Using Artificial Intelligence to find vulnerabilities can bring added security considerations.

Organisations must act now to prepare for a wave of patches that will address decades of technical debt.

Poor metrics can render a well-intentioned security operation centre entirely ineffective.

Adopting AI will require time, the development of new capabilities and careful oversight. 

Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure, and how to defend against it

New advisory highlights how to defend against attacker tactics believed to be used by China-linked actors to hide malicious cyber activity.

Organisations should map and baseline their edge device traffic, especially VPN and remote access connections, and adopt dynamic threat feed filtering that includes known covert network indicators.

Passkeys are the more secure and user-friendly login method and should be the default authentication option for consumers.

Passkeys and other FIDO2 credentials offer a more usable, secure replacement for passwords and are already supported by most modern devices.

SilentGlass, a plug-and-play device, actively blocks any unexpected or malicious HDMI and Display Port connections.

As the technology landscape develops, the definition of cyber security is expanding with it.

Ensuring cross domain technologies are better understood – and more easily deployed – across sectors.

A call to action to collectively build UK resilience.

How the NCSC is reducing risk, improving detection, and helping to keep vital services running.

A step change in frontier AI models’ capabilities to find vulnerabilities in code can ultimately be a good thing for our cyber security.

New advisory warns cyber threat group APT28 have exploited vulnerable edge devices to support malicious operations.

Russian cyber actor APT28 exploit vulnerable routers to hijack DNS, enabling adversary‑in‑the‑middle attacks and theft of passwords and authentication tokens.

The NCSC has issued actions for individuals at risk of targeted attacks against messaging apps.

The NCSC is encouraging UK organisations to mitigate an unauthenticated remote code execution vulnerability affecting F5 BIG-IP Access Policy Manager.

Understanding the threats and staying ahead of the adversary

UK organisations encouraged to take immediate action to mitigate two recently disclosed vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway.

Dr Richard Horne delivered a keynote about cyber risks and opportunities at the RSA Conference in San Francisco

If ‘vibe coding’ disrupts the software market like SaaS did 20 years ago, what does this mean for cyber security?

CYBERUK will be delivered by the NCSC and sponsors across four distinct tracks of activity: Resilience, Technology, Threat, and Ecosystem.

In response to the evolving events in the Middle East, the NCSC is advising that UK organisations review their cyber security posture.

Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN.

Organisations with experience in external attack surface management can help us shape future ACD 2.0 services.

How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.

A new NCSC research paper aims to reduce the presence of ‘unforgivable’ vulnerabilities.

Reflecting on the positive impact of the Vulnerability Reporting Service – and introducing something new for selected contributors.

CSPM tools are big business. Could they be the answer to your cloud configuration problems?

CRTFs are helping organisations to make informed, risk-based decisions on the adoption of technology products.

As attackers’ tactics change, so must network defenders’.

Latest version of the CAF focusses on clarification and consistency between areas of the CAF.

Key talks from the UK government’s flagship cyber security event will be livestreamed from Birmingham’s ICC.

Cyber security considerations for organisations thinking about taking out cyber insurance.

New principles help organisations to design, review, and secure connectivity to (and within) OT systems.

A new initiative, aimed at 11 to 14-year-olds, that helps them navigate the risks of online life.

With GCAP, the UK government is taking decisive steps towards a safer, more resilient future.

How to make sure your organisation is prepared for home working.

Some tips on good diagram drafting and pitfalls to avoid when trying to understand a system in order to secure it.

The NCSC has updated 3 key pieces of cryptographic guidance. Here, we explain the changes.

Guidance for organisations wishing to deploy products that use IPsec.

How service owners should securely provision and manage certificates in the Web PKI.

Recommended profiles to securely configure TLS for the most common versions and scenarios, with additional guidance for managing older versions.

An architecture pattern for safely importing data into a system from an external source.

Technical report on best practice use of this fundamental data routing protocol.

Calling vulnerability researchers, exploit developers and others in the offensive cyber industry to share their views.

