https://steelwise.uk/filings/ Practical thinking on security, infrastructure, and AI from Steelwise. en-gb Sat, 28 Feb 2026 15:09:45 GMT https://steelwise.uk/filings/the-ico-is-becoming-the-information-commission.html https://steelwise.uk/filings/the-ico-is-becoming-the-information-commission.html Thu, 19 Feb 2026 00:00:00 GMT The UK's data protection regulator is being restructured under the Data (Use and Access) Act 2025. New board, new CEO, new statutory objectives. The name is the least interesting part. contact@steelwise.uk (Carl Heaton) https://steelwise.uk/filings/what-the-cyber-security-and-resilience-bill-actually-means.html https://steelwise.uk/filings/what-the-cyber-security-and-resilience-bill-actually-means.html Thu, 19 Feb 2026 00:00:00 GMT The biggest overhaul of UK security regulation since 2018 is in committee. MSPs are in scope, incident reporting gets a 24-hour clock, and fines go up to £17 million. Here's what it means in practice. contact@steelwise.uk (Carl Heaton) https://steelwise.uk/filings/free-security-awareness-campaign-you-didnt-know-existed.html https://steelwise.uk/filings/free-security-awareness-campaign-you-didnt-know-existed.html Wed, 18 Feb 2026 00:00:00 GMT The NPSA gives away a complete, professionally designed security awareness campaign kit. Posters, booklets, checklists, and a full starter guide. Most organisations don't know it exists. contact@steelwise.uk (Carl Heaton) https://steelwise.uk/filings/chrome-zero-day-cve-2026-2441-update-now.html https://steelwise.uk/filings/chrome-zero-day-cve-2026-2441-update-now.html Tue, 17 Feb 2026 00:00:00 GMT CVE-2026-2441 is actively being exploited in the wild. A use-after-free bug in CSS handling means a crafted webpage is all it takes. Push the update now. contact@steelwise.uk (Carl Heaton) https://steelwise.uk/filings/ai-just-claimed-your-spinning-disks-too.html https://steelwise.uk/filings/ai-just-claimed-your-spinning-disks-too.html Mon, 16 Feb 2026 00:00:00 GMT Western Digital's entire HDD capacity for 2026 is sold out. Cloud is 89% of their revenue. HDD prices are up 46% since September. The window for sensible storage pricing is closing. contact@steelwise.uk (Carl Heaton) https://steelwise.uk/filings/prompt-injection-is-not-the-new-sql-injection.html https://steelwise.uk/filings/prompt-injection-is-not-the-new-sql-injection.html Mon, 16 Feb 2026 00:00:00 GMT Schneier and co have reframed prompt injection as 'promptware' — a full 7-stage kill chain. The uncomfortable truth: LLMs can't distinguish instructions from data. This isn't a bug you can patch. contact@steelwise.uk (Carl Heaton) https://steelwise.uk/filings/the-first-five-minutes-of-incident-response.html https://steelwise.uk/filings/the-first-five-minutes-of-incident-response.html Sun, 15 Feb 2026 00:00:00 GMT Containment over correctness, reversibility over impact, protecting state before touching services. What your first five minutes should actually look like. contact@steelwise.uk (Carl Heaton) https://steelwise.uk/filings/when-your-payment-processor-cant-send-email.html https://steelwise.uk/filings/when-your-payment-processor-cant-send-email.html Fri, 13 Feb 2026 00:00:00 GMT Viva.com sends verification emails missing the Message-ID header. Google Workspace and Zoho reject them. The fix is one line of code. contact@steelwise.uk (Carl Heaton) https://steelwise.uk/filings/microsoft-is-a-cloud-company-that-also-makes-windows.html https://steelwise.uk/filings/microsoft-is-a-cloud-company-that-also-makes-windows.html Thu, 12 Feb 2026 00:00:00 GMT Microsoft's FY2025 numbers tell a clear story. Azure and M365 are two-thirds of revenue. Windows is about 6%. This is a cloud and productivity company. contact@steelwise.uk (Carl Heaton) https://steelwise.uk/filings/patch-your-text-editors.html https://steelwise.uk/filings/patch-your-text-editors.html Wed, 11 Feb 2026 00:00:00 GMT Notepad++ had its update service hijacked by state-sponsored attackers. Windows Notepad got a CVSS 8.8 command injection. Two editors, two attack vectors, same lesson. contact@steelwise.uk (Carl Heaton) https://steelwise.uk/filings/insecure-defaults-have-a-long-half-life.html https://steelwise.uk/filings/insecure-defaults-have-a-long-half-life.html Tue, 10 Feb 2026 00:00:00 GMT Global Telnet scanning dropped overnight in January 2026. Days later, a critical telnetd authentication bypass was disclosed. The protocol is old. The lesson is current. contact@steelwise.uk (Carl Heaton) https://steelwise.uk/filings/what-cyber-essentials-actually-involves.html https://steelwise.uk/filings/what-cyber-essentials-actually-involves.html Sat, 07 Feb 2026 00:00:00 GMT A plain-English walkthrough of the five Cyber Essentials controls, what the assessment looks like, and what it does and doesn't prove about your security. contact@steelwise.uk (Carl Heaton)