Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On 27 April 2026, the National Cyber Security Centre (NCSC) will officially implement Cyber Essentials v3.3, delivered through a new self-assessment question set known as Danzell, which replaces the previous Willow set. The foundational five technical controls remain the bedrock of the scheme, but this latest iteration tightens wording, scoping, and marking criteria in ways that have immediate consequences.

That is not a failure of fuzzing. It is a failure of interpretation. In a recent AFL++ fuzzing campaign targeting libarchive, we ran approximately 8.5 billion executions across all fuzzing phases, generated over a thousand crash files, and ultimately reduced them to two unique crash sites through structured crash triage and deduplication. This blog is a practical, engineering-first guide to that process: If your fuzzing pipeline stops at crash counts, you are not measuring security.

Cyber-enabled crimes cost Americans nearly $21 billion in 2025, a 26% increase from the previous year, according to the FBI’s latest Internet Crime Report. Phishing, extortion, and investment scams were the most commonly reported attacks, with AI-related scams driving some of the costliest losses. Phishing was the top attack vector, with these attacks leading to more than $215 million in losses. Notably, AI-assisted business email compromise (BEC) attacks cost victims more than $30 million.

For security teams, credential sprawl is like dust; you don't notice it until it has accumulated.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Another patching weekend ahead then?

When it comes to real-time payments, fraud moves fast — but liquidity stress can move even faster. A fraud or cyberattack can quickly become a liquidity event when it disrupts settlement funds, triggers abnormal transaction flows or forces payment services offline. That is why banks, payment processors and instant payment networks need real-time visibility into transaction activity, settlement exposure and emerging operational risk.

Artificial intelligence is everywhere at work. Yet for many teams, it still doesn’t feel very intelligent. The problem isn’t a lack of AI tools. It’s the opposite. AI has exploded across the enterprise, spreading into dozens of apps, assistants, and models. Each tool promises to help, but together they create fragmentation. Employees end up asking the same question in multiple places, switching between systems, and piecing together answers manually.

The extended detection and response (XDR) market has evolved rapidly in recent years. What once seemed like a race to add new features is now giving way to a different debate: how to effectively integrate the different security layers that make up modern infrastructure. With increasingly distributed IT environments, including endpoints, identities, networks, and cloud applications, the volume of security signals that need to be analyzed to detect threats has multiplied.