UK launches Proactive Notifications Service to warn businesses of security vulnerabilities

Published: 8 December 2025
employee phishing attack
Image by Gumbariya | Shutterstock

The National Cyber Security Centre (NCSC), the United Kingdom’s cybersecurity agency, has announced its Proactive Notifications Service, a new initiative to alert businesses and organizations about vulnerable systems.

Working with Netcraft, a London-based internet services company, the NCSC identifies companies and organizations that are operating with outdated essential security software. They receive emails containing instructions to help them install software updates, making them less susceptible to hackers and other digital threats.

To detect system vulnerabilities, Netcraft and the NCSC collaborate to scan open-source information, including publicly available software versions. If vulnerabilities in systems are detected, the owner of the system will receive an email from a netcraft.com address.

ADVERTISEMENT

These warnings are written in plaintext format and don’t include any attachments. Companies that have received such an email and are concerned can contact the NCSC for further advice. Organizations can also opt out of receiving these notifications.

The NCSC reassures that the scanning process and notification service comply with the Computer Misuse Act.

white office cubicles, white bots, one human is white shirt, red carpet
Image by Cybernews.

However, British businesses and organizations shouldn’t just lean back and wait for the NCSC and Netcraft to act. Ultimately, organizations are responsible for the security of their own networks and data, and for determining the steps to protect themselves, including identifying and addressing vulnerabilities in their systems.

On top of that, the NCSC’s Proactive Notifications Service covers incident notifications, network abuse events (like the presence of malware), and open port alerts. It doesn’t conduct any scanning of a company’s networks, but rather uses information about similar networks. In addition, the service doesn’t cover all systems or vulnerabilities. Therefore, companies shouldn’t solely rely on notifications and security alerts.

“It is for organizations to determine whether and how to implement the recommendations from this service,” the NCSC stresses in a press release.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us
ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT