Category: Tech

The concept of security awareness training is traditionally one of static procedures, including online training and tests, phishing simulations, and physical elements such as posters and displays.

This is all practical for compliance, but does this concept move with the times? In a world where AI is king, how does awareness training fit with this technology trend? As an example, delegates at KnowBe4’s recent user conference in London heard how the company’s more AI-driven direction is taking shape.

Increase in agents

CEO Bryan Palma predicts that AI would lead to an increase in the number of people and agents saying that “AI makes us more productive”, and with the number of agents being deployed in cyber security increasing. This could result in fewer people being employed; however, the attitude at KnowBe4 is to train the workforce regardless of whether they are man or machine.

“We don’t care as, ultimately, we’re going to prepare your organisation and your workforce to be trained correctly and be an advantage for you in the market,” he says. “Now it is probably 100% humans we train and zero agents, tomorrow it may be 60 humans and 65 agents – we’re not going to care.”

That movement towards agents, and supporting them as much as employees, is particularly forward-looking as the adoption of AI-based options increases. Palma claims that this adoption of support for agents is “about security culture, and that is really the outcome that we’re trying to build”.

He says: “The reality is that agents will be part of your security culture, and bots will be part of your world. If we turn the clock forward a few years, you will have multiple bots that work for you, and you’re going to tell them to do things, and they will work independently, and instead of managing only people, you’re going to need to manage bots as well.”

This move is all about culture, and agents have to be part of that culture “just as humans would be”, he explains.

Workforce trust management

Palma states that the company’s direction is towards the concept of “workforce trust management”, an extension of the original security awareness training and the more commonly used term “human risk management”.

He explains that workforce trust management considers autonomous security, which governs and trains both humans and AI agents, as the workforce will be diverse: “You need to protect them all, as each can be a vulnerability.”

The obvious question is how AI and automated functions are changing both workforce trust management and KnowBe4’s core awareness and training mission? Sitting with Palma, Computer Weekly had the opportunity to ask him about this move towards automation and if there was enough of a grasp of the roll-out of automated tasks in the way that KnowBe4’s technology works.

Palma says the company was thinking about it and developing around it, and then when he joined the firm, he realised both the impact of this from other things that he has done and the need to accelerate development.

“I’ve put more focus on it; I’m putting more investment behind it. I want to accelerate what we’re doing, but we have six agents in the market – we were already doing this, and it becomes critical because it just allows our system to run better,” he says.

Is there more demand from customers for that kind of automation in a workforce trust management offering? He explains that one of its agents creates a phishing landing page to save time for the IT and cyber security teams to build new versions of the phishing tests continually.

Donna Huggett, information security education and awareness manager at Belron – the parent organisation of Autoglass and Safelite – tells Computer Weekly that she uses KnowBe4 for phishing simulations. The AI-enabled technology “actually helps us massively cut down quite a huge chunk of work”, as time was previously spent on developing templates and choosing the right one to use, the options in the AIDA technology do the work for you.

She also said this determines the level of phishing message to be sent to an employee, for those who need to be challenged more and who will receive slightly harder emails. “And that’s all automated now, so that’s a massive help,” she says.

Paul Maxwell, cyber security engineer at retailer Poundland, says he primarily uses KnowBe4 for phishing simulation, and used 115 templates, but found that some were no longer working. This required new templates to be built, and it “was adding 35 hours a month” to his workload as users became savvier, and he needed to create new emails.

“I spent a good couple of hours at night, just thinking ‘That’s a good one, that’s going to catch people out’. With that kind of stuff, you can’t just go half measure, you’ve really got to try and catch them out,” he says. “Because if you don’t catch them out, you don’t help them learn.”

He explains that the most effective options were those that appeared to come from HR, such as clicking to claim annual leave, and finance and IT issues, including updating to Windows 11. However, the staff engagement has seen an increase in reported phishing attacks. While Maxwell admits that each alert takes time to investigate, he acknowledges that the platform has been really helpful.

“This is exactly what I need: firstly to help me move security forward in the business, but also to be able to take a step back and look at other areas I need to focus on,” he adds.

