Cookie Consent by Free Privacy Policy Generator

Cyber Brief: NCSC AI defence, China targeting universities

Today's briefing reflects a significant shift in how the UK is thinking about cyber defence at scale, alongside practical reminders about the threats organisations continue to face. The NCSC has published details of Cyber Shield, a national initiative to develop AI-driven defence capabilities, while threat intelligence shows Chinese actors actively targeting UK university email systems. At the same time, new research highlights security weaknesses in AI coding tools that many development teams are beginning to adopt, and CISA has flagged three vulnerabilities now being actively exploited in the wild.

NCSC launches Cyber Shield initiative for AI-driven national defence

The NCSC has published a blog post outlining Cyber Shield, a new initiative aimed at developing a sovereign, national-scale cyber defence capability powered by agentic AI. The NCSC describes this as a long-term programme designed to help the UK defend critical infrastructure, public services and private sector networks more effectively by using AI to detect, analyse and respond to threats at machine speed. The initiative is positioned as a response to the growing volume and sophistication of cyber threats, particularly from nation-state actors, and reflects the UK government's recognition that traditional defensive approaches will struggle to keep pace without automation and AI-assisted decision-making.

For UK organisations, this signals a meaningful shift in how national cyber defence may evolve over the coming years. While Cyber Shield is a government-led programme, its development will likely influence how threat intelligence is shared, how incident response is coordinated, and how public and private sector organisations collaborate on defence. The NCSC's focus on agentic AI suggests a move towards systems that can act autonomously within defined parameters, rather than simply flagging alerts for human review. This raises important questions about governance, accountability and the operational boundaries within which AI-driven defence tools will operate.

Why it matters

For UK businesses, this is a prompt to consider how your organisation will engage with national cyber defence initiatives as they mature, and how AI-driven threat detection and response may change the way you work with government agencies, sector bodies and managed security providers. It is also a reminder to review how your own security operations are preparing for the operational reality of AI-assisted defence, including the governance and oversight frameworks needed to manage automated decision-making in security contexts.

Source: NCSC UK

Chinese threat actors target UK universities through Roundcube email servers

The Register reports that suspected Chinese threat actors have been breaking into universities' Roundcube email servers, with Proofpoint researchers estimating the total volume of targets to be a few dozen institutions. Roundcube is an open-source webmail client widely used by academic institutions, and the targeting appears focused on gaining access to email accounts, likely for intelligence gathering or long-term access to research networks. The activity is consistent with broader patterns of Chinese state-sponsored espionage targeting higher education, particularly institutions involved in research areas of strategic interest such as technology, engineering, life sciences and international relations.

UK universities remain high-value targets for nation-state actors due to the sensitive research they conduct, the international collaboration they facilitate, and the relatively open nature of academic networks. Email compromise provides a foothold for broader network access, intellectual property theft, and long-term surveillance. For universities and research institutions, this is a reminder that email infrastructure, particularly legacy or less commonly patched systems like Roundcube, represents a significant attack surface. The targeting also highlights the importance of monitoring for unusual access patterns, ensuring multi-factor authentication is enforced across webmail systems, and reviewing how research data and collaboration platforms are segmented from general email infrastructure.

Why it matters

For UK universities and research organisations, this is a prompt to review the security posture of webmail systems, particularly open-source platforms that may not receive the same level of vendor support or automatic patching as commercial alternatives. It is also a reminder to ensure that email compromise is treated as a potential precursor to broader network intrusion, and that incident response plans account for the specific risks associated with research data, international collaboration and long-term access by sophisticated threat actors.

Source: The Register

Security flaws in AI coding agents allow malicious code execution

The Hacker News reports that researchers have identified vulnerabilities in popular AI coding agents, including Anthropic's Claude Code and OpenAI's Codex, that allow attackers to trick the tools into executing malicious code. The attack, demonstrated in a proof-of-concept called "Friendly Fire", works by embedding instructions within open-source code repositories that the AI agent is asked to scan for security vulnerabilities. Instead of simply analysing the code, the agent follows the embedded instructions and executes the attacker's code on the user's machine. A separate vulnerability, dubbed "GhostApproval" and identified by researchers at Wiz, affects six AI coding assistants including Amazon Q Developer, Cursor, and Google Antigravity. This flaw exploits symbolic links to trick the agent into writing to sensitive system files when the user believes they are approving edits to a harmless file.

