Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 40

This week’s cybersecurity news is dominated by a trifecta of escalating threats: MFA failures, AI accelerated social engineering and the massive political costs of corporate breaches. Our top stories reveal a significant Global Threat Shift, confirming that while Ransomware Dominates Impact, the methods are evolving with AI Accelerating Phishing. We detail how the Akira Ransomware group is achieving MFA bypass on critical VPNs with “hours-long” attacks, forcing immediate patching. Meanwhile, the human element remains the primary weakness, with Mandiant exposing the UNC6040/ShinyHunters Salesforce Vishing Scheme, urging organisations to adopt phishing-resistant authentication methods.

Cybersecurity News

5 Convergent Cyber Threats EU Organisations Must Tackle

Imagine a shadowy forum where different malicious groups, from cybercriminals to state aligned spies and political hacktivists, are all sharing their best tools and tactics. That’s the chilling reality unveiled in the ENISA Threat Landscape 2025 (ETL 2025) report. It’s not just about more incidents, it’s about a convergence. Threat actors with different motivations are now using the same playbook, exploiting the same weak doors at an unprecedented industrial scale.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 39

The latest cybersecurity headlines reveal a critical threat convergence, as sophisticated attacks directly impacting global infrastructure while cloud environments and enterprise networks are simultaneously compromised by zero day exploits. This week, major European travel was thrown into chaos as a cyberattack on a single vendor, Collins Aerospace, crippled check-in systems across multiple international airports. We’ll examine this potent supply chain risk alongside the sheer scale of the digital battlefield, highlighted by Cloudflare blocking a record-breaking 22.

Cybersecurity Alert

Critical Vulnerability in Fortra GoAnywhere MFT

A new and critical vulnerability has been identified in Fortra's GoAnywhere Managed File Transfer (MFT) solution. This flaw, tracked as CVE 2025 10035, poses a significant threat to organisations using the software, with a maximum CVSS score of 10.0. This blog post breaks down the vulnerability, explains its potential impact and provides the crucial steps you need to take to secure your systems immediately. Understanding the GoAnywhere Managed File Transfer Vulnerability At its core, CVE 2025 10035 is a deserialisation vulnerability located in the License Servlet of GoAnywhere MFT.

Webinar

The 18 Month Mandate for Digital Operational Resilience in Credit Unions

As the digital risk landscape shifts, so too must the operational strategy for Credit Unions in Ireland. The Central Bank's recent IT risk review isn’t just a recommendation, it’s a firm mandate with an 18-month deadline that directly impacts your Credit Union’s leadership. This critical assessment is the first step on your essential journey toward full Digital Operational Resilience Act (DORA) compliance. For many leaders, navigating these advanced IT risk and security requirements can create a significant “governance gap.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 38

This week’s roundup highlights a range of critical developments, from landmark government action on AI regulation to a series of sophisticated cyberattacks targeting major companies and widely used software. We’ll delve into the new enforcement bodies for the EU’s AI Act, the fallout from a disruptive cyberattack on Jaguar Land Rover, and the spread of a dangerous self-replicating worm. Additionally, we’ll cover takedowns of criminal services and the patching of multiple zero-day vulnerabilities in browsers and mobile operating systems, underscoring the constant battle between developers and attackers.