Building reliable software services based on service components supplied by partners and third parties in potentially complex chains of providers, is inherently challenging. In the case of cloud-based services, providers may offer not only software (web services) but also infrastructure (e.g., processing and storage). Making composite services trustworthy and reliable requires all parties to be open about changes that may impact their customers, and they must inevitably deal with a fluctuating threat picture. In this paper, we describe a publish/subscribe-based notification infrastructure which allows a Service Runtime Environment (SRE) to receive alerts about changes and threats in service components. Notifications arise from both human and automated monitoring, and are published to a notification broker which handles subscriptions and message distribution. The SRE is enabled to react to these notifications automatically through adaptation of the service composition, based on rules that can syntactically match the contents of received notifications. In addition to describing the technical implementation, we show an example of how a composite service from the Air Traffic Management (ATM) domain can instantly adapt itself when it receives a notification about a threatened service component. We also demonstrate how a mobile client app is used to keep humans aware of the notifications.