Automated agents

In terms of automated agents, Computer Weekly asked Palma if the intention was to add machine learning to enable the examples above, and if it could get to the level where it could replace the practitioner’s need to do awareness training by determining the right campaign for employees?

Palma explains that people are overlooking this link and are moving directly to AI, while the human link is vital; there is machine learning involved. “Everybody wants to think GenAI, everybody wants to think next generation: we’ve had lots of machine learning and regular vanilla AI for a long time, and that’s still very meaningful and that still does a lot of the work, but conceptually it will absolutely look and say, ‘Hey, these are the mistakes you’re making’, or ‘These are the mistakes the system is making’ and how you solve that.”

Palma says that the development of agents has increased over the past year, and he sees a future where “our email, our training, our compliance is all going to be in one single platform”, which will allow KnowBe4 to add in components and capabilities as it moves forward.

Different-sized businesses

Palma also discussed whether small- and medium-sized enterprises (SMEs) are more adaptable to a changing technology concept, compared to a large organisation that has been retrospectively building in security since the 1990s.

“I think the bigger organisations have more people, they have more process, they tend to move slower,” he says. “The smaller organisations are going to be very efficient – among many of our SMEs, they don’t have a CISO, and they don’t have an information security department.

“Now, if they have three or four agents that can help them around workforce trust, they’re going to be really happy about that. So, I think adoption at that part of the market is going to be faster and quicker.”

This move to offer automated technologies is one where the company can move with the times, but the question is how adaptive are the practitioners to this new form of technology to do this straightforward task? Creating phishing templates is time-consuming, and creating new emails takes time and effort, and we have not really begun considering the energy required to filter through the phishing simulation results.

It is interesting to see this adoption of the newer ways of working, and perhaps the next step will be for practitioners to go all in on an agentic approach. Being able to offload a cumbersome task and see the results without hours of extra work would surely be worth the effort.

Source

Leicester-based Cambridge and Counties Bank has been using a modern middleware platform from SnapLogic to help it drive out manual processes.

Chief transformation officer (CTO) David Holton has worked at the 10-year-old bank for four years and is responsible for integrating more technology into the bank and its processes. Cambridge and Counties Bank operates mainly in the real estate finance and asset finance markets serving small and medium-sized enterprises (SMEs).

“Our bank was set up primarily through a manual underwriting lens to assess things that were a little bit harder, but we thought we could overcome,” says Holton, who describes the work with SnapLogic as “trying to reimagine the asset finance business”, including financing required by SMEs that need to purchase machinery.

While the majority of the bank’s balance sheet covers real estate, Holton says asset finance propositions are highly manual: “A lot of the benefit to your broker or your customer is pace, so the ability to get back quickly is quite a differentiator, but we find this very difficult with a highly manual process.” 

According to Holton, working with SnapLogic has enabled the bank to remove a lot of the point-to-point integrations between systems that it previously needed, which has gotten rid of much of the manual work its staff used to do as SnapLogic connects data sources.

While the bank is just 10 years old, it has evolved during this time, which means some of its IT systems may not be functioning the way the bank currently operates. Holton has spent the past few years building on the bank’s expertise in understanding the business processes. “Things have drifted into a process that we don’t necessarily need to do anymore,” he says.

The old system needed a workaround to get access to data – which is now available using SnapLogic – meaning that the business process had to be revisited. “In some ways, process rationalisation is as important as the new technology,” adds Holton.

Partnership based on business value

Holton describes the way the bank has been working with SnapLogic as a partnership: “When I’m working with SnapLogic, I’m looking at the business outcomes I want to achieve, and then I ask them to help me deliver that rather than setting out a very detailed set of business requirements for building a widget. That’s quite a different way of working.”

For instance, Holton says the bank has partnered with SnapLogic for a specific piece of work looking at agentic AI: “SnapLogic experts have effectively come in-house with us to help us build on their AI environment because this is emerging tech. So, we’re leveraging their expertise.”

“Any AI system that I bring in has to empower colleagues to do more [face-to-face interation], not less”

David Holton, Cambridge and Counties Bank

Discussing the possibilities of AI at the bank, Holton says: “Obviously, there’s a lot of narrative about the risks, which need to be managed and far more understood.” While some banks may consider AI-powered chatbots as online interactions with their customers, Holton says Cambridge and Counties Bank believes the real value it provides is in the face-to-face human interaction it has with its customers, adding: “Any AI system that I bring in has to empower colleagues to do more of that, not less.”

