Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 37

The past week has seen a significant number of cybersecurity incidents, underscoring the persistent and evolving nature of global threats. The headlines highlight a diverse range of attacks and vulnerabilities, from the discovery of new and sophisticated malware families like CHILLYHELL and ZynorRAT, to critical supply chain compromises affecting major software ecosystems. A phishing campaign on npm led to the hijacking of 18 critical JavaScript packages, while a separate GitHub account compromise resulted in a supply chain attack on 22 companies through a Salesloft-Drift integration.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 36

Welcome to our weekly cybersecurity roundup, where we dissect the most critical threats and vulnerabilities that emerged in Week 36. This week’s headlines are dominated by the far reaching consequences of the Salesloft Drift Breach, the alarming weaponisation of HexStrike AI to Exploit Citrix Flaws, and a critical update to the CISA’s Known Exploited Vulnerabilities (KEV) Catalog. We’ll also dive into the defence against a Record Breaking DDoS Attack mitigated by Cloudflare, analyse the impact of a significant Ransomware Attack on Miljödata and review the urgent patch for a critical vulnerability in Passwordstate that affects over 370,000 IT professionals.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 35

Welcome to this week’s cybersecurity roundup, we’ve compiled a critical overview of recent cybersecurity events, spotlighting vulnerabilities and emerging threats that demand attention. This digest covers Anthropic’s disruption of an AI powered cyberattack ring, a crucial Docker patch for a container escape flaw, a significant supply chain attack hijacking Nx Dev Tools, the unsettling Grok AI chatbot leak exposing private conversations, the concerning rise of “legal botnets” through services like DSLRoot, and persistent firmware flaws in Dell ControlVault3.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 34

Welcome to this week’s cybersecurity roundup, where we dive into the most pressing threats and vulnerabilities shaping the digital landscape. From a Critical Zero Day in Plesk Obsidian Allowing Admin Access to Attackers Hijacking Google’s Gemini AI via Malicious Google Calendar Invites, and the emergence of the Warlock Ransomware with Double Extortion Strategy, it’s been a busy period for security professionals. We’ll also examine how a Dutch Cyberattack Left Speed Cameras Inoperable and discuss why Weak Passwords and Compromised Accounts Remain Top Security Risks, according to the latest Blue Report.

Compliance

A 3 Step Resilience Plan Irish Credit Unions Need After the Central Banks IT Risk Review

The Central Bank of Ireland’s thematic review on IT risk was a direct and unambiguous call to action for the entire Irish Credit Union sector. With a hard 18-month deadline, the regulator has made it clear: the ultimate responsibility for IT risk, security, and resilience now rests squarely on the shoulders of the board. For many board members, who are committed volunteers from the local community, this presents a significant challenge.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 33

Week 33 of 2025 brought a series of high impact cybersecurity incidents and critical vulnerability disclosures, underscoring the ongoing pressure on organisations to maintain robust defences. Major vendors, including Zoom, Xerox and Microsoft, released urgent security updates addressing severe flaws, while Fortinet warned of a global brute force campaign targeting its SSL VPNs. On the threat actor front, ShinyHunters claimed responsibility for a significant breach of Salesforce CRM data at Google and Dutch authorities confirmed a cyberattack compromising the records of nearly half a million cancer patients.