Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 43

This week in cybersecurity reveals the dual reality of the digital world, escalating state sponsored threats and the persistent danger of systemic failure. Our top stories detail the aggressive expansion of Espionage and Targeted APTs, with the notorious Lazarus Group focusing its sights on the sensitive UAV and drone sector. We cover major law enforcement success in Counter Cybercrime and Fraud Takedowns as Europol dismantles a massive network enabling 49 million fake accounts and the “Jingle Thief” fraud ring targets Microsoft 365.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 42

This week’s cybersecurity news is headlined by a stark warning from the UK government as cyber threats are escalating rapidly, forcing organisations to prioritise resilience now. Our top stories reveal a significant Macro Threat Shift, with the NCSC reporting a massive 50% surge in highly significant attacks. We detail critical Urgent Patching alerts, including fixes for two Windows zero day vulnerabilities and the emergence of the Rust based ChaosBot malware abusing Discord for C2.

SME Cybersecurity

Cybersecurity Myths for SMEs: 6 Risks Small Businesses Can’t Ignore

Every October, the world observes Cybersecurity Awareness Month, a timely annual reminder that digital protection isn’t just for tech giants. This year, we’re cutting through the noise to focus squarely on the challenges faced by Small and Medium Enterprises (SMEs). Cybercriminals know that the gap between what small businesses believe about security and the harsh reality of today’s threats makes them prime, low effort targets. According to Hiscox’s 2024 Cyber Readiness Report, 74% of organisations globally report an increase in cyber attacks.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 41

Our top stories this week reveal a significant cybercrime power shift, with three major groups forming a ransomware cartel to professionalise and escalate their operations. We detail the immediate need to patch two maximum severity flaws: the active exploitation of the GoAnywhere MFT zero day and the discovery of a 13 year old RCE bug in Redis. The human element remains a critical target, as we examine the high impact Salesforce Vishing Attack and the compromise of a Discord vendor, highlighting the escalating risk of third party and supply chain failures.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 40

This week’s cybersecurity news is dominated by a trifecta of escalating threats: MFA failures, AI accelerated social engineering and the massive political costs of corporate breaches. Our top stories reveal a significant Global Threat Shift, confirming that while Ransomware Dominates Impact, the methods are evolving with AI Accelerating Phishing. We detail how the Akira Ransomware group is achieving MFA bypass on critical VPNs with “hours-long” attacks, forcing immediate patching. Meanwhile, the human element remains the primary weakness, with Mandiant exposing the UNC6040/ShinyHunters Salesforce Vishing Scheme, urging organisations to adopt phishing-resistant authentication methods.

Cybersecurity News

5 Convergent Cyber Threats EU Organisations Must Tackle

Imagine a shadowy forum where different malicious groups, from cybercriminals to state aligned spies and political hacktivists, are all sharing their best tools and tactics. That’s the chilling reality unveiled in the ENISA Threat Landscape 2025 (ETL 2025) report. It’s not just about more incidents, it’s about a convergence. Threat actors with different motivations are now using the same playbook, exploiting the same weak doors at an unprecedented industrial scale.