Holton does not see AI replacing humans in the bank’s customer dialogue and relationship. However, he says: “I do see AI replacing humans in the processing and the non-value-add tasks that are necessary to get the customer what they need. ” These are the tasks that need to happen in the background, which, for Holton, means that customer does not necessarily see as valuable.

Given that there is so much AI hype, Holton believes that IT and business leaders need to have a thorough grasp of the business proposition and the customer. He says that this understanding is as important now in the era of AI innovation as in previous technology waves, such as digital innovation.

“You’ve got to be very clear on your business proposition before you go on the AI journey,” he says. “There’s a risk that if you don’t set your stall out at the start and really understand what it is that your customers value and what you value about your offering, you could end up running down the road to greater efficiency and using an AI agent to achieve this.”

As Holton notes, if businesses replace too many facilities and tasks with AI agents, customers may actually move away.

Source

2025 was a wild ride for cyber security. The landscape is shifting faster than ever, and several themes stand out when I think about the most important cyber security lessons from the year.

Nation-state risk remains constant. In June, US authorities urgently warned companies to prepare for Iranian cyber attacks. This is just one example of the environment we’re in. Security teams must be ready to defend at a moment’s notice. Threats will mix disinformation and low-level disruption with more sophisticated tradecraft, all of which combined can have destructive consequences.

Human vulnerability is a favourite target of attackers. We continue to see this point proved by the cyber criminal group Scattered Spider, who focused on the insurance sector last June, using classic social engineering techniques to prove that humans are oftentimes the weakest link. If you’re relying only on technology, you’re missing the mark: attackers will always find a way in through people.

AI’s rise pressures us to modernise, but introduces new gaps.  Enterprise adoption of generative AI surged in 2025. Traffic to generative AI sites jumped by 50%, while 68% of employees used free-tier tools, and 57% admitted to pasting sensitive data into them. With this, it’s key to remember that AI-generated exploits and misinformation are already here. The security community needs to zero in on model manipulation techniques like prompt injection and proactively test these AI systems through the eyes of the attackers. Crowd-led testing remains one of our strongest defenses, even across new and evolving attack vectors. Diverse human researchers can catch what others miss.

Accountability is no longer optional. Governance is catching up. Take the Qantas incident as an example. After a breach exposed millions of customer records, the airline tied executive bonuses to cyber security outcomes. Docking CEO pay sends a clear message that the accountability for funding, prioritising, and evangelising security practices sits with the CEO and senior leadership team.

Critical infrastructure remains a soft target. Recent third-party attacks like the cyber disruption at European airports caused by a breach in check-in software last September remind us that the human impact of cyber risk can’t be abstract. Critical infrastructure is a soft target for cyber criminals. Disruptions to services leveraged by millions represent a growing threat. Zero trust and privileged access controls should be non-negotiable in all industries, but especially critical infrastructure, where their security stack is outdated or built on legacy systems.

In 2025, we found that the threats we face are more personal, more technical, more interconnected, and more tied to accountability. When I look forward and consider what 2026 has in store for all of us, I see six major trends emerging or continuing to grow.

1. Attack sophistication and scale will continue to accelerate.

In 2026, the pace and sophistication of cyber attacks will reach levels that are increasingly difficult to anticipate. Organisations will be less focused on identifying whether attacks come from criminal groups or nation-state actors and more focused on how to respond effectively when an incident occurs.

2. Critical infrastructure remains a prime target.

Attacks against critical infrastructure will remain a top concern. Hardware security, including IoT devices, pipelines, and water systems, will continue to be key risk areas, requiring organisations to prioritise protective measures across the evolving attack surface.

3. Security controls must adapt to diversity of attacks.

The variety of attacks will keep expanding, and security teams will need to implement flexible, effective controls that balance access and protection. Ensuring that employees understand how to identify threats and escalate concerns will be critical to maintaining resilience in this complex landscape.

4. AI confidence can mislead.

In 2026, AI-generated outputs will continue to present information confidently, even when incorrect. As organisations rely on AI for efficiency, reports on threats or incidents may be confidently wrong, creating noise that security teams must cut through to identify real risks.

