Buzz & Beyond: Ncsc feed

Improving your response to vulnerability management. How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

Trending

Improving your response to vulnerability management. How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

Improving your response to vulnerability management. How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

Source: NCSC Feed

Published: Feb, 09 2026 20:24

How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

Continue reading...

Can you help the NCSC with the next p...

Can you help the NCSC with the next phase of EASM research?. Organisations with experience in external attack surface... Can you help the NCSC with the next phase of EASM research?. Organisations with experience in external attack surface management can help us shape future ACD 2.0 services.

Cloud Security Posture Management: si...

Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle?. CSPM tools are big business. ... Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle?. CSPM tools are big business. Could they be the answer to your cloud configuration problems?.

One small step for Cyber Resilience T...

One small step for Cyber Resilience Test Facilities, one giant leap for technology assurance. CRTFs are helping organ... One small step for Cyber Resilience Test Facilities, one giant leap for technology assurance. CRTFs are helping organisations to make informed, risk-based decisions on the adoption of technology products.

Designing safer links: secure connect...

Designing safer links: secure connectivity for operational technology. New principles help organisations to design, r... Designing safer links: secure connectivity for operational technology. New principles help organisations to design, review, and secure connectivity to (and within) OT systems.

The Government Cyber Action Plan: str...

The Government Cyber Action Plan: strengthening resilience across the UK. With GCAP, the UK government is taking deci... The Government Cyber Action Plan: strengthening resilience across the UK. With GCAP, the UK government is taking decisive steps towards a safer, more resilient future.

Cyber deception trials: what we’ve le...

Cyber deception trials: what we’ve learned so far. An update on the NCSC's trials to test the real-world efficacy of ... Cyber deception trials: what we’ve learned so far. An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.

Most Viewed

Improving your response to vulnerability management. How ...

Improving your response to vulnerability management. How to ensure the ‘organisational ... Improving your response to vulnerability management. How ...

Can you help the NCSC with the next phase of EASM researc...

Can you help the NCSC with the next phase of EASM research?. Organisations with experie... Can you help the NCSC with the next phase of EASM researc...

Cloud Security Posture Management: silver bullet or anoth...

Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle?.... Cloud Security Posture Management: silver bullet or anoth...

One small step for Cyber Resilience Test Facilities, one ...

One small step for Cyber Resilience Test Facilities, one giant leap for technology assu... One small step for Cyber Resilience Test Facilities, one ...

Designing safer links: secure connectivity for operationa...

Designing safer links: secure connectivity for operational technology. New principles h... Designing safer links: secure connectivity for operationa...

The Government Cyber Action Plan: strengthening resilienc...

The Government Cyber Action Plan: strengthening resilience across the UK. With GCAP, th... The Government Cyber Action Plan: strengthening resilienc...

Cyber deception trials: what we’ve learned so far. An upd...

Cyber deception trials: what we’ve learned so far. An update on the NCSC's trials to te... Cyber deception trials: what we’ve learned so far. An upd...

Prompt injection is not SQL injection (it may be worse). ...

Prompt injection is not SQL injection (it may be worse). There are crucial differences ... Prompt injection is not SQL injection (it may be worse). ...

Provisioning and managing certificates in the Web PKI. Ho...

Provisioning and managing certificates in the Web PKI. How service owners should secure... Provisioning and managing certificates in the Web PKI. Ho...

Updating our guidance on security certificates, TLS and I...

Updating our guidance on security certificates, TLS and IPsec. The NCSC has updated 3 k... Updating our guidance on security certificates, TLS and I...

Building trust in the digital age: a collaborative approa...

Building trust in the digital age: a collaborative approach to content provenance techn... Building trust in the digital age: a collaborative approa...

What makes a responsible cyber actor: introducing the Pal...

What makes a responsible cyber actor: introducing the Pall Mall industry consultation o... What makes a responsible cyber actor: introducing the Pal...

Historical Trends

Cyber security for construction businesses. Guidance to help the construction industry improve the security and resilience of their business against cyber threats.

Cyber security for construction businesses. Guidance to help the construction industry ... Cyber security for construction businesses. Guidance to h...

NCSC Feed

Cyber insurance guidance. Cyber security considerations for organisations thinking about taking out cyber insurance.

