Plain-English security guidance, training and live security updates for homes and small businesses — without the jargon or the fear-mongering.
Free · No account needed · Email yourself the report
From the library
Practical walk-throughs you can read in one sitting — new pieces land here first.
Letting an unknown person use your device or Wi-Fi can put your data, money, and privacy at serious risk. Here is what can go wrong, and how to stay in control.
4 May 2026
Encryption turns your data into a code that only you can unlock. This plain-English guide explains how it works and how to use it safely at home or in your small business.
4 May 2026
Aviation relies on complex digital systems that can be targeted by cyber attacks. Here is what those risks look like and how the industry works to stay safe.
4 May 2026
Small businesses are a popular target for cyber criminals, but you don't need a big IT budget to stay safe. Here are the most common threats to know about — and simple steps to tackle each one.
3 May 2026
Your website is one of your most important business assets. These straightforward steps will help you keep it safe without needing a technical background.
3 May 2026
Social engineering tricks people rather than computers — and small businesses are a common target. Here's what to look out for and how to stay protected.
2 May 2026
Aligned to the standards UK organisations actually use
By the numbers
Live counts from the database — refreshed on every page view.
How we help
Most cyber sites try to do twenty things. We do three — understand the threat, act on it in five minutes, and stay sharp without becoming a security analyst.
1 · Understand
Plain-English briefings on the scams, breaches and vulnerabilities that hit UK businesses and families this week. No jargon, no scare-mongering, no American examples.
2 · Act
Free interactive tools — password strength, breached-email lookup, MFA walkthroughs, SMB risk self-assessment. Each one tells you exactly what to do next. No account required.
3 · Stay sharp
Curated UK threat alerts by email. Pick your sources, pick your minimum severity, and we only ping you when something matters. One-click unsubscribe.
Where we sit
NCSC writes the canonical advice. Big vendors sell you a product. We take both, strip the jargon, and hand you a five-minute checklist.
NCSC small-business advice
A typical paid vendor
Cyber Made Simple
Curated from NCSC, FCA, ICO, CISA and HIBP — refreshed every 6 hours.
View CSAF Summary SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version. The following versions of Siemens SIMATIC are affected: SIMATIC CN 4100 vers:intdot/<5.0 CVSS Vendor Equipment Vulnerabilities v3 9.6 Siemens Siemens SIMATIC NULL Pointer Dereference, Reachable Assertion, Use After Free, Out-of-bounds Write, Integer Overflow or Wraparound, Allocation of Resources Without Limits or Throttling, Out-of-bounds Read, Covert Timing Channel, Stack-based Buffer Overflow, Inefficient Algorithmic Complexity, Missing Release of Memory after Effective Lifetime, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Improper Locking, Uncontrolled Recursion, Buffer Access with Incorrect Length Value, Race Condition within a Thread, Missing Synchronization, Use of Uninitialized Resource, Double Free, Missing Release of Resource after Effective Lifetime, Loop with Unreachable Exit Condition ('Infinite Loop'), Improper Update of Reference Count, Improper Control of a Resource Through its Lifetime, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), Unexpected Status Code or Return Value, Divide By Zero, Improper Validation of Specified Index, Position, or Offset in Input, Comparison Using Wrong F
Cisco Catalyst SD-WAN. Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. Required action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
The UK Financial Conduct Authority (FCA) has issued a warning about Novariontrade, an unauthorised financial firm operating without FCA permission. The firm claims to be based in Canary Wharf, London, but is not regulated. If you invest money with them and something goes wrong, you won't be protected by the Financial Ombudsman Service or the Financial Services Compensation Scheme, meaning you're unlikely to recover your money.
In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group . Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belonging to both Abrigo staff and external contacts. Whilst separate from Abrigo's Salesforce compromise via the Drift application connector the previous year , the data fields described in that incident are consistent with the ShinyHunters data, namely that it was "business contact information" including "institution name, employee name, email addresses, and phone numbers".
UK security authorities have warned that hackers linked to China are building hidden networks of compromised devices to spy on organisations. These networks use legitimate remote-access tools like VPNs to hide their activity. The alert advises organisations to monitor their network traffic carefully, especially connections from remote workers, and use threat intelligence to block known malicious addresses.
View CSAF Summary Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Ruggedcom Rox are affected: RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796) RUGGEDCOM ROX MX5000RE vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796) RUGGEDCOM ROX RX1400 vers:intdot/<2.17.1 (CVE-
Your first ten minutes
Two minutes on the live feed tells you what's actually hitting British SMBs and families right now — not generic global noise.
Twenty plain-English questions, no account needed, gives you a personalised report and a prioritised action list. Email the report to yourself.
Pick your sources, pick your minimum severity, and we email you when a threat matches. Typically a handful of times a month — never daily noise.
Curated from the UK and global sources you already trust
Straight answers
Both. The home plan is built for families and individuals — passwords, phishing, parental controls and recovery walk-throughs. The business plan adds posture self-assessment, free interactive tools and curated UK threat alerts for small teams. Same plain-English tone in both.
Because most consumer cyber sites are American — they reference Social Security numbers, the FTC and "the IRS won't call you". We curate from NCSC, FCA, ICO and HIBP, so what you read on Monday is genuinely about your bank, your regulator and your scams.
We only email when something matters — typically a handful of times a month, not daily. Every email has a one-click unsubscribe and the sender domain is locked down (DMARC + DKIM) so it always looks the same.
No. The free interactive tools, the live security update feed and the email alerts are open to everyone. Paid plans add saved checklists, multi-seat access, advanced training and the white-label admin for partners.
We're UK GDPR-aligned, store data in the EU, never sell anything, and run a public security.txt. Full details live on the privacy page.
Plain-English summaries of new UK threats that actually matter to small businesses and families. Free, no spam, unsubscribe in a click.
Curated from NCSC, FCA, ICO, CISA and HIBP — only when something matters.
Ready when you are
Create a free account in under a minute — no credit card. Run a five-minute self-check, save your results and get UK threat alerts only when they matter.