5. Human oversight remains critical.

The rise of AI-driven hallucinations, deepfakes, and lifelike synthetic media will make it harder for non-technical users to discern reality from AI-generated content. Organisations will need to foster a culture of human validation and critical thinking, ensuring that teams understand AI’s capabilities and limitations.

6. Trust and verification will evolve.

With AI changing how information is created and shared, individuals and organisations will need new methods for verifying content. In 2026, security teams and broader stakeholders will face a culture and mindset shift: determining what to trust, what to validate, and how to respond responsibly to AI-driven outputs.

As defenders, we must embrace people-centric security, rigorously test with human insight, and demand leadership that treats cyber security as a business imperative.

Dave Gerry is CEO at crowdsourced cyber security platform Bugcrowd.

Source

Mamun_Sheikh/Shutterstock

Waze sets itself apart from the competition, like Google Maps, by making the experience more engaging. For starters, it’s focused on car and bike drivers, versus generalized maps and traffic alerts. That means, Waze is a great app to use if you’re looking to find the best possible route to somewhere, especially fast. But also, Waze uses social cues — those funny emojis — to show you what’s going on at any given time. You can see road hazards, accidents, potential police traps, and other drivers, all denoted by smiling or emotive icons on the map. There are some other differences in how they operate and how they’re used — Waze can show you local gas prices, for example — but the big callout is that they’re both owned by Alphabet, and Waze is a subsidiary. That means Google Maps and Waze are similar when it comes to data collection and privacy, and all that information goes to the same source.

If you have a problem with how Google handles data collection, you’ll likely have the same problem with Waze. That’s worth considering. According to the Waze privacy policy, hosted by Google support, by the way, information you provide includes account details, usernames, phone numbers, home and work addresses, and other addresses you save in the app, your car’s details, destinations you visit, search queries, calendar info, and files you upload to the service. Additional metadata related to your device, browser, and app usage may also be collected. Waze may also collect information “about you from […] partners,” including, but not limited to, unique advertising IDs, local storage, browser web storage, app data caches, databases and server logs. It’s not necessarily clear exactly what info these data stores contain, but it’s safe to assume anything related to Waze or Google’s services is scooped up.

Google Maps and Waze also share features

Harry Howitt/Shutterstock

When Google acquired Waze, it began incorporating some of the features into Google Maps, which is why they now look so similar if you use them both. For example, in 2021, Google Maps was updated so it now displays prices of tolls, a feature it borrowed from Waze. In addition, Waze community incident reports now show up in Google Maps. There’s still a clear difference between the two if you pit them against each other in a Google Maps versus Waze matchup. But this feature sharing also helps to back up the idea that Google Maps and Waze share similar data management policies. If the two apps are sharing community reporting of road incidents, well, you can figure out the rest — they’re also sharing data, period.

If you want to take a deep dive into what kind of road and geographic data Waze and Google’s apps are collecting, the full list from Google Support is pretty substantive. It does appear like the two apps and services share at least some real-time data, as well, even if Waze is tailored to show more of it to drivers and users. They share infrastructure for sure, but not necessarily all data collected, but if it’s going to the same place — Alphabet’s databases — does that truly even matter?

When all is said and done, if you’re going to use Waze, it’s worth noting the infrastructure and data sharing capabilities, and if you’re against how Google handles data and privacy, it might be worth avoiding both apps, Google Maps included.

Source

The use of “trusted” digital ID software to verify your identity online in the UK has taken on a statutory footing as of 1 December.

The measures contained in the Data (Use and Access) Act, which became law in June this year, have now taken effect, introducing a formal and legally backed set of standards and governance rules with which all certified providers of digital verification services (DVS) must conform.

The move is intended to provide the public with confidence when using certified digital identity apps, through a framework that shows suppliers are considered trustworthy.

The statutory regime is also likely to underpin the UK government’s plans for a national digital ID scheme, which was announced by prime minister Keir Starmer in September, and is due to go through a consultation phase early next year.

The statutory system formalises processes that have been in place on a trial basis for some time. Suppliers of DVS tools have to conform to the government’s Digital Identities and Attributes Framework (DIATF) and associated codes that add further specifications for use cases such as right to work or right to rent checks.

