We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Cyber alerts
We issue cyber security alert notifications to health and care organisations, ranging from weekly threat bulletins to immediate high-severity alerts.
January 2022
CC-4004
VMware Releases Security Update for ESXi, Workstation, Fusion, and Cloud Foundation
Security update addresses a heap-overflow vulnerability in VMware products
CC-4002
Log4Shell Vulnerabilities in VMware Horizon Targeted to Install Web Shells
Attackers are actively targeting Log4Shell vulnerabilities in VMware Horizon servers in an effort to establish web shells.
CC-4003
Citrix Releases Security Update for Log4j2 Vulnerabilities
Citrix has released a security advisory about Log4j2 vulnerabilities in Citrix Endpoint Management and Citrix Virtual Apps and Desktops.
December 2021
CC-4001
VMware Releases Security Update for Workspace ONE UEM console
Security update to address a Server Side Request Forgery vulnerability in VMware Workspace ONE UEM console
CC-4000
Apache Releases Security Update for Apache HTTP Server 2.4
Apache releases update which fixes vulnerabilities in Apache HTTP Server 2.4
CC-3999
Vulnerabilities in Fresenius Kabi Agilia Connect Infusion System
Vulnerabilities in Fresenius Kabi Agilia Connect Infusion System products could be exploited to allow an attacker to modify settings, access sensitive information, and perform arbitrary actions.
CC-3998
SolarWinds Releases Security Updates and Remediation Actions for SolarWinds Database Performance Analyzer
Security update to address Log4Shell
CC-3990
Ivanti Releases Critical Mitigations for MobileIron Products to Address Log4Shell Vulnerability
Out-of-band advisory to address Log4Shell vulnerability in MobileIron Core, Core Connector, Sentry, and Reporting Database