Zero trust architecture design principles 1.0 launched.

Advice in response to the increase in sextortion scams

Tips to help you purchase items safely and avoid fraudulent websites.

Advice for those concerned a device has been infected.

A step by step guide to recovering online accounts.

How to protect yourself from the impact of data breaches

Check that you’re talking to a genuine NCSC employee, and not a criminal.

Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.

There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.

Joint NCSC and Canadian Centre for Cyber Security primer helps organisations understand emerging technologies that can help maintain trust in their public-facing information.

Calling vulnerability researchers, exploit developers and others in the offensive cyber industry to share their views.

The NCSC’s Cyber Action Toolkit helps you to protect your business from online attacks.

Why transferring the Commercial Product Assurance scheme to industry ownership marks an important milestone.

An SME’s guide to selecting and working with managed service providers.

Chris P explains how AMS will enable high-threat organisations to stay connected ‘on the go’.

Vulnerability Scanning solutions offer a cost-effective way to discover and manage common security issues.

New proposals will combat the growing threat to UK critical national infrastructure (CNI).

By 31 March 2026, organisations should have alternatives to Mail Check and Web Check in place.

How organisations can improve their ability to both detect and discover cyber threats.

Calling cyber security professionals, culture specialists and leaders to drive uptake of new Cyber security culture principles.

New voluntary code of practice for technology providers defines a market baseline for cyber security.

A new NCSC paper discusses the suitability of emerging Advanced Cryptography techniques.

A new NCSC scheme assuring providers of CAF-based audits is now open for potential members.

Key talks from the UK government’s flagship cyber security event will be livestreamed from Birmingham’s ICC.

Tips to help you secure and reduce interactive access to your cloud infrastructure.

The NCSC co-signs Ministerial letter to major British businesses including FTSE 350 companies.

…or ‘Why do people leave sensitive data in unprotected AWS S3 buckets?’

Security questions to ask your IT service providers when considering a digital transition

How organisations can improve their ability to both detect and discover cyber threats.

How to defend your organisation from email phishing attacks.

How organisations can avoid staff burnout during an extended period of heightened cyber threat.

The NCSC’s contribution to the Internet Engineering Task Force will help to make the internet more secure.

Guidance for staff responsible for managing a cyber incident response within their organisation.

If you can’t see your entire operational technology environment, you can’t defend it. New guidance from the NCSC will help you gain that visibility.

How to protect sensitive information about your setting and the children in your care from accidental damage and online criminals.

As attackers’ tactics change, so must network defenders’.

The NCSC’s CEO, Richard Horne on the new cyber governance resources giving Boards the tools they need to govern cyber security risks.

Why the key milestones for PQC migration are part of building and maintaining good cyber security practice.

If you don’t have the inhouse expertise to keep your organisation cyber secure, the NCSC offers services and tools to help organisations guard against commodity threats.

Discover the Research Institute in Trustworthy Inter-connected Cyber-physical Systems.

Cyber Advisor scheme for small organisations welcomes its 100th advisor, but more still needed!

How to choose an external attack surface management (EASM) tool that’s right for your organisation.

A guide to choosing the right EASM product for your organisation, and the security features you need to consider.

How to erase the personal data from your phone, tablets, and other devices (and why it’s important when you’re buying and selling them).

Why planning and rehearsing your recovery from an incident is as vital as building your defences

Why sharing lessons learned from cyber security incidents and ‘near misses’ will help everyone to improve

NCSC Technical Director Dr Ian Levy explains how the security analysis behind the DCMS supply chain review will ensure the UK’s telecoms networks are secure – regardless of the vendors used.

How operators of critical national infrastructure (CNI) can use NCSC guidance and blogs to secure their internet-facing services.

We publish the results of our ACD 2.0 external attack surface management (EASM) trials

Sara Ward, the CEO of Black Country Women’s Aid, discusses her organisation’s experience of gaining Cyber Essentials Plus certification.

Exploring how far cyber security approaches can help mitigate risks in generative AI systems