News
Page updated: 18 January 2026
This page consists of a “One Stop” for freely available information to help in your threat and vulnerability management tasks.
NCSC: Threat Reports
- Impact of AI on cyber threat from now to 2027
- A method to assess 'forgivable' vs 'unforgivable' vulnerabilities
- The near-term impact of AI on the cyber threat
- The near-term impact of AI on the cyber threat
- Cyber Threat Report: UK Legal Sector
- The threat from commercial cyber proliferation
- ACD - The Sixth Year
- Threat Report 24th March 2023
- Threat Report 10th March 2023
- Threat Report 24th February 2023
- Threat Report 10th February 2023
- Threat Report 27th January 2023
- Threat Report 13th January 2023
- Threat Report 22nd December 2022
- Threat Report 9th December 2022
Tenable: Cyber Exposure Alerts
- CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
- Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)
- CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild
- CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited
- Microsoft Patch Tuesday 2025 Year in Review
- Microsoft’s December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221)
- CVE-2025-55182: Frequently Asked Questions About React2Shell: React Server Components Remote Code Execution Vulnerability
- FAQ About Sha1-Hulud 2.0: The "Second Coming" of the npm Supply-Chain Campaign
- CVE-2025-64446: Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild
- Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)
- Oracle October 2025 Critical Patch Update Addresses 170 CVEs
- F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now
- Frequently Asked Questions About The August 2025 F5 Security Incident
- Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)
- CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities
CISA: Cyber Threat Intelligence
- Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
- CISA Shares Lessons Learned from an Incident Response Engagement
- CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization
- #StopRansomware: Interlock
- Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider
- Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations
- Russian GRU Targeting Western Logistics Entities and Technology Companies
- Fast Flux: A National Security Threat
- #StopRansomware: Medusa Ransomware
- #StopRansomware: Ghost (Cring) Ransomware
- Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
- 2023 Top Routinely Exploited Vulnerabilities
- Microsoft Releases October 2024 Security Updates
- Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
- CISA Adds One Known Exploited Vulnerability to Catalog
Our Services that can directly help, benefit, your organisation with mitigating the issues presented above
Cyber Risk Management
