Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 16

Week 16 has been packed with critical cybersecurity developments, highlighting growing threats and major defensive efforts across the industry. A severe vulnerability in Apache Roller risks persistent unauthorised access, while SonicWall’s SMA100 suffers from an OS command injection flaw. Microsoft’s April Patch Tuesday addressed over 130 vulnerabilities, including a WinRAR bug that bypasses Windows security warnings and a critical Erlang/OTP SSH flaw allowing unauthenticated remote code execution. Meanwhile, a new variant of the BrickStorm malware is actively targeting Windows systems.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 15

This Weeks Headlines WhatsApp Vulnerability Allowed Remote Code Execution on Windows PCs Microsoft Patches 125 Flaws, Including Actively Exploited Windows CLFS Vulnerability Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Vulnerability CrushFTP File Transfer Vulnerability Exploited by Ransomware Group PoisonSeed Exploits CRM Credentials to Launch Cryptocurrency Seed Phrase Attacks Elevation of Privilege Vulnerability in Network Configuration Operators Group High Court Dismisses Judicial Review Over HSE Ransomware Data Breach WhatsApp Vulnerability Allowed Remote Code Execution on Windows PCs Meta has patched a critical vulnerability in WhatsApp for Windows, identified as CVE-2025-30401, which could have allowed attackers to execute arbitrary code on users’ devices.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 14

This Weeks Headlines Oracle Reports Second Cybersecurity Breach Hackers Exploit Legacy Stripe API to Validate Stolen Credit Cards UK Software Provider Fined £3M Over Ransomware Attack That Exposed Customer Data Hackers Exploit WordPress MU-Plugins Feature to Conceal Malware in Compromised Sites BlackLock Ransomware Operators Exposed After Leaking Their Own Decryption Keys Google Patches ‘ImageRunner’ Vulnerability in Cloud Run Oracle Reports Second Cybersecurity Breach Oracle has informed clients of a second cybersecurity breach within a month, where a hacker accessed a legacy system and stole old customer log-in credentials.

Penetration Test

What to Expect from a Penetration Test Report

Penetration testing is a crucial component of any organisation’s cybersecurity strategy, helping businesses to identify and address vulnerabilities before they can be exploited by attackers. But once the testing is complete, what comes next? How do you interpret the findings, how should you prepare for a re-test of the big issues discovered and what should you expect from a penetration test report? Navigating Your Penetration Testing Report Whether you’re a seasoned IT professional or new to the world of cybersecurity, understanding the structure and significance of a pen testing report will help you make informed decisions and take actionable steps toward protecting your systems from potential threats.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 13

This Weeks Headlines Free Online File Converters Spreading Malware Disguised as Useful Tools RedCurl Group Shifts from Espionage to Ransomware with QWCrypt Deployment Windows 11 Update KB5051987 Causes Veeam Recovery Connection Errors Hackers Exploit ‘Atlantis AIO Multi-Checker’ for Credential Stuffing Across 140+ Platforms RedCurl Group Shifts from Espionage to Ransomware with QWCrypt Deployment Critical RCE Vulnerabilities Discovered in Ingress NGINX Controller for Kubernetes Over 150,000 Websites Compromised by JavaScript Supply Chain Attack Next.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 12

This Weeks Headlines Unpatched Windows Zero-Day Exploited by Multiple State-Sponsored Groups Since 2017 Active Exploitation of Cisco Smart Licensing Utility Vulnerabilities Over 300 Malicious ‘Vapor’ Apps on Google Play Amass 60 Million Downloads Critical Fortinet Vulnerability Actively Exploited in Ransomware Attacks Compromised GitHub Action Exposes CI/CD Secrets in Over 23,000 Repositories Hackers Exploit Critical PHP Flaw to Deploy Quasar RAT and XMRig Miners Unpatched Windows Zero-Day Exploited by Multiple State-Sponsored Groups Since 2017 A critical, unpatched Windows zero-day vulnerability, tracked as ZDI-CAN-25373, has been actively exploited by 11 state-sponsored threat groups from nations including China, Iran, North Korea, and Russia since 2017.