Once certified, suppliers are listed on a statutory register and will be able to use a trust mark to prove their conformance for potential users. So far, 48 DVS providers who have gained DIATF certification have applied to join the register.

“This regime of standards, governance and oversight helps to ensure the public can trust digital verification services offered under it in the UK,” said John Peart, CEO of the Office for Digital Identities and Attributes (OfDIA), which oversees the framework.

Critical time for digital identity

The move comes at a critical time for digital identity in the UK. Suppliers were blindsided by Starmer’s announcement of a national digital ID scheme that will be mandatory for right-to-work checks by 2029. Many in the sector believe such a national scheme undermines all the work and investment they have put in to developing apps and achieving conformance to the statutory regime.

Today (2December 2025), representatives of DIATF-certified DVS providers are meeting with Darren Jones, Starmer’s chief secretary, who has taken on policy responsibility in the Cabinet Office for the digital ID plan.

Last week’s Autumn Budget revealed that government has put aside £1.8bn to develop the national scheme, which many suppliers say is a needless expense when they already provide apps that can deliver right-to-work checks and other services within the scope of the government proposals.

“[Government] is proposing to add £1.8bn of new costs to build a system that duplicates DVS,” said Adrian Field, director of market development at digital ID supplier OneID, writing on LinkedIn.

“Is this the best use of taxpayer funds? [The] private sector has proven that ID services can be delivered far more effectively and at far cheaper cost – why not use the efficient, effective services more?”

The meeting with Jones came about after industry representatives requested a formal collaboration on the government scheme.

The Association of Digital Verification Professionals wrote an open letter to Jones, to request a meeting to propose a cross-sector forum to “support clarity and alignment” on the digital identity scheme, noting that government messaging on its policy has made no mention of the DIATF regime.

“For over a decade, with cross-party support, the UK has developed the Digital Identity and Attribute Trust Framework – a voluntary model that protects individual rights, lets government regulate and allows industry to innovate,” the letter said.

“It is unclear whether the aim is a new national digital ID stored in certified private wallets, a single credential sitting solely in the Gov.uk Wallet accessed by certified DVS providers (the current plan), or something entirely different. Each variation represents a fundamentally different social and economic model. This uncertainty risks market stability, discourages investment and weakens trust across the entire digital ecosystem – not just government.”

An online petition opposing the introduction of digital ID in the UK has gathered almost three million signatures, and many DVS providers are privately outraged at the government’s proposals.

MPs on the Home Affairs Committee launched an inquiry in June 2025 into the introduction of new forms of digital ID. At a hearing last month, the MPs were warned that a mandatory digital ID could pave the way for greater mass surveillance and digital exclusion, and would fail to deliver Starmer’s suggested benefits of reducing illegal migration or preventing people from working illegally.

Source

Off the back of its expanding agentic AI security vision, identity specialist Okta has turned in a solid third quarter, with revenues up 12% to $742m (£562m), along with reversing a 12 month-ago multimillion dollar GAAP operating loss and booking GAAP net income of $43m, up from $16m year-on-year.

In a signal that strategic decisions taken earlier this year may be paying off, Okta revealed it currently has a subscription backlog of over $4bn, with approximately $2.3bn of that figure set to be recognised in the coming 12 months.

Okta CEO Todd McKinnon, who proclaimed a few short weeks ago that identity security and agentic AI security are basically one and the same, described a solid set of results highlighted by continued strength with large customers and adoption of its new products.

Speaking to Computer Weekly ahead of the results announcement, president and COO Eric Kelleher said: “Coming out of last year we had an important shift in strategy. We realised that going out to Q4 [1 November 2024 – 31 January 2025] our product innovation had accelerated to the point where it was putting a burden on our sales organisation to have to sell all products to all people.

“We made a significant change to specialise our go-to-market organisation on two buyer personas, the enterprise buyer, primarily chief information officers [CIOs] and chief information security officers [CISOs] and the developer buyer, and specialising our platforms as well – the Auth0 platform for developers and the Okta platform for CIOs and CISOs.”

