Buzz & Beyond: Ncsc feed

Improving your response to vulnerability management. How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

Trending

Improving your response to vulnerability management. How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

Improving your response to vulnerability management. How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

Source: NCSC Feed

Published: Feb, 09 2026 20:24

How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

Continue reading...

Can you help the NCSC with the next p...

Can you help the NCSC with the next phase of EASM research?. Organisations with experience in external attack surface... Can you help the NCSC with the next phase of EASM research?. Organisations with experience in external attack surface management can help us shape future ACD 2.0 services.

Cloud Security Posture Management: si...

Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle?. CSPM tools are big business. ... Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle?. CSPM tools are big business. Could they be the answer to your cloud configuration problems?.

One small step for Cyber Resilience T...

One small step for Cyber Resilience Test Facilities, one giant leap for technology assurance. CRTFs are helping organ... One small step for Cyber Resilience Test Facilities, one giant leap for technology assurance. CRTFs are helping organisations to make informed, risk-based decisions on the adoption of technology products.

Designing safer links: secure connect...

Designing safer links: secure connectivity for operational technology. New principles help organisations to design, r... Designing safer links: secure connectivity for operational technology. New principles help organisations to design, review, and secure connectivity to (and within) OT systems.

The Government Cyber Action Plan: str...

The Government Cyber Action Plan: strengthening resilience across the UK. With GCAP, the UK government is taking deci... The Government Cyber Action Plan: strengthening resilience across the UK. With GCAP, the UK government is taking decisive steps towards a safer, more resilient future.

Cyber deception trials: what we’ve le...

Cyber deception trials: what we’ve learned so far. An update on the NCSC's trials to test the real-world efficacy of ... Cyber deception trials: what we’ve learned so far. An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.

Most Viewed

Improving your response to vulnerability management. How ...

Improving your response to vulnerability management. How to ensure the ‘organisational ... Improving your response to vulnerability management. How ...

Can you help the NCSC with the next phase of EASM researc...

Can you help the NCSC with the next phase of EASM research?. Organisations with experie... Can you help the NCSC with the next phase of EASM researc...

Cloud Security Posture Management: silver bullet or anoth...

Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle?.... Cloud Security Posture Management: silver bullet or anoth...

One small step for Cyber Resilience Test Facilities, one ...

One small step for Cyber Resilience Test Facilities, one giant leap for technology assu... One small step for Cyber Resilience Test Facilities, one ...

Designing safer links: secure connectivity for operationa...

Designing safer links: secure connectivity for operational technology. New principles h... Designing safer links: secure connectivity for operationa...

The Government Cyber Action Plan: strengthening resilienc...

The Government Cyber Action Plan: strengthening resilience across the UK. With GCAP, th... The Government Cyber Action Plan: strengthening resilienc...

Cyber deception trials: what we’ve learned so far. An upd...

Cyber deception trials: what we’ve learned so far. An update on the NCSC's trials to te... Cyber deception trials: what we’ve learned so far. An upd...

Prompt injection is not SQL injection (it may be worse). ...

Prompt injection is not SQL injection (it may be worse). There are crucial differences ... Prompt injection is not SQL injection (it may be worse). ...

Provisioning and managing certificates in the Web PKI. Ho...

Provisioning and managing certificates in the Web PKI. How service owners should secure... Provisioning and managing certificates in the Web PKI. Ho...

Updating our guidance on security certificates, TLS and I...

Updating our guidance on security certificates, TLS and IPsec. The NCSC has updated 3 k... Updating our guidance on security certificates, TLS and I...

Building trust in the digital age: a collaborative approa...

Building trust in the digital age: a collaborative approach to content provenance techn... Building trust in the digital age: a collaborative approa...

What makes a responsible cyber actor: introducing the Pal...

What makes a responsible cyber actor: introducing the Pall Mall industry consultation o... What makes a responsible cyber actor: introducing the Pal...

Historical Trends

A problem shared is . . . in the research problem book. Introducing the new NCSC research problem book and find out how you can get involved.

A problem shared is . . . in the research problem book. Introducing the new NCSC resear... A problem shared is . . . in the research problem book. I...

NCSC Feed

Vulnerability scanning tools and services. Advice on the choice, implementation and use of automated vulnerability scanning tools for organisations of all sizes.

Vulnerability scanning tools and services. Advice on the choice, implementation and use... Vulnerability scanning tools and services. Advice on the ...

