Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Defence
  • /
  • UK and allies warn of cyber attack vulnerabilities

Defence Security

UK and allies warn of cyber attack vulnerabilities

The UK and international allies issued an alert yesterday, showing an increase in cyber attackers initially exploiting previously unknown vulnerabilities to compromise enterprise networks.

Above: The National Cyber Security Centre (NCSC), Nova South, London.
Image by Simona Flamigni / copyright Shutterstock

In a new advisory, the National Cyber Security Centre (NCSC) – a part of GCHQ – alongside partners in Australia, Canada, New Zealand and the United States, shared a list of the top 15 routinely exploited vulnerabilities of 2023.

Advertisement
DSEI 2025

Of these vulnerabilities, the majority were first exploited as zero-days – weaknesses that were recently discovered and where a fix or patch was not immediately available from the vendor – allowing attackers to conduct cyber operations against higher-priority targets.

This trend, which the NCSC has continued to observe into 2024, marks a shift from 2022 when less than half of the top list was initially exploited as zero-day vulnerabilities.

The advisory strongly encourages enterprise network defenders to maintain vigilance with their vulnerability management processes, including applying all security updates in a timely manner and ensuring they have identified all assets in their estates.

It also calls on technology vendors and developers to follow advice on implementing secure-by-design principles into their products to help reduce the risk of vulnerabilities being introduced at source and being exploited later.

Ollie Whitehouse, NCSC Chief Technology Officer, said: “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organisations and vendors alike as malicious actors seek to infiltrate networks.  

“To reduce the risk of compromise, it is vital all organisations stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace.

“We urge network defenders to be vigilant with vulnerability management, have situational awareness in operations and call on product developers to make security a core component of product design and life-cycle to help stamp out this insidious game of whack-a-mole at source”.

All vulnerabilities listed have had patches and fixes made available from the vendors to help mitigate the risk of compromise.

Advertisement
DSEI 2025

In the case of zero-day vulnerabilities, where exploitation is rife it is vital organisations have a process in place to install vendor updates at pace after they become available to minimise the opportunity for attackers.

In addition to the top list, the advisory also details a further 32 vulnerabilities that were routinely exploited in 2023.

If mitigation steps have not already been taken, network defenders should follow vendor advice in each case and check for indicators of compromise before applying updates.

Advisory jointly published by:

  • NCSC
  • US Cybersecurity and Infrastructure Security Agency (CISA)
  • US Federal Bureau of Investigation (FBI)
  • US National Security Agency (NSA)
  • Australian Signals Directorate’s Australian Cyber Security Centre (ACSC),
  • Canadian Centre for Cyber Security (CCCS)
  • New Zealand National Cyber Security Centre (NCSC-NZ)
  • Computer Emergency Response Team New Zealand (CERT NZ)


View full advisory on CISA's website

Advertisement
PTC PTC
DE&S delivers innovative tech to HMS Richmond

Defence

DE&S delivers innovative tech to HMS Richmond

25 April 2025

Innovative technology that allows the Royal Navy to share combat data at speed during operations at sea has been installed on the T23 frigate, HMS Richmond, ahead of its operational deployment as part of the Carrier Strike Group 25 (CSG25) heading for the Pacific Rim.

Dstl unveils advanced portable oxygen delivery system

Defence

Dstl unveils advanced portable oxygen delivery system

25 April 2025

The Defence Science and Technology Laboratory (Dstl), in collaboration with Defence Medical Services (DMS), has unveiled an advanced portable oxygen delivery system designed to improve casualty survival rates for UK soldiers and civilians.

Chinook Maintenance School receives VMT system

Defence

Chinook Maintenance School receives VMT system

24 April 2025

Royal Air Force Chinook helicopter technicians now have access to latest generation interactive training technology to speed up their learning and development.

SME support from banks required to bolster defence strategy

Defence

SME support from banks required to bolster defence strategy

24 April 2025

Defence firms fear being debanked over ethical concerns amid the government's planned defence investment push and according to Heligan Group the UK’s defence strategy must include greater SME support from banks.

Advertisement
DSEI 2025
ITSA sees positive start to 2025 for UK connector market

Aerospace Defence

ITSA sees positive start to 2025 for UK connector market

24 April 2025

The Interconnect Technology Suppliers Association (ITSA) has reported that in Q1 of 2025 the UK connector market showed strong performance, with sales up 11% up over Q4 2024 and up 7% on Q1 2024.

Cranfield partners with ADI

Defence Events

Cranfield partners with ADI

23 April 2025

The Academy of Defense Industries (ADI) and Cranfield University have signed a Memorandum of Understanding at the Human Capability Initiative event to advance collaborative research and teaching and to build skills in the Kingdom of Saudi Arabia.

Advertisement
ODU RT