The UK's National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment.
The service is delivered through cybersecurity firm Netcraft and is based on publicly available information and internet scanning.
The NSCS will identify organizations that lack essential security services and will contact them with specific software update recommendations that address unpatched vulnerabilities.
This may include recommendations on specific CVEs or general security issues, such as the use of weak encryption.
“Scanning and notifications will be based on external observations such as the version number publicly advertised by the software,” NCSC explains, adding that this activity is “in compliance with the Computer Misuse Act.”
The agency highlights that the emails sent through this service originate from netcraft.com addresses, do not include attachments, and do not request payments, personal, or other type of information.
BleepingComputer learned that the pilot program will cover UK domains and IP addresses from Autonomous System Numbers (ASNs) in the country.
The service will not cover all systems or vulnerabilities, though, and the recommendation is that entities do not rely on it alone for security alerts.
Organizations are strongly encouraged to sign up for the more mature ‘Early Warning’ service to receive timely notifications for
TPRM report: https://www.rankiteo.com/company/netcraft
"id": "net1764893055",
"linkid": "netcraft",
"type": "Vulnerability",
"date": "2025-12-04T00:00:00.000Z",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': None,
'location': 'United Kingdom',
'name': 'UK Organizations',
'size': None,
'type': 'Various'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'description': "The UK's National Cyber Security Center (NCSC) "
'announced the testing phase of a new service '
'called Proactive Notifications, designed to '
'inform organizations in the country of '
'vulnerabilities present in their environment. '
'The service is delivered through cybersecurity '
'firm Netcraft and is based on publicly available '
'information and internet scanning. The NCSC will '
'identify organizations that lack essential '
'security services and contact them with specific '
'software update recommendations to address '
'unpatched vulnerabilities, including CVEs or '
'general security issues like weak encryption.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': None,
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Pilot Program',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': 'Organizations are encouraged to sign up for '
"the NCSC's 'Early Warning' service for "
'comprehensive security alerts and not rely '
'solely on the Proactive Notifications '
'service.',
'references': [{'date_accessed': None,
'source': 'BleepingComputer',
'url': None},
{'date_accessed': None,
'source': 'NCSC',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Compliance '
'with the '
'Computer '
'Misuse '
'Act'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Emails sent from '
'netcraft.com addresses '
'without attachments or '
'requests for sensitive '
'information',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': 'Software update '
'recommendations for '
'unpatched vulnerabilities',
'third_party_assistance': 'Netcraft'},
'title': 'NCSC Proactive Notifications Pilot Program for '
'Vulnerability Alerts',
'type': 'Vulnerability Disclosure Program'}}