News
Page updated: 22 April 2025
This page consists of a “One Stop” for freely available information to help in your threat and vulnerability management tasks.
NCSC: Threat Reports
- A method to assess 'forgivable' vs 'unforgivable' vulnerabilities
- The near-term impact of AI on the cyber threat
- The near-term impact of AI on the cyber threat
- Cyber Threat Report: UK Legal Sector
- The threat from commercial cyber proliferation
- ACD - The Sixth Year
- Threat Report 24th March 2023
- Threat Report 10th March 2023
- Threat Report 24th February 2023
- Threat Report 10th February 2023
- Threat Report 27th January 2023
- Threat Report 13th January 2023
- Threat Report 22nd December 2022
- Threat Report 9th December 2022
- Threat Report 25th November 2022
Tenable: Cyber Exposure Alerts
- CVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability
- Frequently Asked Questions About the MITRE CVE Program Expiration and Renewal
- Oracle April 2025 Critical Patch Update Addresses 171 CVEs
- MITRE CVE Program Funding Set To Expire
- Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)
- CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
- DeepSeek Deep Dive Part 1: Creating Malware, Including Keyloggers and Ransomware
- Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993)
- CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
- Frequently Asked Questions About DeepSeek Large Language Model (LLM)
- Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
- CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Reportedly Exploited
- Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor
- Oracle January 2025 Critical Patch Update Addresses 186 CVEs
- CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild
CISA: Cyber Threat Intelligence
- Fast Flux: A National Security Threat
- #StopRansomware: Medusa Ransomware
- #StopRansomware: Ghost (Cring) Ransomware
- Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
- 2023 Top Routinely Exploited Vulnerabilities
- Microsoft Releases October 2024 Security Updates
- Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
- CISA Adds One Known Exploited Vulnerability to Catalog
- Russian Military Cyber Actors Target US and Global Critical Infrastructure
- #StopRansomware: RansomHub Ransomware
- Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
- Best Practices for Event Logging and Threat Detection
- CISA Adds Six Known Exploited Vulnerabilities to Catalog
- North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
- CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Our Services that can directly help, benefit, your organisation with mitigating the issues presented above
Cyber Risk Management
