UK plans for cybercrime law reform would protect almost no one, experts warn
The proposals would require researchers to cease activity the moment a vulnerability is identified, meaning they could not confirm it was real, assess its severity or determine its exploitability.
The British government’s plans to overhaul the country's main cybercrime law would offer such narrow legal protections that most security researchers would be left in the same position as today, multiple sources briefed on the proposals have told Recorded Future News.
Plans to amend the Computer Misuse Act 1990 were announced in the King’s Speech last week following years of campaigning by industry to modernize a law they criticized for prohibiting ordinary cybersecurity activities.
Last December, Security Minister Dan Jarvis pledged the government would introduce a statutory defense — a formal legal protection written into law — protecting researchers from conviction in court, “as long as they meet certain safeguards.” But sources briefed on the plans, which have not previously been reported, say those safeguards are extremely limited.
Source: https://therecord.media/uk-plans-for-cybercrime-law-reform-limited-protections
Related breach coverage
- Shai-Hulud worm copycats emerge after source code leak2026-05-19
Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on GitHub. Researchers had warned this would happen almost immediately, and they were […]
- Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload2026-05-21
Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems from insufficient validation and authentication in REST API endpoints. According to Cisco, remote attackers could […]
- Experts warn of active exploitation of critical NGINX flaw CVE-2026-429452026-05-18
A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited shortly after disclosure. “We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer […]
- Linux Kernel bug Fragnesia allows local root access attacks2026-05-14
Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The flaw affects the XFRM ESP-in-TCP subsystem and could allow local attackers to gain full root access […]