NCSC Feed

ChatGPT and large language models: what's the risk?. Do loose prompts* sink ships? Exploring the cyber security issues of ChatGPT and LLMs.

ChatGPT and large language models: what's the risk?. Do loose prompts* sink ships? Expl... ChatGPT and large language models: what's the risk?. Do l...

NCSC Feed

How CyberFish's founder got hooked on Cheltenham. Berta Pappenheim, CEO and co-founder of CyberFish, explains how the NCSC For Startups programme has transformed her professional and personal life.

How CyberFish's founder got hooked on Cheltenham. Berta Pappenheim, CEO and co-founder ... How CyberFish's founder got hooked on Cheltenham. Berta P...

NCSC Feed

Tackling the 'human factor' to transform cyber security behaviours. ThinkCyber's CEO Tim Ward reflects on the challenges that startups face when developing innovative products.

Tackling the 'human factor' to transform cyber security behaviours. ThinkCyber's CEO Ti... Tackling the 'human factor' to transform cyber security b...

NCSC Feed

Spotlight on shadow IT. New guidance to help organisations manage rogue devices and services within the enterprise.

Spotlight on shadow IT. New guidance to help organisations manage rogue devices and ser... Spotlight on shadow IT. New guidance to help organisation...

NCSC Feed

ACD - The Sixth Year. Key findings and full report from the 6th year of the Active Cyber Defence (ACD) programme.

ACD - The Sixth Year. Key findings and full report from the 6th year of the Active Cybe... ACD - The Sixth Year. Key findings and full report from t...

NCSC Feed

To SOC or not to SOC ?. For environments that are secure by design, a 'full-fat SOC' is not always required.

To SOC or not to SOC ?. For environments that are secure by design, a 'full-fat SOC' is... To SOC or not to SOC ?. For environments that are secure ...

NCSC Feed

Active Cyber Defence: Sixth annual report now available. New ACD services developed to help protect SMEs from the harms caused by cyber attacks.

Active Cyber Defence: Sixth annual report now available. New ACD services developed to ... Active Cyber Defence: Sixth annual report now available. ...

NCSC Feed

New techniques added to the NCSC’s ‘risk management toolbox’. Refreshed guidance published to help practitioners manage cyber risk.

New techniques added to the NCSC’s ‘risk management toolbox’. Refreshed guidance publis... New techniques added to the NCSC’s ‘risk management toolb...

NCSC Feed

Cyber Threat Report: UK Legal Sector. An updated report from the NCSC explaining how UK law firms - of all sizes - can protect themselves from common cyber threats.

Cyber Threat Report: UK Legal Sector. An updated report from the NCSC explaining how UK... Cyber Threat Report: UK Legal Sector. An updated report f...

NCSC Feed

Protecting how you administer cloud services. New advice on implementing high-risk and ‘break-glass’ accesses in cloud services.

Protecting how you administer cloud services. New advice on implementing high-risk and ... Protecting how you administer cloud services. New advice ...

NCSC Feed

Early Warning is joining MyNCSC. Early Warning, one of the NCSC’s flagship ACD services, will be soon be migrated to the MyNCSC platform. Here we explain the background and what users can expect.

Early Warning is joining MyNCSC. Early Warning, one of the NCSC’s flagship ACD services... Early Warning is joining MyNCSC. Early Warning, one of th...

NCSC Feed

Leveraging NCSC’s national insight to strengthen the fight against mobile threats. Traced Mobile Security co-founder Benedict Jones describes how 'NCSC for Startups' helped evolve his business.

Leveraging NCSC’s national insight to strengthen the fight against mobile threats. Trac... Leveraging NCSC’s national insight to strengthen the figh...

NCSC Feed

Why more transparency around cyber attacks is a good thing for everyone.

Why more transparency around cyber attacks is a good thing for everyone. Why more transparency around cyber attacks is a good thin...

NCSC Feed

Introducing Cyber Advisors. Launching a new Industry Assurance scheme aimed at helping the UK’s small organisations.

Introducing Cyber Advisors. Launching a new Industry Assurance scheme aimed at helping ... Introducing Cyber Advisors. Launching a new Industry Assu...

NCSC Feed

Protect your management interfaces. Why it's important to protect the interfaces used to manage your infrastructure, and some recommendations on how you might do this.

Protect your management interfaces. Why it's important to protect the interfaces used t... Protect your management interfaces. Why it's important to...

NCSC Feed

Zero trust migration: How will I know if I can remove my VPN?. In our third blog about migrating to a zero trust architecture, we consider the security properties of an Always On VPN, and the factors to consider when deciding if you no longer need one.

