The UK’s National Cyber Security Centre (NCSC) has rolled out its Proactive Notification Service, partnering with internet monitoring firm Netcraft to directly alert system owners about vulnerabilities.
This pilot program scans public internet data to spot outdated software exposing organizations to attacks.
Launched as part of the NCSC’s Active Cyber Defence (ACD) strategy, it aims to make the UK safer online by nudging admins toward quick patches.
The service targets organizations running vulnerable, publicly visible systems—such as web servers advertising outdated software versions.
It focuses on “in-scope” vulnerabilities agreed upon by NCSC and Netcraft, prioritizing those with high exploit potential.
Emails go out in plaintext from Netcraft domains, carrying no attachments or requests for sensitive data, to build trust and avoid phishing fears.
Service Mechanics and Technical Scanning Process
Netcraft’s global internet scans detect vulnerabilities solely through external observations, such as banner grabbing or HTTP headers revealing software versions (e.g., Apache 2.4.29 signaling CVE-eligible flaws).
This passive reconnaissance complies fully with the UK’s Computer Misuse Act 1990, avoiding unauthorized access or deep probes. No internal network intrusion occurs; scans mimic what attackers see publicly.
Once a vuln matches criteria such as unpatched CVEs in standard stacks like WordPress plugins or outdated TLS configs Netcraft notifies the admin via the email address scraped from WHOIS records or domain metadata.
Recipients get specific advice: update to version X.Y.Z or apply patch ABC. As a Minimum Viable Product (MVP), the pilot tests scale, with feedback loops to refine vuln prioritization, perhaps weighting by CVSS scores above 7.0.
Organizations must verify emails: sender from netcraft.com, plaintext with copy-paste links, no attachments or info requests.
Doubts? Email acdenquiries@ncsc.gov.uk. Opt-outs hit support@netcraft.com. This isn’t a full vuln scanner like Nessus it’s a free, targeted nudge, not a replacement for tools like OpenVAS.
Integration With NCSC Early Warning and Broader Defenses
This service bolsters ACD’s “Early Warning” platform, a free sign-up for tailored threat alerts on your IP ranges or domains.
Share asset details for precise monitoring of malware C2 beacons or phishing targeting your estate.
Together, they form a proactive shield: notifications fix known vulnerabilities, and Early Warning flags live threats.
Cyber criminals hit UK firms daily via ransomware or data theft, often exploiting public vulnerabilities.
By automating responsible disclosure, NCSC cuts low-hanging fruit.
Experts praise the approach, but stress shared responsibility admins should layer it with SIEM logging and regular pentests.
 has rolled out its Proactive Notification Service, partnering with internet monitoring firm){kind=link}