Cyber insurance guidance. Cyber security considerations for organisations thinking abou... Cyber insurance guidance. Cyber security considerations f...

NCSC Feed

Configuring Microsoft Outlook 365's 'Report Phishing' add-in. How to report emails to the NCSC's Suspicious Email Reporting Service (SERS) using the 'Report Phishing' add-in for Microsoft Outlook 365.

Configuring Microsoft Outlook 365's 'Report Phishing' add-in. How to report emails to t... Configuring Microsoft Outlook 365's 'Report Phishing' add...

NCSC Feed

Buying and selling second-hand devices. How to erase the personal data from your phone, tablets, and other devices (and why it's important when you're buying and selling them).

Buying and selling second-hand devices. How to erase the personal data from your phone,... Buying and selling second-hand devices. How to erase the ...

NCSC Feed

Business email compromise: defending your organisation. How to disrupt email phishing attacks that target senior executives or budget holders.

Business email compromise: defending your organisation. How to disrupt email phishing a... Business email compromise: defending your organisation. H...

NCSC Feed

Business communications - SMS and telephone best practice. How to ensure your organisation's SMS and telephone messages are effective and trustworthy.

Business communications - SMS and telephone best practice. How to ensure your organisat... Business communications - SMS and telephone best practice...

NCSC Feed

Building and operating a secure online service. Guidance for organisations that use, own, or operate an online service who are looking to start securing it.

Building and operating a secure online service. Guidance for organisations that use, ow... Building and operating a secure online service. Guidance ...

NCSC Feed

Engaging with Boards to improve the management of cyber security risk. How to communicate more effectively with board members to improve cyber security decision making.

Engaging with Boards to improve the management of cyber security risk. How to communica... Engaging with Boards to improve the management of cyber s...

NCSC Feed

Authentication methods: choosing the right type. Recommended authentication models for organisations looking to move 'beyond passwords'.

Authentication methods: choosing the right type. Recommended authentication models for ... Authentication methods: choosing the right type. Recommen...

NCSC Feed

Asset management. Implementing asset management for good cyber security.

Asset management. Implementing asset management for good cyber security. Asset management. Implementing asset management for good ...

NCSC Feed

Approaching enterprise technology with cyber security in mind. How organisations can approach enterprise technology in order to deter cyber attacks.

Approaching enterprise technology with cyber security in mind. How organisations can ap... Approaching enterprise technology with cyber security in ...

NCSC Feed

AI and cyber security: what you need to know. Understanding the risks - and benefits - of using AI tools.

AI and cyber security: what you need to know. Understanding the risks - and benefits - ... AI and cyber security: what you need to know. Understandi...

NCSC Feed

Advice for End Users. We recommend that guidance is given to all remote and mobile users on how to keep information on their devices safe and secure.

Advice for End Users. We recommend that guidance is given to all remote and mobile user... Advice for End Users. We recommend that guidance is given...

NCSC Feed

Actions to take when the cyber threat is heightened. When organisations might face a greater threat, and the steps to take to improve security.

Actions to take when the cyber threat is heightened. When organisations might face a gr... Actions to take when the cyber threat is heightened. When...

NCSC Feed

Acquiring, managing, and disposing of network devices. Advice for organisations on the acquisition, management and disposal of network devices.

Acquiring, managing, and disposing of network devices. Advice for organisations on the ... Acquiring, managing, and disposing of network devices. Ad...

NCSC Feed

'Smart' security cameras: Using them safely in your home. How to protect 'smart' security cameras and baby monitors from cyber attack.

'Smart' security cameras: Using them safely in your home. How to protect 'smart' securi... 'Smart' security cameras: Using them safely in your home....

NCSC Feed

A method to assess 'forgivable' vs 'unforgivable' vulnerabilities. Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.

A method to assess 'forgivable' vs 'unforgivable' vulnerabilities. Research from the NC... A method to assess 'forgivable' vs 'unforgivable' vulnera...

NCSC Feed

Vulnerability Scanning: Keeping on top of the most common threats. Vulnerability Scanning solutions offer a cost-effective way to discover and manage common security issues.

Vulnerability Scanning: Keeping on top of the most common threats. Vulnerability Scanni... Vulnerability Scanning: Keeping on top of the most common...

NCSC Feed

Identifying suspicious credential usage. How NCSC guidance can help organisations detect and protect themselves from credential abuse.

