Filings tagged: Security

The NPSA gives away a complete, professionally designed security awareness campaign kit. Posters, booklets, checklists, and a full starter guide. Most organisations don't know it exists.

CVE-2026-2441 is actively being exploited in the wild. A use-after-free bug in CSS handling means a crafted webpage is all it takes. Push the update now.

Schneier and co have reframed prompt injection as 'promptware' — a full 7-stage kill chain. The uncomfortable truth: LLMs can't distinguish instructions from data. This isn't a bug you can patch.

Containment over correctness, reversibility over impact, protecting state before touching services. What your first five minutes should actually look like.

Notepad++ had its update service hijacked by state-sponsored attackers. Windows Notepad got a CVSS 8.8 command injection. Two editors, two attack vectors, same lesson.

Global Telnet scanning dropped overnight in January 2026. Days later, a critical telnetd authentication bypass was disclosed. The protocol is old. The lesson is current.

A plain-English walkthrough of the five Cyber Essentials controls, what the assessment looks like, and what it does and doesn't prove about your security.