Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 3

This Weeks Headlines Microsoft Patches Three Actively Exploited Zero-Day Vulnerabilities in January Update Google OAuth Vulnerability Exposes User Accounts via Abandoned Domains Fortinet Warns of Zero-Day Exploit Targeting Exposed Firewall Interfaces Expired Domains Enable Control Over Thousands of Compromised Systems Phishing Scam Impersonates CrowdStrike to Deploy XMRig Cryptominer Stealthy Credit Card Skimmer Targets WordPress E-commerce Sites via Database Injection AI-Driven Ransomware Group FunkSec Targets Over 85 Victims Using Double Extortion Tactics Microsoft MFA Outage Blocks Access to Microsoft 365 Apps Hackers Exploit Critical Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners Codefinger Ransomware Group Exploits Compromised AWS Credentials in Extortion Attacks Microsoft Patches Three Actively Exploited Zero-Day Vulnerabilities in January Update Microsoft’s January 2025 security update addresses 161 vulnerabilities, including three zero-day flaws in Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335) that have been actively exploited.

SME Cybersecurity

Understanding Common Vulnerabilities in 2025

As we progress through 2025, businesses are confronting unprecedented digital challenges, leading to a complex and ever-evolving risk landscape for organisations of all sizes. Cyber threats alone have surged by an alarming 300% year-over-year. Small and medium-sized enterprises (SMEs) are particularly vulnerable, often lacking the resources or expertise to defend against sophisticated cyber threats. Understanding these vulnerabilities is the first step toward effective protection. In this blog, we’ll explore the most prevalent cybersecurity threats of 2025, their impact on SMEs, and actionable strategies to mitigate risks.

Cybersecurity Alert

Critical Vulnerability in Fortinet FortiOS and FortiProxy

The National Cyber Security Centre (NCSC) has issued an advisory regarding a critical vulnerability, CVE-2024-55591, impacting Fortinet’s FortiOS and FortiProxy products. This vulnerability is particularly severe, with a CVSS score of 9.6, signifying a critical risk to affected systems. Impact of the Vulnerability The vulnerability stems from an authentication bypass using an alternate path or channel (CWE-288). Exploiting this flaw allows a remote attacker to achieve super-admin privileges through carefully crafted requests directed to the Node.

News

Phishing Attacks in Europe: Who is Most at Risk?

Phishing has rapidly evolved into one of the most significant cyber threats across Europe. According to recent data, the volume of phishing attacks targeting organisations in Europe increased by 112.4% between April 2023 and April 2024, underscoring the growing sophistication and prevalence of phishing attempts that exploit vulnerabilities in both personal and corporate digital practices. Why Phishing Demands Your Attention In this blog, we’ll cover: The latest phishing statistics in Europe Why this issue is critical for businesses and individuals Practical, actionable tips to defend against phishing attacks Headlines Phishing Defence Trends: Short-Term Gains, Long-Term Challenges, and Emerging AI Threats Emerging AI Threats What Drives the Phishing Surge?

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 2

E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws Hackers Breach Argentina’s Airport Security Police Payroll System Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks Russian-Speaking Hackers Target Ethereum Developers with Malicious npm Packages Critical RCE Flaw in GFI KerioControl Exploited in Active Attacks SonicWall Urges Immediate Patching of Critical SonicOS Vulnerability Critical Vulnerabilities Identified in Ivanti Products E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws The European General Court has fined the European Commission €400 for violating the bloc’s data privacy regulations.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 1

Cyberhaven Chrome Extension Breach Part of Expanding Supply Chain Attack Cyberhaven, a data detection and response platform, suffered a compromise of its Chrome extension on December 24, 2024, after a phishing attack gave threat actors access to the company’s Chrome Web Store account. The attackers published a malicious version of the extension designed to steal Facebook access tokens and user information. Although Cyberhaven detected and removed the malicious extension within approximately 24 hours, this incident is part of a broader campaign that has compromised at least 29 Chrome extensions over the past 18 months, potentially affecting over 2.