■ NCSC UK ■ CISA KEV ■ FCA ScamSmart ■ ICO Enforcement ■ GET-IT Intelligence

Threat Advisory

Active vulnerability alerts, financial fraud warnings, and data protection enforcement notices for UK businesses — plus analysis and commentary from GET-IT. Curated from NCSC, CISA, FCA ScamSmart, ICO intelligence feeds, and our own research.

[ LAST UPDATED: 03 July 2026 at 22:26 UTC ]
█ New — MITRE-Lite Weekly

Our plain-English translation of the MITRE ATT&CK framework — who is targeting UK businesses this week, how they operate, and what to do about it. Updated every Monday.

Business Owner Edition → Technical Edition →

Analysis & Commentary

All GET-IT analysis & news →

Active UK Advisories

Why this matters to your business: The NCSC issues alerts when vulnerabilities are being actively exploited against UK organisations. If you use any of the affected products below, patching should be treated as urgent.
NCSC WED, 01 JUL 2026

Building more resilient CNI: what industry pen testers told us

Read NCSC Advisory →
NCSC MON, 22 JUN 2026

The AI shift in cyber risk: why leaders must act now

Read NCSC Advisory →
NCSC THU, 18 JUN 2026

The 'vibe coding spectrum' approach to AI-assisted software development

Read NCSC Advisory →
NCSC THU, 18 JUN 2026

Alert: NCSC issues advice following global targeting of Fortinet firewalls and VPN gateways

Read NCSC Advisory →
NCSC WED, 17 JUN 2026

NCSC CEO: Hostile states linked to three-quarters of cyber attacks affecting UK's critical systems

Read NCSC Advisory →
NCSC THU, 04 JUN 2026

Software supply chain attacks: check your dependencies

Read NCSC Advisory →

Known Exploited Vulnerabilities — Active in the Wild

What is the CISA KEV Catalog? The US Cybersecurity and Infrastructure Security Agency maintains a list of vulnerabilities with confirmed evidence of active exploitation globally. These are not theoretical risks — they are being used by attackers right now. Many affect common software used by UK SMEs.
CISA KEV CRITICAL 2026-07-01
CVE-2026-45659 — Microsoft | SharePoint Server

Microsoft SharePoint Server Vulnerability

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.

View CISA Advisory →
CISA KEV CRITICAL 2026-06-29
CVE-2026-48558 — SimpleHelp | SimpleHelp

SimpleHelp SimpleHelp Vulnerability

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.

View CISA Advisory →
CISA KEV CRITICAL 2026-06-25
CVE-2026-12569 — PTC | Windchill and FlexPLM

PTC Windchill and FlexPLM Vulnerability

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.

View CISA Advisory →
CISA KEV CRITICAL 2026-06-25
CVE-2026-20230 — Cisco | Unified Communications Manager

Cisco Unified Communications Manager Vulnerability

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.

View CISA Advisory →
CISA KEV CRITICAL 2026-06-23
CVE-2025-67038 — Lantronix | EDS5000

Lantronix EDS5000 Vulnerability

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

View CISA Advisory →
CISA KEV CRITICAL 2026-06-23
CVE-2026-34910 — Ubiquiti | UniFi OS

Ubiquiti UniFi OS Vulnerability

Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.

View CISA Advisory →

Financial Fraud Warnings & Action Fraud Alerts

Why this matters to your business: The FCA ScamSmart programme and Action Fraud publish warnings about unauthorised firms, clone investment scams, and financial services impersonation attacks targeting UK consumers and businesses. If your employees handle payments, invoices, or client funds, these alerts are directly relevant.
FCA ScamSmart FINANCIAL FRAUD THURSDAY, JUNE 2

CACEIS UK censured and to pay £31.7m to WealthTek clients for weak financial crime controls

CACEIS UK, an asset servicing bank, has been censured by the FCA and will make a £31.7m voluntary payment to WealthTek clients for failing to act on information that left clients exposed to the risk of financial crime....

Read FCA Warning →

ICO Enforcement Notices & Data Protection Penalties

What the ICO publishes: The Information Commissioner's Office issues enforcement notices, monetary penalty notices, and reprimands against organisations that have failed to protect personal data under UK GDPR. These cases set precedent for what the ICO expects — and what it will act on — for businesses of all sizes.
ICOENFORCEMENT

ICO Enforcement Notices & Monetary Penalties

The ICO regularly issues fines and enforcement notices for data protection breaches under UK GDPR. View the full register of actions below.

View ICO Enforcement Register →

Is Your Business Exposed?

Many of these vulnerabilities affect software used by UK SMEs every day. A GET-IT threat intelligence scan will tell you exactly where your perimeter stands.

Book a Resilience Scan →

Intelligence sourced from NCSC UK, the CISA Known Exploited Vulnerabilities Catalog, the FCA ScamSmart programme, and the ICO Enforcement register. This page is updated automatically every 12 hours. For the most current advisories visit the source links directly. GET-IT Cyber Division curates this content for UK SME relevance but is not responsible for the accuracy of third-party source data.