Zero trust migration: How will I know if I can remove my VPN?. In our third blog about ... Zero trust migration: How will I know if I can remove my ...

NCSC Feed

NCSC for Startups: an ecosystem-based approach to cyber security. Andrew Roughan, CEO of the NCSC’s innovation partner Plexal, explains why a whole-of-society approach is vital for cyber security innovation.

NCSC for Startups: an ecosystem-based approach to cyber security. Andrew Roughan, CEO o... NCSC for Startups: an ecosystem-based approach to cyber s...

NCSC Feed

Using MSPs to administer your cloud services. Andrew A explains what you must check before giving Managed Service Providers (MSPs) the keys to your kingdom.

Using MSPs to administer your cloud services. Andrew A explains what you must check bef... Using MSPs to administer your cloud services. Andrew A ex...

NCSC Feed

How the NCSC thinks about security architecture. Richard C explains how an understanding of vulnerabilities - and their exploitation - informs how the NCSC assesses the security of computer systems.

How the NCSC thinks about security architecture. Richard C explains how an understandin... How the NCSC thinks about security architecture. Richard ...

NCSC Feed

Principles and how they can help us with assurance. Explaining the forthcoming NCSC Technology Assurance Principles.

Principles and how they can help us with assurance. Explaining the forthcoming NCSC Tec... Principles and how they can help us with assurance. Expla...

NCSC Feed

NCSC For Startups: Vistalworks cracking down on illicit trade. Vicky Brock of Vistalworks describes how the 'NCSC For Startups' programme has helped her organisation develop solutions to tackle illicit online trade.

NCSC For Startups: Vistalworks cracking down on illicit trade. Vicky Brock of Vistalwor... NCSC For Startups: Vistalworks cracking down on illicit t...

NCSC Feed

NCSC for Startups: the case for collaboration. Saj Huq of Plexal explains why collaboration with the NCSC brings opportunities to the cyber security sector.

NCSC for Startups: the case for collaboration. Saj Huq of Plexal explains why collabora... NCSC for Startups: the case for collaboration. Saj Huq of...

NCSC Feed

"Winning trust, and making powerful connections". Chris Wallis, CEO of Intruder, explains how completing the NCSC's Startup Programme was a turning point for his organisation.

"Winning trust, and making powerful connections". Chris Wallis, CEO of Intruder, explai... "Winning trust, and making powerful connections". Chris W...

NCSC Feed

Protect your customers to protect your brand. New guidance to protect your brand from b... Protect your customers to protect your brand. New guidanc...

NCSC Feed

Takedown: removing malicious content to protect your brand. How to protect your brand f... Takedown: removing malicious content to protect your bran...

NCSC Feed

The security benefits of modern collaboration in the cloud. By exploiting cloud services, organisations no longer have to choose between ‘more security’ and ‘better usability’.

The security benefits of modern collaboration in the cloud. By exploiting cloud service... The security benefits of modern collaboration in the clou...

NCSC Feed

The problems with forcing regular password expiry. Why the NCSC decided to advise against this long-established security guideline.

The problems with forcing regular password expiry. Why the NCSC decided to advise again... The problems with forcing regular password expiry. Why th...

NCSC Feed

Log4j vulnerability: what should boards be asking?. Advice for board members of medium to large organisations that are at risk from the Apache Log4j vulnerability.

Log4j vulnerability: what should boards be asking?. Advice for board members of medium ... Log4j vulnerability: what should boards be asking?. Advic...

NCSC Feed

The rise of ransomware. Toby L, Technical Lead for Incident Management, explains how modern-day ransomware attacks are evolving.

The rise of ransomware. Toby L, Technical Lead for Incident Management, explains how mo... The rise of ransomware. Toby L, Technical Lead for Incide...

NCSC Feed

How Rebellion Defence used NCSC For Startups to accelerate product development. Unparalleled access to skilled users transformed Rebellion Defence’s product roadmap.

How Rebellion Defence used NCSC For Startups to accelerate product development. Unparal... How Rebellion Defence used NCSC For Startups to accelerat...

NCSC Feed

TLS 1.3: better for individuals - harder for enterprises. The NCSC's technical director outlines the challenges that TLS 1.3 presents for enterprise security.

TLS 1.3: better for individuals - harder for enterprises. The NCSC's technical director... TLS 1.3: better for individuals - harder for enterprises....