Identifying suspicious credential usage. How NCSC guidance can help organisations detec... Identifying suspicious credential usage. How NCSC guidanc...

NCSC Feed

ACD 2.0: Insights from the external attack surface management trials. We publish the results of our ACD 2.0 external attack surface management (EASM) trials.

ACD 2.0: Insights from the external attack surface management trials. We publish the re... ACD 2.0: Insights from the external attack surface manage...

NCSC Feed

Making Principles Based Assurance a reality. An update on the work to make Principles Based Assurance (PBA) usable in practice.

Making Principles Based Assurance a reality. An update on the work to make Principles B... Making Principles Based Assurance a reality. An update on...

NCSC Feed

New interactive video - and related downloads - to help secondary school kids stay safe online. A new initiative, aimed at 11 to 14-year-olds, that helps them navigate the risks of online life.

New interactive video - and related downloads - to help secondary school kids stay safe... New interactive video - and related downloads - to help s...

NCSC Feed

The future of Technology Assurance in the UK. Chris Ensor highlights some important elements of the NCSC's new Technology Assurance strategy.

The future of Technology Assurance in the UK. Chris Ensor highlights some important ele... The future of Technology Assurance in the UK. Chris Ensor...

NCSC Feed

Are you hungry? A two-part blog about risk appetites. Risk appetites; what are they, what’s their purpose, how do organisations go about defining them?.

Are you hungry? A two-part blog about risk appetites. Risk appetites; what are they, wh... Are you hungry? A two-part blog about risk appetites. Ris...

NCSC Feed

Zero trust 1.0. Zero trust architecture design principles 1.0 launched.

Zero trust 1.0. Zero trust architecture design principles 1.0 launched. Zero trust 1.0. Zero trust architecture design principles...

NCSC Feed

Defending software build pipelines from malicious attack. Compromise of your software build pipeline can have wide-reaching impact; here's how to tackle the problem.

Defending software build pipelines from malicious attack. Compromise of your software b... Defending software build pipelines from malicious attack....

NCSC Feed

Supplier assurance: having confidence in your suppliers. Questions to ask your suppliers that will help you gain confidence in their cyber security.

Supplier assurance: having confidence in your suppliers. Questions to ask your supplier... Supplier assurance: having confidence in your suppliers. ...

NCSC Feed

Why cloud first is not a security problem. Using the cloud securely should be your primary concern - not the underlying security of the public cloud.

Why cloud first is not a security problem. Using the cloud securely should be your prim... Why cloud first is not a security problem. Using the clou...

NCSC Feed

NCSC IT: There's confidence and then there's SaaS. Raising a cheer for SaaS vendors who respond to our cloud security principles.

NCSC IT: There's confidence and then there's SaaS. Raising a cheer for SaaS vendors who... NCSC IT: There's confidence and then there's SaaS. Raisin...

NCSC Feed

Protecting parked domains for the UK public sector. Non-email sending (parked) domains can be used to generate spam email, but they're easy to protect.

Protecting parked domains for the UK public sector. Non-email sending (parked) domains ... Protecting parked domains for the UK public sector. Non-e...

NCSC Feed

There's a hole in my bucket. ...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'.

There's a hole in my bucket. ...or 'Why do people leave sensitive data in unprotected A... There's a hole in my bucket. ...or 'Why do people leave s...

NCSC Feed

Equities process. Publication of the UK’s process for how we handle vulnerabilities.

Equities process. Publication of the UK’s process for how we handle vulnerabilities. Equities process. Publication of the UK’s process for how...

NCSC Feed

Protecting system administration with PAM. Remote system administration provides powerful and flexible access to systems and services.

Protecting system administration with PAM. Remote system administration provides powerf... Protecting system administration with PAM. Remote system ...

NCSC Feed

The near-term impact of AI on the cyber threat. An NCSC assessment focusing on how AI will impact the efficacy of cyber operations and the implications for the cyber threat over the next two years.

The near-term impact of AI on the cyber threat. An NCSC assessment focusing on how AI w... The near-term impact of AI on the cyber threat. An NCSC a...

NCSC Feed

Organisational use of Enterprise Connected Devices. Assessing the cyber security threat to UK organisations using Enterprise Connected Devices.

