Prompt injection is not SQL injection (it may be worse)
There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.
NCSC Feed
Using TLS to protect data
2 months ago
Recommended profiles to securely configure TLS for the most common versions and scenarios, with additional guidance for managing older versions.
A method to assess 'forgivable' vs 'unforgivable' vulnerabilities
2 months ago
Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.
Provisioning and managing certificates in the Web PKI
2 months ago
How service owners should securely provision and manage certificates in the Web PKI.
Updating our guidance on security certificates, TLS and IPsec
2 months ago
The NCSC has updated 3 key pieces of cryptographic guidance. Here, we explain the changes.
Building trust in the digital age: a collaborative approach to content provenance technologies
2 months 1 week ago
Joint NCSC and Canadian Centre for Cyber Security primer helps organisations understand emerging technologies that can help maintain trust in their public-facing information.
What makes a responsible cyber actor: introducing the Pall Mall industry consultation on good practice
2 months 1 week ago
Calling vulnerability researchers, exploit developers and others in the offensive cyber industry to share their views.
It's time for all small businesses to act
2 months 2 weeks ago
The NCSC’s Cyber Action Toolkit helps you to protect your business from online attacks.
NCSC handing over the baton of smart meter security: a decade of progress
2 months 2 weeks ago
Why transferring the Commercial Product Assurance scheme to industry ownership marks an important milestone.
Choosing a managed service provider (MSP)
2 months 2 weeks ago
An SME’s guide to selecting and working with managed service providers.
Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectors
3 months ago
New proposals will combat the growing threat to UK critical national infrastructure (CNI).
Cyber Action Toolkit: breaking down the barriers to resilience
3 months ago
How the NCSC’s ‘Cyber Action Toolkit’ is helping small businesses to improve their cyber security.
NCSC to retire Web Check and Mail Check
3 months 1 week ago
By 31 March 2026, organisations should have alternatives to Mail Check and Web Check in place.
External attack surface management (EASM) buyer's guide
3 months 1 week ago
A guide to choosing the right EASM product for your organisation, and the security features you need to consider.
EASM buyer's guide now available
3 months 2 weeks ago
How to choose an external attack surface management (EASM) tool that’s right for your organisation.
Cyber security is business survival
3 months 3 weeks ago
The NCSC co-signs Ministerial letter to major British businesses including FTSE 350 companies.
There's a hole in my bucket
3 months 4 weeks ago
...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'
Maintaining a sustainable strengthened cyber security posture
4 months ago
How organisations can avoid staff burnout during an extended period of heightened cyber threat.
Phishing attacks: defending your organisation
4 months ago
How to defend your organisation from email phishing attacks.
Getting your organisation ready for Windows 11 upgrade before Autumn 2025
4 months ago
Why you should act now to ensure you meet the new hardware standards, and prioritise security.
Checked
2 hours 7 minutes ago
This includes feeds from report, guidance and blog-post
NCSC Feed feed