News
Page updated: 2 December 2025
This page consists of a “One Stop” for freely available information to help in your threat and vulnerability management tasks.
NCSC: Threat Reports
- Impact of AI on cyber threat from now to 2027
- A method to assess 'forgivable' vs 'unforgivable' vulnerabilities
- The near-term impact of AI on the cyber threat
- The near-term impact of AI on the cyber threat
- Cyber Threat Report: UK Legal Sector
- The threat from commercial cyber proliferation
- ACD - The Sixth Year
- Threat Report 24th March 2023
- Threat Report 10th March 2023
- Threat Report 24th February 2023
- Threat Report 10th February 2023
- Threat Report 27th January 2023
- Threat Report 13th January 2023
- Threat Report 22nd December 2022
- Threat Report 9th December 2022
Tenable: Cyber Exposure Alerts
- FAQ About Sha1-Hulud 2.0: The "Second Coming" of the npm Supply-Chain Campaign
- CVE-2025-64446: Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild
- Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)
- Oracle October 2025 Critical Patch Update Addresses 170 CVEs
- F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now
- Frequently Asked Questions About The August 2025 F5 Security Incident
- Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)
- CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities
- CVE-2025-20333, CVE-2025-20362: Frequently Asked Questions About Zero-Day Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) Vulnerabilities
- Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)
- Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks
- CVE-2025-7775: Citrix NetScaler ADC and NetScaler Gateway Zero-Day Remote Code Execution Vulnerability Exploited in the Wild
- CVE-2025-25256: Proof of Concept Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
- Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)
- CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability
CISA: Cyber Threat Intelligence
- CISA Shares Lessons Learned from an Incident Response Engagement
- CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization
- #StopRansomware: Interlock
- Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider
- Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations
- Russian GRU Targeting Western Logistics Entities and Technology Companies
- Fast Flux: A National Security Threat
- #StopRansomware: Medusa Ransomware
- #StopRansomware: Ghost (Cring) Ransomware
- Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
- 2023 Top Routinely Exploited Vulnerabilities
- Microsoft Releases October 2024 Security Updates
- Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
- CISA Adds One Known Exploited Vulnerability to Catalog
- Russian Military Cyber Actors Target US and Global Critical Infrastructure
Our Services that can directly help, benefit, your organisation with mitigating the issues presented above
Cyber Risk Management
