This week, A well-known file-sharing tool has been taken offline after a mystery security threat, with no fix available yet.
Microsoft has issued another urgent SharePoint update, and this time, working attack code is already public.
A remote support tool used by IT helpdesks and managed service providers has critical flaws that could hand attackers the keys to every device it manages.
And in Scotland, an NHS trust is dealing with a reminder that not every risk comes from hackers; sometimes it is a simple mistake involving maternity patients' data.
Read on for what happened, why it matters, and what you can do about it.
Progress Software, the company behind the ShareFile file-sharing service, has told customers to switch off a piece of software called the Storage Zone Controller, a server that many companies run themselves to control where their ShareFile documents are stored. Progress said it had learned of a "credible external security threat" and had already switched off access for some customer accounts as a precaution. It has not said what the threat actually is, who is behind it, or whether any data has been stolen. Unlike a normal security update, Progress is not telling customers to install a patch; it is telling them to unplug the affected servers completely, which suggests a fix may not be ready yet.
Storage Zone Controllers usually sit at the edge of a company's network, connected to the internet so staff can use them easily. That same position makes them visible to attackers scanning for weak points. Many UK businesses use ShareFile to share documents securely with clients, partners, and patients. Because Progress has ordered a shutdown rather than a patch, this looks like a serious, fast-moving problem. NHS suppliers and digital health organisations using ShareFile to exchange sensitive files should treat this as an active incident until Progress provides more details.
Recommendations
Microsoft has released a fix for a new flaw in SharePoint Server, tracked as CVE-2026-33112. A security researcher has already published proof-of-concept code showing how the flaw could be exploited, meaning people beyond professional criminal gangs can now try to use it. The flaw lets someone who already has an ordinary, logged-in account on a SharePoint server run their own code and effectively take it over. NHS England's cyber team rates further attacks as likely. This is a separate, newer flaw from the SharePoint issue exploited in recent weeks, showing just how much attention SharePoint is getting from attackers and researchers right now.
On-premises SharePoint servers, the version organisations run and manage themselves, rather than Microsoft's cloud-hosted SharePoint Online, are used across many NHS trusts and suppliers to store documents, policies, and records. With working attack code now public, the gap between "a flaw exists" and "someone actively uses it" gets much shorter. Any organisation running an unpatched on-premises SharePoint server risks losing control of that server, which attackers can then use as a launchpad into the wider network.
Recommendations
BeyondTrust, which makes Remote Support and Privileged Remote Access software, has released fixes for four security flaws. Two are rated critical, scoring 9.2 out of 10 for severity. These two flaws could let an attacker who has not logged in at all bypass the normal sign-in process and gain full access to a system, including accounts with the highest level of privilege. Tools like this are used by IT helpdesk staff and outside support companies to connect to and control other people's computers remotely. BeyondTrust has already patched its own cloud customers, but anyone running the software themselves needs to update it.
Remote support tools are often used by managed service providers and outside IT companies that look after the day-to-day technology for smaller organisations, including many digital health companies and NHS suppliers. If an attacker breaks into the support platform itself, they could potentially reach every computer or system it manages in one go, not just a single victim. This is exactly the kind of supply chain risk that DSPT assessments are designed to catch, and it is worth asking directly whether any of your IT or support providers use BeyondTrust.
Recommendations
NHS Forth Valley, the health board covering services between Edinburgh and Glasgow, has revealed that a staff member sent a spreadsheet containing details of around 150 women who had used its maternity services to their own personal email account. The Trust says most of the information could not be used to identify anyone, but some lines did relate to specific women who had accessed local maternity care. It has launched an internal investigation, contacted the women affected, and reported the matter to the UK Information Commissioner. There is no evidence yet that the data has been shared any further, and the staff member has said they have deleted it.
Not every risk to patient data comes from hackers. This incident is a reminder that ordinary human mistakes, like sending information to the wrong place, are one of the most common causes of data breaches in healthcare. Maternity data is especially sensitive, and incidents like this can affect patient trust just as much as a cyber-attack would. For NHS organisations and suppliers working towards DSPT compliance, this case shows why staff training and clear rules about where data can and cannot be sent matter just as much as technical security controls.
Recommendations
Want help staying ahead of threats like these? Contact Periculo about our Threat Intelligence services and find out how we support UK digital health organisations, healthtechs, and NHS suppliers with practical, hands-on cybersecurity assurance.