LmCast :: Stay tuned in

NCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices

Recorded: Dec. 5, 2025, 1:02 a.m.

Original Summarized

NCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices

News

Featured
Latest

Critical React, Next.js flaw lets hackers execute code on servers

North Korea lures engineers to rent identities in fake IT worker scheme

CISA warns of Chinese "BrickStorm" malware attacks on VMware servers

Marquis data breach impacts over 74 US banks, credit unions

Hackers are exploiting ArrayOS AG VPN flaw to plant webshells

NCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices

Predator spyware uses new infection vector for zero-click attacks

Russia blocks FaceTime and Snapchat for alleged use by terrorists

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityNCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices

NCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices

By Bill Toulas

December 4, 2025
05:21 PM
0

The UK's National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment.
The service is delivered through cybersecurity firm Netcraft and is based on publicly available information and internet scanning.
The NSCS will identify organizations that lack essential security services and will contact them with specific software update recommendations that address unpatched vulnerabilities.
This may include recommendations on specific CVEs or general security issues, such as the use of weak encryption.
“Scanning and notifications will be based on external observations such as the version number publicly advertised by the software,” NCSC explains, adding that this activity is “in compliance with the Computer Misuse Act.”
The agency highlights that the emails sent through this service originate from netcraft.com addresses, do not include attachments, and do not request payments, personal, or other type of information.
BleepingComputer learned that the pilot program will cover UK domains and IP addresses from Autonomous System Numbers (ASNs) in the country.
The service will not cover all systems or vulnerabilities, though, and the recommendation is that entities do not rely on it alone for security alerts.
Organizations are strongly encouraged to sign up for the more mature ‘Early Warning’ service to receive timely notifications for security issues affecting their networks.
Early Warning is a free service from NCSC that alerts on potential cyberattacks, vulnerabilities, or other suspicious activity in a company's network.
It works by aggregating public, private, and government cyber-threat intelligence feeds and cross-referencing them with the domains and IP addresses of enrolled organizations to spot signs of active compromises.
Proactive Notification is triggered before a direct threat or compromise is detected, when NCSC becomes aware of a risk relevant to an organization’s setup.
Together, the two services will form a layered security approach.  Proactive Notification helps with hardening systems and reducing risks, while Early Warning will pick up what still manages to slip through.
The NCSC has not provided a timeline for the Proactive Notifications program exiting the pilot phase and becoming more broadly available.

Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Get the guide

Related Articles:
Microsoft says new Outlook can't open some Excel attachmentsMultiple London councils' IT systems disrupted by cyberattackCox Enterprises discloses Oracle E-Business Suite data breach'Scattered Spider' teens plead not guilty to UK transport hackRussian bulletproof hosting provider sanctioned over ransomware ties

Email
NCSC
Proactive Notifications
Security Notification
UK

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article
Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Popular Stories

ChatGPT is down worldwide, conversations disappeared for users

Marquis data breach impacts over 74 US banks, credit unions

North Korea lures engineers to rent identities in fake IT worker scheme

Sponsor Posts

AI is a data-breach time bomb: Read the new report

Hackers love the holidays! Share FREE Security Awareness Training to keep family & friends cyber-safe!

Empowering IT teams with intelligence driven cyber threat research.

Overdue a password health-check? Audit your Active Directory for free

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2025 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now


Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

NCSC’s “Proactive Notifications” service, launched in December 2025, represents a novel approach to cybersecurity alerting within the United Kingdom. Developed in partnership with Netcraft, the service utilizes publicly available data, including software version numbers and internet scanning, to identify organizations with unpatched vulnerabilities. The core function of Proactive Notifications is to proactively inform organizations about security gaps within their environment, delivering recommendations regarding specific Common Vulnerabilities and Exposures (CVEs) or broader security issues, such as the implementation of stronger encryption methods.

The service operates through emails originating from netcraft.com addresses, purposefully devoid of attachments and payment requests, and compliant with the Computer Misuse Act. Initial pilots focus on UK domains and Autonomous System Numbers (ASNs), acknowledging that it’s not a comprehensive security solution. Organizations are explicitly advised not to rely solely on Proactive Notifications, instead, utilizing the more established “Early Warning” service for timely alerts pertaining to active cyberattacks, vulnerabilities, or suspicious activity impacting their networks.

Early Warning aggregates public, private and government cyber-threat intelligence feeds and cross-references this data with the domains and IP addresses of enrolled organizations. This layered security approach—Proactive Notifications for hardening systems at the outset and Early Warning for continuous monitoring—is intended to create a robust defense strategy. The NCSC has not yet published a timeline for the Proactive Notifications program to move beyond the pilot phase. This launch signifies an attempt by the National Cyber Security Centre to actively engage with organizations to improve cybersecurity posture, albeit with a deliberately limited scope and a focus on preventative measures rather than reactive incident response.