Organisational use of Enterprise Connected Devices. Assessing the cyber security threat... Organisational use of Enterprise Connected Devices. Asses...

NCSC Feed

The cyber threat to Universities. Assessing the cyber security threat to UK Universities.

The cyber threat to Universities. Assessing the cyber security threat to UK Universities. The cyber threat to Universities. Assessing the cyber sec...

NCSC Feed

An RFC on IoCs – playing our part in international standards. The NCSC has published a new RFC on Indicators of Compromise to support cyber security in protocol design - and hopes to encourage more cyber defenders to engage with international standards.

An RFC on IoCs – playing our part in international standards. The NCSC has published a ... An RFC on IoCs – playing our part in international standa...

NCSC Feed

So long and thanks for all the bits. Ian Levy, the NCSC’s departing Technical Director, discusses life, the universe, and everything.

So long and thanks for all the bits. Ian Levy, the NCSC’s departing Technical Director,... So long and thanks for all the bits. Ian Levy, the NCSC’s...

NCSC Feed

New 'Connected Places' infographic published. A new visual guide to the cyber security principles that are essential when developing and managing ‘smart cities’.

New 'Connected Places' infographic published. A new visual guide to the cyber security ... New 'Connected Places' infographic published. A new visua...

NCSC Feed

NCSC's cyber security training for staff now available. The NCSC’s e-learning package 'Top Tips For Staff' can be completed online, or built into your own training platform.

NCSC's cyber security training for staff now available. The NCSC’s e-learning package '... NCSC's cyber security training for staff now available. T...

NCSC Feed

Erasing data from donated devices. How charities can erase personal data from donated laptops, phones and tablets, before passing them on.

Erasing data from donated devices. How charities can erase personal data from donated l... Erasing data from donated devices. How charities can eras...

NCSC Feed

Cloud security made easier with Serverless. Our research shows that using Serverless components makes it easier to get good security in the cloud.

Cloud security made easier with Serverless. Our research shows that using Serverless co... Cloud security made easier with Serverless. Our research ...

NCSC Feed

Cyber Essentials Plus is for charities too!. Sara Ward, the CEO of Black Country Women's Aid, discusses her organisation's experience of gaining Cyber Essentials Plus certification.

Cyber Essentials Plus is for charities too!. Sara Ward, the CEO of Black Country Women'... Cyber Essentials Plus is for charities too!. Sara Ward, t...

NCSC Feed

Helping organisations - and researchers - to manage vulnerability disclosure. Ollie N explains the thinking behind the NCSC’s new Vulnerability Disclosure Toolkit, which is now available to download.

Helping organisations - and researchers - to manage vulnerability disclosure. Ollie N e... Helping organisations - and researchers - to manage vulne...

NCSC Feed

Refreshed 'cyber security toolkit' helps board members to govern online risk. Lindy Cameron, CEO, introduces changes to the NCSC’s cyber security resources specifically designed for board members.

Refreshed 'cyber security toolkit' helps board members to govern online risk. Lindy Cam... Refreshed 'cyber security toolkit' helps board members to...

NCSC Feed

Growing positive security cultures. If your security culture isn't improving naturally, here's what you can do about it.

Growing positive security cultures. If your security culture isn't improving naturally,... Growing positive security cultures. If your security cult...

NCSC Feed

Check your email security, and protect your customers. Free online tool from the NCSC prevents cyber criminals using your email to conduct cyber attacks.

Check your email security, and protect your customers. Free online tool from the NCSC p... Check your email security, and protect your customers. Fr...

NCSC Feed

Cyber Security Toolkit for Boards: updated briefing pack released. New presentation includes voiceover and insights on ransomware attack on the British Library.

Cyber Security Toolkit for Boards: updated briefing pack released. New presentation inc... Cyber Security Toolkit for Boards: updated briefing pack ...

NCSC Feed

Firmware updates on Linux, and using data to influence procurement decisions. Focused on automating UEFI firmware updates on Windows devices.

Firmware updates on Linux, and using data to influence procurement decisions. Focused o... Firmware updates on Linux, and using data to influence pr...

NCSC Feed

What exactly should we be logging?. A structured look at what data to collect for security purposes and when to collect it.

What exactly should we be logging?. A structured look at what data to collect for secur... What exactly should we be logging?. A structured look at ...

NCSC Feed