Based on that, Kelleher said that Q1 2026 had been broadly on-track, Q2 had shown improvement and Q3 was “solid against our plans and expectations”.

He said the firm was now having more successful conversations with both of its core audiences and described identity security as never having been more important – something buyers are starting to recognise too, particularly those that have deployed multiple point solutions for different identity scenarios.

“They’re looking for an identity partner that can help them solve all these use cases with a single pane of glass … so we give them the administrative layer to make their businesses more secure.

“When you add to that the industry momentum around agents and people now having a brand new problem to solve with how they secure the identity of agents that are deployed in their environments, we are very optimistic for what the future holds for us,” he added.

AI bubble?

Amid more ambient chatter about an AI bubble – the Organisation for Economic Cooperation and Development’s (OECD’s) latest forecast for the US talks of a key risk to its projections being a “correction to equity markets that have been buoyed by the hopes of high returns to investment in AI” – Kelleher said there would be winners and losers at every level of the AI world at some point, but that regardless of who they may turn out to be, AI agents are not going away.

“People are going to have agents deployed … and the existence of the agents is what creates the need for a platform to secure their identities, irrespective of whatever bubble there may or may not be,” he said.

Source

The UK’s failed attempt to bring a prosecution against two alleged Chinese spies was “shambolic”, “beset by confusion” and suffered from “systemic failures”, a cross-party group of MPs and peers has concluded.

The high-profile espionage case against Christopher Cash and Christopher Berry collapsed in 2024, when the Crown Prosecution Service (CPS) decided there was not sufficient evidence to show that China was a threat to UK national security at the time of the alleged offences.

The CPS abandoned the case despite witness statements from the UK government deputy national security adviser (DNSA), who described China as “the biggest state-based threat to the UK’s economic security” and pointed to state-linked cyber attacks against government and commercial targets, according to the MPs’ report.

The chief prosecution witness in the case, DNSA Matthew Collins, wrote in witness statements that “China’s espionage operations threaten the UK’s economic prosperity and resilience, and the integrity of democratic institutions”, and that China was behind “malicious cyber activity … targeting democratic institutions and Parliamentarians as part of large-scale espionage campaigns”.

The two accused – Cash, a former Parliamentary researcher, and Berry, a teacher – were charged in April 2020 for spying offences under the Official Secrets Act 1911. They were accused of passing information about UK politics, MPs and UK government policy to a Chinese intelligence agent, before subsequently being acquitted after the government dropped the case.

According to a report published today by the Joint Committee on the National Security Strategy (JCNSS), it was “not immediately obvious” that the director of public prosecutions lacked the evidence to show that China was a threat to national security at the time of the alleged offences, given the strength of Collins’ witness statements.

According to the report, prosecutors raised questions about the case against Cash and Berry following a court ruling after the conviction in May 2025 of a Bulgarian spy ring working for the Russian state, led by . The ruling addressed the meaning of the word “enemy” under the Official Secrets Act 1911.

The Court of Appeal found that there was “no reason why the term ‘an enemy’ should not include a country which represents a current threat to the UK”. It went on to say that a jury would be well placed to assess the evidence and facts.

The director of public prosecutions, Stephen Parkinson, told the committee, however, that the Roussev judgment meant prosecutors needed to demonstrate that the “totality of threats posed by China” when the alleged offences took place “made China a threat to national security”.  

Parkinson went on to tell Parliamentarians that prosecutors had been unable to secure evidence that China posed “an active” and “current” threat to UK national security at the time of the alleged offences.

The committee said that events in the case “raised eyebrows”, particularly following a decision to drop the prosecution two days after a meeting between the UK’s national security adviser (NSA), Jonathan Powell, and other officials to “discuss the management of the UK’s bilateral relationship with China”.

The committee said it did not find evidence of a coordinated high-level effort to collapse the prosecution or any deliberate efforts to obstruct it. But it did find evidence of a process “beset by confusion and misaligned expectations”.

Constitutional safeguards designed to protect the independence of criminal proceedings instead “catalysed a crisis of public confidence and fuelled allegations of conspiracy at the highest level of government”, the Parliamentarians found.

Matt Western MP, chair of the joint committee, which has made recommendations to improve the handling of future cases, said he hoped the committee’s investigation would draw a line under the case.

