Active UK Advisories
Preparing for a ‘vulnerability patch wave’
Read NCSC Advisory →Could your choice of metrics be harming your SOC?
Read NCSC Advisory →Passkeys are more secure than traditional ways to log in
Read NCSC Advisory →Executive Summary: Defending against China-nexus covert networks of compromised devices
Read NCSC Advisory →Supporting AI adoption for UK cyber defence
Read NCSC Advisory →Defending against China-nexus covert networks of compromised devices
Read NCSC Advisory →Known Exploited Vulnerabilities — Active in the Wild
BerriAI LiteLLM Vulnerability
BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorised access to the proxy and the credentials it manages.
View CISA Advisory → CVE-2026-6973 — Ivanti | Endpoint Manager Mobile (EPMM)Ivanti Endpoint Manager Mobile (EPMM) Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.
View CISA Advisory → CVE-2026-0300 — Palo Alto Networks | PAN-OSPalo Alto Networks PAN-OS Vulnerability
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
View CISA Advisory → CVE-2026-31431 — Linux | KernelLinux Kernel Vulnerability
Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
View CISA Advisory → CVE-2026-41940 — WebPros | cPanel & WHM and WP2 (WordPress Squared)WebPros cPanel & WHM and WP2 (WordPress Squared) Vulnerability
WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
View CISA Advisory → CVE-2024-1708 — ConnectWise | ScreenConnectConnectWise ScreenConnect Vulnerability
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.
View CISA Advisory →Financial Fraud Warnings & Action Fraud Alerts
Convicted money launderer sentenced to extra prison time
A convicted money launderer has been sentenced to an additional 499 daysin prison for failing to fully pay the money owed under a Confiscation Order. In 2021,RichardFaithfull,now36,wassentenced to5 years and 10 monthsin...
Read FCA Warning →Three arrested in FCA investigation into suspected unlawful financial promotions
Three people have been arrested as part of a crackdown on suspected illegal financial promotions. Two homes in the Chelmsford and Romford areas were searched, as part of an operation led by the FCA and the Eastern Regio...
Read FCA Warning →A reform-minded regulator
Speech by Nikhil Rathi, FCA chief executive, at the Association of Foreign Banks (AFB) luncheon. When I saw that a boxing ring had been temporarily installed in this room last autumn, I wasn’t quite sure whether it was...
Read FCA Warning →FCA charges Shaun Lawrence for unauthorised mortgage broking
The FCA has charged Shaun Lawrence for operating as a mortgage broker without authorisation. Mr Lawrence, who also goes by the names Shaun Lawrence-Bright and Shaun Bright, was previously authorised to give mortgage adv...
Read FCA Warning →LCM Family Limited enters administration
On 28 April 2026, LCM Family Limited (LCM) went into administration. Louise Longley and Gary Shankland of BTG Begbies Traynor (Central) LLP were appointed as joint administrators of the firm. The joint administrators ar...
Read FCA Warning →ICO Enforcement Notices & Data Protection Penalties
ICO Enforcement Notices & Monetary Penalties
The ICO regularly issues fines and enforcement notices for data protection breaches under UK GDPR. View the full register of actions below.
View ICO Enforcement Register →Is Your Business Exposed?
Many of these vulnerabilities affect software used by UK SMEs every day. A GET-IT threat intelligence scan will tell you exactly where your perimeter stands.
Book a Resilience Scan →Intelligence sourced from NCSC UK, the CISA Known Exploited Vulnerabilities Catalog, the FCA ScamSmart programme, and the ICO Enforcement register. This page is updated automatically every 12 hours. For the most current advisories visit the source links directly. GET-IT Cyber Division curates this content for UK SME relevance but is not responsible for the accuracy of third-party source data.