Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Pentesting

Vulnerability Watchlist: Week Ending 28 June 2026

Every week we track what lands in the CISA Known Exploited Vulnerabilities (KEV) catalogue, the list of flaws that attackers are actively using in the wild. These aren’t theoretical risks sitting in a researcher’s notebook. They’re confirmed in-use, which is exactly why they deserve a place at the top of your patching queue. The week ending 28 June 2026 added six new entries, right in line with the recent 13-week average of about 5.

Pentesting

Vulnerability Watchlist: Week Ending 21 June 2026

Every week we track what lands in the CISA Known Exploited Vulnerabilities (KEV) catalogue, the list of flaws that attackers are actively using in the wild. These aren’t theoretical risks sitting in a researcher’s notebook. They’re confirmed in-use, which is exactly why they deserve a place at the top of your patching queue. The week ending 21 June 2026 added four new entries. That’s a little below the recent 13-week average of around 5.

Pentesting

Vulnerability Watchlist: Week Ending 14 June 2026

Every week we track what lands in the CISA Known Exploited Vulnerabilities (KEV) catalogue, the list of flaws that attackers are actively using in the wild. These aren’t theoretical risks sitting in a researcher’s notebook. They’re confirmed in-use, which is exactly why they deserve a place at the top of your patching queue. The week ending 14 June 2026 added seven new entries. That’s a touch above the recent 13-week average of around six per week, so the volume itself is fairly ordinary.

Pentesting

Vulnerability Watchlist: Week Ending 7 June 2026

The CISA Known Exploited Vulnerabilities (KEV) catalogue, is a list of flaws that attackers are actively using in the wild. These aren’t theoretical, they’re confirmed in-use, which is why they deserve a place at the top of your patching queue. The week ending 7 June 2026 added five new entries. That’s roughly in line with the recent 13-week average of around six per week, so nothing unusual in the volume. The severity mix, however, is worth a closer look as there is one Critical and four High, with every single one rated as actionable.

GRC

Increase Your Credit Unions Cybersecurity Posture With Secora Consulting

Irish Credit Unions are under growing pressure to demonstrate that their IT systems, data and member assets are properly protected. The Central Bank of Ireland’s Thematic Review on IT risk made that expectation formal and urgent. The regulator’s message was unambiguous: responsibility for IT risk, security and resilience no longer sits with your IT provider. It sits with your board. And when the Central Bank comes knocking, it will want evidence, not reassurances.

Penetration Testing

From Redirect to Hijack: Chaining OIDC Misconfigurations for Token Theft

This post, written by Brian, Security Consultant at Secora Consulting, describes how a weakness in an OAuth/OpenID Connect login flow let him turn a redirect issue into session hijacking, based on his own firsthand experiences. During a web application penetration test , I found what initially looked like a standalone redirect validation issue in an OAuth/OpenID Connect (OIDC) login flow. Digging further into the authorisation flow revealed that this validation weakness was only the starting point of a larger problem.