These vulnerabilities highlight a significant security gap in how AI coding agents are being integrated into development workflows. Many organisations are beginning to adopt these tools to accelerate code review, automate security scanning, and assist with development tasks. However, the research shows that the autonomous nature of these agents, particularly when they are granted permission to execute code or modify files without granular human oversight, creates new attack vectors. The issue is not just technical; it reflects a broader challenge around trust boundaries, permission models, and the operational assumptions built into AI-assisted development tools. For organisations using or evaluating AI coding agents, this is a reminder that these tools are not simply productivity enhancers—they are active participants in your development environment with the potential to introduce risk if not properly constrained.

Why it matters

For UK businesses using AI coding agents, this is a prompt to review how these tools are deployed, what permissions they are granted, and how their actions are monitored and logged. Organisations should ensure that AI agents are not running in autonomous modes that allow them to execute code or modify files without explicit human approval for each action, and that development environments are segmented to limit the potential impact of a compromised agent. It is also worth reviewing vendor security advisories and ensuring that any mitigations or patches released by tool providers are applied promptly.

Source: The Hacker News

CISA warns of three actively exploited vulnerabilities

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. The vulnerabilities affect JoomShaper SP Page Builder (CVE-2026-48908), Langflow (CVE-2026-55255), and Joomlack Page Builder (CVE-2026-56290). CVE-2026-48908 is an unrestricted file upload vulnerability that allows attackers to upload and execute malicious files on affected systems. CVE-2026-55255 is an authorisation bypass flaw that allows attackers to gain unauthorised access through user-controlled keys. CVE-2026-56290 is an improper access control vulnerability that allows attackers to bypass security restrictions. CISA's inclusion of these vulnerabilities in the KEV Catalog indicates that they are being actively exploited in the wild, and federal agencies are required to patch them within a specified timeframe.

While CISA's directives are aimed at US federal agencies, the KEV Catalog is widely used by UK organisations as a practical reference for prioritising patching activity. The vulnerabilities listed affect third-party components commonly used in web applications and content management systems, which means they may be present in a wide range of UK business environments, particularly where organisations use Joomla-based websites or low-code development platforms like Langflow. The fact that these vulnerabilities are being actively exploited means that attackers are already scanning for and targeting vulnerable systems, and organisations that have not yet patched are at immediate risk of compromise.

Why it matters

For UK businesses, this is a prompt to check whether any of these components are in use within your web applications, content management systems, or development platforms, and to prioritise patching if they are. It is also a reminder to review how your organisation tracks and responds to CISA KEV updates, as they provide a reliable signal of vulnerabilities that are being actively exploited and should be treated as high priority regardless of your organisation's location or sector.

Source: CISA

Today's Key Actions

  • Review how your organisation will engage with national cyber defence initiatives as they develop, and consider how AI-driven threat detection may change the way you work with government agencies and sector bodies over the coming years.
  • Check the security posture of webmail systems, particularly open-source platforms, and ensure multi-factor authentication is enforced across all email infrastructure, especially in research and higher education environments.
  • Review how AI coding agents are deployed in your development environment, what permissions they are granted, and ensure they are not running in autonomous modes that allow code execution or file modification without explicit human approval.
  • Check whether JoomShaper SP Page Builder, Langflow, or Joomlack Page Builder are in use within your web applications or development platforms, and prioritise patching if they are present.
  • Ensure that ownership and accountability for monitoring CISA KEV updates, reviewing AI tool security, and responding to targeted threat intelligence is clearly assigned within your security and IT teams.

Secarma Insight

The stories today reflect a recurring theme: security maturity comes from understanding how new capabilities, whether AI-driven defence or AI-assisted development, fit within your existing governance, risk management and operational frameworks. The NCSC's Cyber Shield initiative signals a long-term shift in national defence, but the practical work of securing your organisation still depends on the fundamentals—clear ownership, disciplined patching, well-configured access controls, and a realistic understanding of where your attack surface lies. The vulnerabilities and targeting activity highlighted today are not new types of threat; they are reminders that the basics, done consistently and with clear accountability, remain the foundation of effective defence. Organisations that approach new technologies with that discipline in place will be better positioned to adopt them safely and confidently.

News and blog posts
Today's briefing reflects a UK cybersecurity landscape in transition. The NCSC...
The NCSC has announced Cyber Essentials Pathways, an alternative route to Cyber...
The NCSC has announced Cyber Shield, a national initiative to develop an...
Microsoft has warned that organisations should shorten their Windows update...