Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 23

This week’s developments highlight the growing complexity of the threat landscape, from long-exploited vulnerabilities in widely used platforms to new malware strains and critical infrastructure exposure. Among the key stories, Fortinet users are urged to take immediate action to patch a high-severity flaw, and researchers have uncovered a decade-old vulnerability in Roundcube Webmail still affecting systems today. Meanwhile, the Crocodilus Android trojan is spreading globally, and international authorities have successfully dismantled AVCheck, a tool used by cybercriminals to test malware evasion.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 22

This week’s major security stories highlight the growing scale, complexity, and diversity of modern attacks, spanning massive credential leaks, third-party supply chain risks, AI abuse, and cloud misconfigurations. A staggering data breach has exposed 184 million login credentials tied to major platforms like Google and Microsoft, while Adidas has confirmed a breach stemming from a compromised third-party service provider. Meanwhile, the ViciousTrap botnet is actively exploiting a Cisco vulnerability to hijack over 5,000 devices globally.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 21

The past week revealed several significant security incidents and developments. Law enforcement agencies struck a major blow against the Lumma Stealer malware network, responsible for compromising an estimated 10 million systems. Meanwhile, ransomware attacks disrupted operations at a major frozen food supplier, and Cumberland Council disclosed that a recent cyberattack resulted in limited personal data exposure. On the technology front, Mozilla issued emergency patches for two zero-day vulnerabilities in Firefox actively exploited at Pwn2Own Berlin.

Penetration Testing

Penetration Testing vs Vulnerability Assessment: Know the Difference

Imagine your organisation as a fortress. You routinely check the locks, inspect the windows, and make sure everything is in order — that’s a vulnerability assessment. But what if someone tried to break in, test those defences, and find a hidden way inside? That’s where penetration testing comes in. With the vast range of cybersecurity assessments available today, it’s easy to get lost in the terminology. Vulnerability assessments and penetration tests are two of the most commonly misunderstood and often used interchangeably, though they serve distinct purposes.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 20

This week’s cybersecurity developments reveal a relentless pace of emerging threats, vendor responses, and policy-level shifts. Apple has issued its first-ever security patch for the C1 modem in iOS 18.5, addressing privacy vulnerabilities alongside a wider iOS update. Fortinet responded to an actively exploited zero-day vulnerability in FortiVoice systems, while ENISA launched the European Vulnerability Database to strengthen coordinated defence across the EU. Meanwhile, hundreds of online stores were compromised through long-dormant, backdoored Magento extensions in a renewed supply chain attack.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 19

Cyberattacks are escalating in scale and frequency, with recent incidents underscoring how vulnerable critical systems remain across retail, tech, and industrial sectors. In this roundup, we cover the breach affecting Co-op customers, Harrods becoming the third UK retailer hit in a widening attack wave, and a ransomware strike on German brewer Oettinger ransomware strike on German brewer Oettinger. Meanwhile, Microsoft’s Entra ID endures over 600 million daily attacks Microsoft’s Entra ID endures over 600 million daily attacks, and the company faced a record number of vulnerabilities in 2024.