Live National Cyber Helpline · 0300 123 2040
Assured Cyber Protection Cyber & insurance briefing

News

Cyber Security News: July 2026

By the Assured Cyber Protection team · Updated 2026 · Reviewed

The end of June brought a fresh gateway flaw with an unwelcome family resemblance, a major UK data leak that started at a third-party supplier, and another round of patch orders aimed at business phone and design systems. Here is what happened between roughly 18 June and 2 July, and what it means if you run a small business, buy cyber cover or hold Cyber Essentials.

A new NetScaler flaw revives CitrixBleed fears

On 30 June, Citrix patched six NetScaler bugs, the most serious being CVE-2026-8451, a pre-authentication memory overread that lets an attacker read chunks of an appliance’s memory before logging in. Researchers drew the obvious comparison to CitrixBleed, the 2023 flaw that leaked session tokens and let attackers walk straight past login and multi-factor prompts. NetScaler ADC and Gateway are the remote-access front door for a lot of organisations, and the UK’s NCSC has already pushed several NetScaler patch alerts this year. Most corner shops do not run Citrix themselves, but plenty rely on an IT provider or managed service that does, so the practical step is to ask whoever runs your remote access whether these appliances are patched. An unpatched, internet-facing gateway is exactly the kind of finding that fails a Cyber Essentials assessment and gives an insurer grounds to question a later claim. Our Cyber Essentials patch deadline calculator works out your 14-day clock for critical fixes. Details at The Hacker News.

University of Nottingham confirms a large data leak through a supplier platform

The University of Nottingham confirmed a serious breach after the ShinyHunters extortion group ran a “pay or leak” campaign, stole roughly 40GB of data and then published it. Reporting puts the exposed set at around 455,000 email addresses alongside names, home addresses, phone numbers, passport numbers and sensitive details such as disabilities, affecting current students and alumni. The intrusion traced back to the third-party Campus Solutions student-records platform rather than a failure of the university’s own network, and it was reported to the ICO, Action Fraud and the Office for Students. For a small business the lesson is about supplier risk: your data can be exposed by a partner you trust, even when your own defences hold. Check that your policy includes third-party and data-breach liability rather than just first-party recovery, keep a list of who holds your customer records, and know your ICO reporting clock. Our ICO breach notification 72-hour deadline calculator and our guide to first-party versus third-party cyber cover both help here. Reported by BleepingComputer.

CISA flags exploited flaws in a business phone system and a design platform

On 25 June, CISA added two more actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalogue: a server-side request forgery flaw in Cisco Unified Communications Manager, CVE-2026-20230, and a remote code execution bug in PTC Windchill and FlexPLM, CVE-2026-12569. The Cisco one is the wider worry, because unified communications kit runs the phones and messaging many businesses depend on, and it is easy to leave off the patch list precisely because it “just works” in the background. The takeaway for a stretched IT team is the same one regulators keep pushing: patch by what attackers are actually using, and start with internet-facing and business-critical systems rather than trying to clear every advisory at once. If you are not sure where your gaps sit, our cyber insurance readiness checklist is a quick way to pressure-test your controls before a renewal or a claim. Alert from CISA.

The Threat Brief

A calm, plain-English security update. Once a week.

New scams, breach lessons, and cyber insurance changes that affect UK businesses, explained without the jargon. No alarmism, no vendor spin.

Unsubscribe anytime. We never share your address.