Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Penetration Testing

From Redirect to Hijack: Chaining OIDC Misconfigurations for Token Theft

This post, written by Brian, Security Consultant at Secora Consulting, describes how a weakness in an OAuth/OpenID Connect login flow let him turn a redirect issue into session hijacking, based on his own firsthand experiences. During a web application penetration test , I found what initially looked like a standalone redirect validation issue in an OAuth/OpenID Connect (OIDC) login flow. Digging further into the authorisation flow revealed that this validation weakness was only the starting point of a larger problem.

Harsh Banshpal

Telnet Security Risks: Why It is Still Dangerous and What to Use Instead

From a penetration tester’s point of view, Telnet is one of those findings that immediately stands out. Not because it is complex or interesting, but because it is simple and risky. If Telnet is exposed in an environment, it often becomes one of the easiest ways for an attacker to gain access. Many organisations still rely on Telnet in legacy systems, network devices and internal tools. That alone is risky. Recent vulnerabilities have made the situation much worse.

Penetration Test

Why CVSS Scores Fall Short: How to Measure the Real Business Impact of Vulnerabilities

Organisations commonly rely on CVSS (Common Vulnerability Scoring System) scores of a vulnerability to understand their security posture. While this approach helps identify technical weaknesses, it often fails to answer a more important question: What is the actual risk to the business if a vulnerability is exploited? CVSS provides a measure of technical severity, but it does not account for exploitability in a real environment, the value of the affected asset or the operational impact of exploitation.

Cybersecurity News

The February 2026 Strategic Briefing: The Trust Hijack

February has proven that the greatest threat to your organisation isn’t a vulnerability in your firewall, it’s the weaponisation of the trust you place in your internal tools and staff. From AI coding assistants to accidental law enforcement data leaks, the defining trend is clear. Identity and access are the new zero day. If you’re a cybersecurity leader in an SME, February likely felt like a pivot point. The landscape has shifted from passive compliance to active operational risk.

News

Cyber Security Grants for Irish SMEs: A Guide to the EI Review Grant

As cyberattacks grow more frequent and sophisticated, malicious actors target organisations across the spectrum, from fledgling startups to established SMEs and large corporations. Recognising the pressing need for organisations to protect sensitive information and mitigate the risk of cyber-attacks, Enterprise Ireland is providing a Cyber Security Review Grant. This offers Irish organisations a practical and cost effective solution to enhance their resilience against cyber threats and ensure regulatory compliance. If you’re an Irish organisation and Enterprise Ireland client, you have access to substantial support to evaluate your current cybersecurity posture and identify potential vulnerabilities.

Cybersecurity News

The Invisible Perimeter: Identity, AI, and Supply Chain Risk

January was defined by the exploitation of authenticated access, a trend where attackers no longer try to break into the house, but instead trick users and AI agents into opening the door. From the subversion of identity platforms like LinkedIn to the exploitation of “unpatched” legacy systems in the heart of Europe’s critical infrastructure, the message is clear that the perimeter is now invisible and trust is the new zero day.