware on hundreds of compromised servers and workstations between March 2019 and September 2020.

Avetisyan is awaiting a U.S. extradition request in France, while Lyulyava and Prykhodchenko remain at large. 

Ryuk ransomware was prevalent in 2019 and 2020, infecting thousands of victims globally across the private sector, state and local municipalities, local school districts and critical infrastructure, according to authorities. This includes a wave of attacks on U.S. hospitals and a technology company based in Oregon, where federal prosecutors are trying their case against Vardanyan. 

Victims of Ryuk ransomware attacks include Hollywood Presbyterian Medical Center, Universal Health Services, Electronic Warfare Associates, a North Carolina water utility and multiple U.S. newspapers.

Ryuk ransomware operators extorted victim companies by demanding ransom payments in Bitcoin in exchange for decryption keys. Justice Department officials said Vardanyan and his co-conspirators received about 1,160 bitcoins — valued at more than $15 million at the time — in ransom payments from victim companies.

The post Ryuk ransomware operator extradited to US, faces five years in federal prison appeared first on CyberScoop.