NCSC Feed

'WannaCry' ransomware: guidance updates. Jon L provides an update on the NCSC's guidance on the 'WannaCry' ransomware.

'WannaCry' ransomware: guidance updates. Jon L provides an update on the NCSC's guidanc... 'WannaCry' ransomware: guidance updates. Jon L provides a...

NCSC Feed

Spray you, spray me: defending against password spraying attacks. Andy P summarises how organisations can protect users' accounts from password spraying.

Spray you, spray me: defending against password spraying attacks. Andy P summarises how... Spray you, spray me: defending against password spraying ...

NCSC Feed

Cyber security for schools. New NCSC training package to help schools improve their cyber security.

Cyber security for schools. New NCSC training package to help schools improve their cyb... Cyber security for schools. New NCSC training package to ...

NCSC Feed

Bring Your Own Device: How to do it well. Updated NCSC guidance on enabling your staff to use their own devices for work.

Bring Your Own Device: How to do it well. Updated NCSC guidance on enabling your staff ... Bring Your Own Device: How to do it well. Updated NCSC gu...

NCSC Feed

CNI system design: Secure Remote Access. A Critical National Infrastructure (CNI)-specific look at NCSC guidance on remote access architecture design.

CNI system design: Secure Remote Access. A Critical National Infrastructure (CNI)-speci... CNI system design: Secure Remote Access. A Critical Natio...

NCSC Feed

Using secure messaging, voice and collaboration apps. What organisations should think about before choosing apps for secure communications and collaboration.

Using secure messaging, voice and collaboration apps. What organisations should think a... Using secure messaging, voice and collaboration apps. Wha...

NCSC Feed

NCSC For Startups: the feedback loop. How startups can make the most of their time when pitching to cyber security experts.

NCSC For Startups: the feedback loop. How startups can make the most of their time when... NCSC For Startups: the feedback loop. How startups can ma...

NCSC Feed

ACD - The Fifth Year. Key findings from the 5th year of the Active Cyber Defence (ACD) programme.

ACD - The Fifth Year. Key findings from the 5th year of the Active Cyber Defence (ACD) ... ACD - The Fifth Year. Key findings from the 5th year of t...

NCSC Feed

Mythbusting cloud key management services. Why trying to avoid trusting the KMS doesn't make sense (and other common misconceptions).

Mythbusting cloud key management services. Why trying to avoid trusting the KMS doesn't... Mythbusting cloud key management services. Why trying to ...

NCSC Feed

Relaunching the NCSC's Cloud security guidance collection. Andrew A explains what's new in a significant update to the NCSC's flagship cloud guidance.

Relaunching the NCSC's Cloud security guidance collection. Andrew A explains what's new... Relaunching the NCSC's Cloud security guidance collection...

NCSC Feed

Threat report on application stores. This report outlines the risks associated with the use of official and third party app stores.

Threat report on application stores. This report outlines the risks associated with the... Threat report on application stores. This report outlines...

NCSC Feed

Malware analysis report on SparrowDoor malware. A technical analysis of a new variant of the SparrowDoor malware.

Malware analysis report on SparrowDoor malware. A technical analysis of a new variant o... Malware analysis report on SparrowDoor malware. A technic...

NCSC Feed

Vendor Security Assessment. Assessing the security of network equipment.

Vendor Security Assessment. Assessing the security of network equipment. Vendor Security Assessment. Assessing the security of net...

NCSC Feed

The Cyber Assessment Framework 3.1. Latest version of the CAF focusses on clarification and consistency between areas of the CAF.

The Cyber Assessment Framework 3.1. Latest version of the CAF focusses on clarification... The Cyber Assessment Framework 3.1. Latest version of the...

NCSC Feed

Motivating developers to write secure code. The 'Motivating Jenny' project is helping to change the conversation about security in software development.

Motivating developers to write secure code. The 'Motivating Jenny' project is helping t... Motivating developers to write secure code. The 'Motivati...

NCSC Feed

Common Cyber Attacks: Reducing the Impact. This white paper explains how basic security controls can protect organisations from the most common cyber attacks.

Common Cyber Attacks: Reducing the Impact. This white paper explains how basic security... Common Cyber Attacks: Reducing the Impact. This white pap...

NCSC Feed

Using IPsec to protect data. Guidance for organisations wishing to deploy products that use IPsec.

Using IPsec to protect data. Guidance for organisations wishing to deploy products that... Using IPsec to protect data. Guidance for organisations w...

NCSC Feed