Analysis & Commentary
-
19 MAY 2026
FCA, Bank of England and Treasury Issue Joint Warning on Frontier AI Cyber Risk | GET-IT Cyber DivisionThe FCA, Bank of England, and Treasury have jointly warned regulated firms that frontier AI is amplifying cyber threats at speed and scale. UK audit data published in March showed the gap they're now pointing at.
-
15 MAY 2026
The Compliance Tailwind: King's Speech & the UK Cyber Resilience Bill | GET-ITThe Cyber Security and Resilience Bill gives CISOs their clearest board argument in years. GET-IT's audit of 2,011 UK domains shows the exposure reality.
Active UK Advisories
Building more resilient CNI: what industry pen testers told us
Read NCSC Advisory →The AI shift in cyber risk: why leaders must act now
Read NCSC Advisory →The 'vibe coding spectrum' approach to AI-assisted software development
Read NCSC Advisory →Alert: NCSC issues advice following global targeting of Fortinet firewalls and VPN gateways
Read NCSC Advisory →NCSC CEO: Hostile states linked to three-quarters of cyber attacks affecting UK's critical systems
Read NCSC Advisory →Software supply chain attacks: check your dependencies
Read NCSC Advisory →Known Exploited Vulnerabilities — Active in the Wild
Microsoft SharePoint Server Vulnerability
Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.
View CISA Advisory → CVE-2026-48558 — SimpleHelp | SimpleHelpSimpleHelp SimpleHelp Vulnerability
SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.
View CISA Advisory → CVE-2026-12569 — PTC | Windchill and FlexPLMPTC Windchill and FlexPLM Vulnerability
PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.
View CISA Advisory → CVE-2026-20230 — Cisco | Unified Communications ManagerCisco Unified Communications Manager Vulnerability
Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.
View CISA Advisory → CVE-2025-67038 — Lantronix | EDS5000Lantronix EDS5000 Vulnerability
Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.
View CISA Advisory → CVE-2026-34910 — Ubiquiti | UniFi OSUbiquiti UniFi OS Vulnerability
Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.
View CISA Advisory →Financial Fraud Warnings & Action Fraud Alerts
ICO Enforcement Notices & Data Protection Penalties
ICO Enforcement Notices & Monetary Penalties
The ICO regularly issues fines and enforcement notices for data protection breaches under UK GDPR. View the full register of actions below.
View ICO Enforcement Register →Is Your Business Exposed?
Many of these vulnerabilities affect software used by UK SMEs every day. A GET-IT threat intelligence scan will tell you exactly where your perimeter stands.
Book a Resilience Scan →Intelligence sourced from NCSC UK, the CISA Known Exploited Vulnerabilities Catalog, the FCA ScamSmart programme, and the ICO Enforcement register. This page is updated automatically every 12 hours. For the most current advisories visit the source links directly. GET-IT Cyber Division curates this content for UK SME relevance but is not responsible for the accuracy of third-party source data.