UK Cybersecurity Weekly News Roundup - 31 March 2025

UK Cybersecurity Weekly News Roundup - 31 March 2025

Welcome to this week's edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond.

UK Warned of Inadequate Readiness Against State-Backed Cyberattacks

Cybersecurity experts have sounded the alarm over the UK's growing vulnerability to state-sponsored cyber threats. A recent report by the National Cyber Security Centre (NCSC) shows a 16% increase in severe cyber incidents affecting national infrastructure in 2024. A worrying 64% of public sector IT leaders said they are unsure about best practices, with legacy systems worsening the risk. As digital transformation accelerates, public infrastructure like energy and healthcare face increasing exposure to ransomware and espionage. Read more

NCSC Publishes Roadmap for Post-Quantum Cryptography Migration

The NCSC has published official guidance on migrating to post-quantum cryptography (PQC) to protect against future quantum computing threats. The document urges critical infrastructure operators to begin preparations now, with system discovery and risk assessments expected by 2028. Full migration should be completed by 2035. The roadmap highlights the need for cryptographic agility and risk-based planning in anticipation of quantum threats. Read more

UK Government to Update Software Vendor Security Code of Practice

Following a public consultation, the UK government will publish a revised voluntary code of practice for software vendors later this year. The updated framework will include clearer technical requirements and a new attestation mechanism for vendors to demonstrate compliance. The initiative aims to raise the standard of cybersecurity in commercial software used by UK businesses and public services. Read more

Google Patches Actively Exploited Chrome Zero-Day (CVE-2025-2783)

Google has released an emergency update for Chrome to patch CVE-2025-2783, a high-severity zero-day vulnerability that was being actively exploited in the wild. The flaw allowed attackers to bypass sandbox protections. All users are urged to update their browsers immediately. This marks the second major Chrome zero-day reported in 2025. Read more

UK Considers Ransomware Payment Ban for Public Sector

A proposal to ban ransomware payments by UK public sector and critical infrastructure organizations is under review. While the policy aims to discourage threat actors, experts warn that it may increase the pressure on under-prepared organizations and push attacks toward entities with no ability to recover quickly