“As the global security environment worsens, sensitive national security cases will arise more frequently. The government must show the public that it is confident in standing up to adversaries when required. Failing to do so will corrode public trust in our institutions,” he added.

Source

We may receive a commission on purchases made from links.

Your Wi-Fi network is basically the beating heart of your smart home. And just like a real heart thrives on good food and exercise, your home network performs best when you optimize a few key variables. The biggest factor? Having a solid router. Sure, your internet provider will happily rent you a modem-router combo, but buying your own gear not only saves you those monthly rental fees — it also gives you the freedom to pick a router that actually delivers the speed and coverage you need.

Routers, though, can get pricey fast. If you’re working with a budget, one smart move is to grab a reliable mid-tier router and then pair it with a Wi-Fi extender. That combo keeps costs down while still boosting performance. We’ve gone over the best Wi-Fi range extenders before, and one standout deal right now is the TP-Link RE315 AC1200 Wi-Fi Extender.

With a 4.2-star rating on Amazon from over 37,000 reviews, it’s a solid choice for both new setups and existing networks. Bonus: it’s a lifesaver if your home has those annoying Wi-Fi dead zones. In a glowing write-up of the AC1200, one Amazon user said, “[I]t’s great for our space. Highly recommend for a strong signal 40 feet away from your access point.” Offering similar praise, another Amazon reviewer said, “If you have dead zones or a building outside your home that needs coverage, this is a fantastic, affordable solution.”

Speed, smarts, and zero dead zones

The TP-Link AC1200 supports dual-band speeds up to 1,200Mbps, and its Adaptive Path Selection feature automatically picks the best Wi-Fi band for your devices. That’s a huge plus if your home or office is packed with phones, laptops, smart TVs, and other connected gear (the AC1200 supports up to 30 connected devices). TP-Link also includes a smart signal indicator, making it easier to find the sweet spot for maximum coverage.

Setup involves downloading the TP-Link Tether app and following the setup wizard. Once it’s paired with your router, the AC1200 can act as a dedicated access point for all your wireless devices — and thanks to its Gigabit Ethernet port, wired devices can get a speed boost too. Unlike mesh systems that rely on primary and satellite nodes to blanket your space, range extenders like the AC1200 simply grab your router’s signal and rebroadcast it, filling in those pesky dead zones without overcomplicating your network. Range extenders are usually less expensive than investing in a mesh system, too — even though the former is typically the better option if you’re building a Wi-Fi network from the ground up.

And adding a Wi-Fi extender isn’t the only thing you can do to improve Wi-Fi speeds for your home or business. To help eradicate dead spots, simple fixes like relocating your router or allocating certain devices to specific Wi-Fi bands can make a big difference in network performance, too.

Source

The US states of Oregon, California and Nevada are home to key players in the artificial intelligence (AI) and cloud ecosystem, all of whom totally rely on low latency and high fibre count to conduct operations. To support their needs, Zayo has completed the build of a long-haul fibre route along a 622-mile corridor spanning the cities of Umatilla, Prineville and Reno (UPR).

The comms infrastructure provider believes the future of AI will be built as much in the ground as it is in the labs and datacentres, and considers its new route as establishing a backbone for how the western US connects, drives and scales AI data, compute and cloud environments.

“While others plan, we’re building the infrastructure that makes AI possible,” said Bill Long, chief product and strategy officer at Zayo. “Without connectivity, datacentres and AI factories are just expensive refrigerators: cold boxes of compute with no way for data to get in or out. We’re delivering the capacity and reach where it’s needed to ensure AI can work, scale and innovate without limits.”

Built with SMF-28 fibre, multiple conduits and 13 Zayo-owned ILAs, the route is engineered for low latency and high fibre count to support the increasing vast workloads of AI and cloud. With its completion, the UPR route integrates into Zayo’s existing West Coast long-haul and subsea network systems, extending connectivity across the western US and strengthening the backbone supporting the region’s growing AI corridor.

In addition, the UPR route connects the West’s emerging AI ecosystems through Zayo’s existing dark fibre networks, which are claimed to be capable of delivering the speed, reliability and scale that AI loads and services demand.

