UK National Cyber Security Centre.
- Improving your response to vulnerability management
on February 9, 2026 at 8:24 pmHow to ensure the ‘organisational memory’ of past vulnerabilities is not lost.
- Can you help the NCSC with the next phase of EASM research?on February 6, 2026 at 10:44 am
Organisations with experience in external attack surface management can help us shape future ACD 2.0 services.
- Eradicating trivial vulnerabilities, at scaleon February 6, 2026 at 8:11 am
A new NCSC research paper aims to reduce the presence of ‘unforgivable’ vulnerabilities.
- Thanking the vulnerability research community with NCSC Challenge Coinson February 6, 2026 at 8:11 am
Reflecting on the positive impact of the Vulnerability Reporting Service – and introducing something new for selected contributors.
- Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle?on February 2, 2026 at 4:24 pm
CSPM tools are big business. Could they be the answer to your cloud configuration problems?
- One small step for Cyber Resilience Test Facilities, one giant leap for technology assuranceon January 29, 2026 at 1:08 pm
CRTFs are helping organisations to make informed, risk-based decisions on the adoption of technology products.
- Designing safer links: secure connectivity for operational technologyon January 14, 2026 at 10:36 am
New principles help organisations to design, review, and secure connectivity to (and within) OT systems.
- The Government Cyber Action Plan: strengthening resilience across the UKon January 7, 2026 at 1:16 pm
With GCAP, the UK government is taking decisive steps towards a safer, more resilient future.
- Drawing good architecture diagramson December 16, 2025 at 8:57 am
Some tips on good diagram drafting and pitfalls to avoid when trying to understand a system in order to secure it.
- Cyber deception trials: what we’ve learned so faron December 15, 2025 at 8:17 am
An update on the NCSC’s trials to test the real-world efficacy of cyber deception solutions.
- Prompt injection is not SQL injection (it may be worse)on December 8, 2025 at 1:02 pm
There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.
- Updating our guidance on security certificates, TLS and IPsecon December 8, 2025 at 8:04 am
The NCSC has updated 3 key pieces of cryptographic guidance. Here, we explain the changes.
- Building trust in the digital age: a collaborative approach to content provenance technologieson December 3, 2025 at 9:02 am
Joint NCSC and Canadian Centre for Cyber Security primer helps organisations understand emerging technologies that can help maintain trust in their public-facing information.
- What makes a responsible cyber actor: introducing the Pall Mall industry consultation on good practiceon December 2, 2025 at 9:30 am
Calling vulnerability researchers, exploit developers and others in the offensive cyber industry to share their views.
- It’s time for all small businesses to acton November 27, 2025 at 4:17 pm
The NCSC’s Cyber Action Toolkit helps you to protect your business from online attacks.
- NCSC handing over the baton of smart meter security: a decade of progresson November 27, 2025 at 8:54 am
Why transferring the Commercial Product Assurance scheme to industry ownership marks an important milestone.
- Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectorson November 11, 2025 at 4:36 pm
New proposals will combat the growing threat to UK critical national infrastructure (CNI).
- Cyber Action Toolkit: breaking down the barriers to resilienceon November 11, 2025 at 7:59 am
How the NCSC’s ‘Cyber Action Toolkit’ is helping small businesses to improve their cyber security.
- NCSC to retire Web Check and Mail Checkon November 5, 2025 at 11:30 am
By 31 March 2026, organisations should have alternatives to Mail Check and Web Check in place.
- EASM buyer’s guide now availableon October 28, 2025 at 2:10 pm
How to choose an external attack surface management (EASM) tool that’s right for your organisation.
