Analysis & Commentary
-
19 MAY 2026
FCA, Bank of England and Treasury Issue Joint Warning on Frontier AI Cyber Risk | GET-IT Cyber DivisionThe FCA, Bank of England, and Treasury have jointly warned regulated firms that frontier AI is amplifying cyber threats at speed and scale. UK audit data published in March showed the gap they're now pointing at.
-
15 MAY 2026
The Compliance Tailwind: King's Speech & the UK Cyber Resilience Bill | GET-ITThe Cyber Security and Resilience Bill gives CISOs their clearest board argument in years. GET-IT's audit of 2,011 UK domains shows the exposure reality.
Active UK Advisories
Alert: NCSC issues advice following global targeting of Fortinet firewalls and VPN gateways
Read NCSC Advisory →The 'vibe coding spectrum' approach to AI-assisted software development
Read NCSC Advisory →NCSC CEO: Hostile states linked to three-quarters of cyber attacks affecting UK's critical systems
Read NCSC Advisory →Software supply chain attacks: check your dependencies
Read NCSC Advisory →Designing secure access with ZTNA
Read NCSC Advisory →Thinking carefully before adopting agentic AI
Read NCSC Advisory →Known Exploited Vulnerabilities — Active in the Wild
Splunk Enterprise Vulnerability
Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.
View CISA Advisory → CVE-2026-48907 — Widget Factory | Joomla Content EditorWidget Factory Joomla Content Editor Vulnerability
Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.
View CISA Advisory → CVE-2026-54420 — LiteSpeed | cPanel PluginLiteSpeed cPanel Plugin Vulnerability
LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
View CISA Advisory → CVE-2026-20262 — Cisco | Catalyst SD-WAN ManagerCisco Catalyst SD-WAN Manager Vulnerability
Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.
View CISA Advisory → CVE-2026-35273 — Oracle | PeopleSoft Enterprise PeopleToolsOracle PeopleSoft Enterprise PeopleTools Vulnerability
Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.
View CISA Advisory → CVE-2026-10520 — Ivanti | SentryIvanti Sentry Vulnerability
Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.
View CISA Advisory →Financial Fraud Warnings & Action Fraud Alerts
FCA secures confiscation order against Ponzi scheme fraudster
The FCA has secured a confiscation order of £452,286.80 against convicted fraudster Daniel Pugh. Mr Pugh, 36, is serving a 7 years and 6 months prison sentence for defrauding investors out of £1.3m.Run from his bedroom...
Read FCA Warning →Consumers warned about misleading car finance 'money tips' claims ads
Consumers are being warned to be wary of misleading car finance 'money tips' adverts issued by claims management companies (CMCs) and law firms on social media. As part of the joint regulatory taskforce, the FCA has ide...
Read FCA Warning →Football clubs warned about questionable sponsorship deals with unauthorised financial firms
Football clubs have been warned not to put their fans’ cash at risk by signing sponsorship deals with financial firms that aren't allowed to operate in the UK. According to the FCA, a number of unauthorised firms, inclu...
Read FCA Warning →ICO Enforcement Notices & Data Protection Penalties
ICO Enforcement Notices & Monetary Penalties
The ICO regularly issues fines and enforcement notices for data protection breaches under UK GDPR. View the full register of actions below.
View ICO Enforcement Register →Is Your Business Exposed?
Many of these vulnerabilities affect software used by UK SMEs every day. A GET-IT threat intelligence scan will tell you exactly where your perimeter stands.
Book a Resilience Scan →Intelligence sourced from NCSC UK, the CISA Known Exploited Vulnerabilities Catalog, the FCA ScamSmart programme, and the ICO Enforcement register. This page is updated automatically every 12 hours. For the most current advisories visit the source links directly. GET-IT Cyber Division curates this content for UK SME relevance but is not responsible for the accuracy of third-party source data.