The UPR route is also part of Zayo’s strategy to expand the critical infrastructure powering AI growth across the US. Purpose-built for AI and cloud workloads, the fully owned and operated route connects two of the region’s fastest-growing AI and cloud hubs, through the first direct inland path. It provides a resilient, diverse alternative to the I-5 corridor and is also said to be capable of extending carrier-grade access to unserved and underserved communities across Oregon, California and Nevada.

Zayo’s route is funded in part by the NTIA Middle Mile Grant Program that backs the expansion and extension of middle mile infrastructure across US states and territories with the ultimate purpose of strengthening US high-speed internet networks by reducing the cost of connecting areas that are unserved or underserved to the internet backbone. In total, the programme allocated $980m to fund projects for the construction, improvement or acquisition of middle mile infrastructure covering more than 370 counties across 40 states and Puerto Rico.

Zayo boasts more than 19.5 million fibre miles and 1,700 on-net datacentres already in operation. The UPR route is also part of Zayo’s plan to advance a long-term investment to close infrastructure gaps and expand digital access across the US.

Earlier in 2025, Zayo announced plans to build 5,000 new long-haul route miles by 2030 to proactively address bandwidth bottlenecks, an initiative that it said builds on the same vision of expanding connectivity.

The company concluded that together, these efforts reinforce its role as the network builder connecting where AI actually happens, being a trusted partner for hyperscalers, neoclouds and datacentres powering the world’s most advanced digital ecosystems. 

Source

NHS England is investigating the possibility that it has fallen victim to a prolific ransomware operation, after the Cl0p (aka Clop) gang claimed to have hacked its systems via a post to its dark web leak site made on 11 November.

At the time of writing, Cl0p has not named any specific NHS bodies or leaked any organisational or patient data. Nor have there been any outward-facing signs of a classic ransomware attack, such as IT outages or service disruptions, although Cl0p is among a number of cyber gangs known to conduct attacks that do not result in data encryption, preferring instead to stick to theft and extortion.

However, the NHS appears alongside other names, one of which, US newspaper The Washington Post, has confirmed that it fell victim to a Cl0p attack orchestrated via two distinct vulnerabilities in Oracle’s E-Business suite, patched earlier in the autumn. NHS England’s digital teams published an advisory notice covering the Oracle bugs – CVE-2025-53072 and CVE-2025-62481 – on 23 October.

In a statement circulated to the media, an NHS England spokesperson confirmed there was a live investigation in progress, although they made no mention of ransomware or the Cl0p gang specifically.

“We are aware that the NHS has been listed on a cyber crime website as being impacted by a cyber attack, but no data has been published,” they said.

“Our cyber security team is working closely with the National Cyber Security Centre [NCSC] to investigate.”

The NCSC declined to comment directly on the investigation.

Lack of clarity

Notably, Cl0p’s somewhat vague dark web posting states only that it has hit the NHS, rather than one of the many distinct bodies that comprise Britain’s health service, as Graeme Stewart, Check Point head of public sector, observed.

“Cl0p hasn’t been clear about which part of the NHS they’ve hit, and from their statements, it’s not obvious they fully understand it themselves,” he said.

“That in itself is symptomatic of the wider issue. For NHS cyber security teams, this is simply another day-in-the-life, and that’s the real problem here. So yes, it’s a call to arms and a timely reminder of the need for sustained, sensible investment in NHS cyber security: in people, processes and technology. 

“But to borrow a line from David Byrne: ‘Same as it ever was.’ This is the reality now, and we must ensure the NHS is properly equipped to deal with it,” added Stewart.

Stewart said that behind the scenes, Check Point’s research teams had found healthcare organisations in the UK face over 1,100 cyber attack attempts per organisation per week, making the NHS one of the most targeted organisations in the country.

“Unfortunately,” he added, “it’s something we as a society have almost become accustomed to. These incidents occur every day.”

Earlier this week, Synnovis, a pathology services unit run in part by Guy’s and St Thomas’ and King’s College NHS trusts, began notifying its partners in the NHS of patient data exposure following a Qilin ransomware attack in the summer of 2024, which caused widespread disruption.

Patients impacted in this incident, which primarily affected NHS operations in south London, will be informed if their data was compromised by the relevant NHS organisations.

Source