Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

News

Cyber Security Grants for Irish SMEs: A Guide to the EI Review Grant

As cyberattacks grow more frequent and sophisticated, malicious actors target organisations across the spectrum, from fledgling startups to established SMEs and large corporations. Recognising the pressing need for organisations to protect sensitive information and mitigate the risk of cyber-attacks, Enterprise Ireland is providing a Cyber Security Review Grant. This offers Irish organisations a practical and cost effective solution to enhance their resilience against cyber threats and ensure regulatory compliance. If you’re an Irish organisation and Enterprise Ireland client, you have access to substantial support to evaluate your current cybersecurity posture and identify potential vulnerabilities.

Cybersecurity News

The Invisible Perimeter: Identity, AI, and Supply Chain Risk

January was defined by the exploitation of authenticated access, a trend where attackers no longer try to break into the house, but instead trick users and AI agents into opening the door. From the subversion of identity platforms like LinkedIn to the exploitation of “unpatched” legacy systems in the heart of Europe’s critical infrastructure, the message is clear that the perimeter is now invisible and trust is the new zero day.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 51

This week’s intelligence highlights a dangerous convergence of zero day exploitation and identity centric abuse. We track unpatched CVSS 10.0 flaws in Cisco’s email security infrastructure and critical authentication bypasses in Fortinet’s perimeter defence. Simultaneously, the focus of threat actors is shifting toward the “human to cloud” interface leveraging compromised IAM credentials for massive resource hijacking and exploiting the opaque ecosystem of “parked” domains to serve malware at scale. These trends, combined with a sophisticated physical access breach in the maritime sector, reinforce that resilience must now extend from the virtual code to the physical hardware.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 50

This week’s intelligence confirms a critical surge in maximum severity RCE flaws and the systemic risk posed by AI governance failures. We track two CVSS 10.0 RCE flaws in React/Next.js, the active exploitation of the popular WinRAR archiver by nation state APTs and a dangerous new corporate data leak vector via Microsoft 365 Copilot. These technical failures, combined with a major, four year old health sector ransomware breach coming to a head, demand that organisations focus immediately on application supply chain integrity and robust AI governance policies.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 49

This week’s intelligence confirms a critical surge in maximum severity flaws and systemic exploitation across both developer pipelines and corporate identity infrastructure. We track a CVSS 10.0 RCE flaw in React/Next.js, the urgent patching required for a CVSS 9.8 WordPress takeover and a dangerous cross tenant bypass in Microsoft Teams. These technical failures, combined with the sophisticated use of identity theft by the Lazarus APT group, demand immediate action to secure privileged access and the application supply chain.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 48

This week’s intelligence confirms a surge in identity based exploitation and systemic operational risk. We track a maximum severity flaw in Grafana SCIM (CVSS 10.0) and the deployment of ShadowPad malware via unpatched update servers, underscoring the danger of flawed privileged access. Furthermore, the ClickFix social engineering attack that is leveraging a realistic, full screen Windows Update animation to trick users into running malware, and a major breach of London councils, reinforces that operational resilience and vendor security are paramount.