diff --git a/src/server/__tests__/server.test.js b/src/server/__tests__/server.test.js
index 96f0a8d..f305e19 100644
--- a/src/server/__tests__/server.test.js
+++ b/src/server/__tests__/server.test.js
@@ -341,19 +341,23 @@ it('Download threat file', async () => {
     - *Description:* description
     - *Mitigation:* mitigation
 4. **Accessing DB credentials**
+    - *Category:* Information disclosure
     - *Severity:* High
     - *Description:* The Background Worker configuration stores the credentials used by the worker to access the DB. An attacker could compromise the Background Worker and get access to the DB credentials.
     - *Mitigation:* \\[Click Me\\]\\(javascript:alert\\('XSS'\\)\\)
 5. **Unauthorised access**
+    - *Category:* Information disclosure
     - *Severity:* High
     - *Description:* An attacker could make an query call on the DB,
     - *Mitigation:* Require all queries to be authenticated.
 6. **Credential theft**
+    - *Category:* Information disclosure
     - *Severity:* Medium
     - *Author:* The Model
     - *Description:* An attacker could obtain the DB credentials ans use them to make unauthorised queries.
     - *Mitigation:* Use a firewall to restrict access to the DB to only the Background Worker IP address.
 7. **\\!\\[Uh oh...\\]\\(https://www.example.com/image.png"onload="alert\\('XSS'\\)\\)**
+    - *Category:* Information disclosure
     - *Severity:* High
     - *Description:* The Web Application Config stores credentials used  by the Web App to access the message queue. These could be stolen by an attacker and used to read confidential data or place poison message on the queue.
     - *Mitigation:* The Message Queue credentials should be encrypted. newlines shouldn't break the formatting
diff --git a/src/server/endpoints.js b/src/server/endpoints.js
index 2e8635c..da5c1d8 100644
--- a/src/server/endpoints.js
+++ b/src/server/endpoints.js
@@ -248,10 +248,10 @@ export const downloadThreatsMarkdownFile = (gameServer) => async (ctx) => {
 };
 
 function enrichThreatWithCategory(threat, gameMode) {
-  if (threat.type && isSuit(threat.type)) {
+  if (threat.type) {
     return ({
       ...threat,
-      category: getSuitDisplayName(gameMode, threat.type)
+      category: isSuit(threat.type) ? getSuitDisplayName(gameMode, threat.type) : threat.type
     });
   }