Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity Alert

Critical Vulnerability in Fortra GoAnywhere MFT

A new and critical vulnerability has been identified in Fortra's GoAnywhere Managed File Transfer (MFT) solution. This flaw, tracked as CVE 2025 10035, poses a significant threat to organisations using the software, with a maximum CVSS score of 10.0. This blog post breaks down the vulnerability, explains its potential impact and provides the crucial steps you need to take to secure your systems immediately. Understanding the GoAnywhere Managed File Transfer Vulnerability At its core, CVE 2025 10035 is a deserialisation vulnerability located in the License Servlet of GoAnywhere MFT.

Webinar

The 18 Month Mandate for Digital Operational Resilience in Credit Unions

As the digital risk landscape shifts, so too must the operational strategy for Credit Unions in Ireland. The Central Bank's recent IT risk review isn’t just a recommendation, it’s a firm mandate with an 18-month deadline that directly impacts your Credit Union’s leadership. This critical assessment is the first step on your essential journey toward full Digital Operational Resilience Act (DORA) compliance. For many leaders, navigating these advanced IT risk and security requirements can create a significant “governance gap.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 38

This week’s roundup highlights a range of critical developments, from landmark government action on AI regulation to a series of sophisticated cyberattacks targeting major companies and widely used software. We’ll delve into the new enforcement bodies for the EU’s AI Act, the fallout from a disruptive cyberattack on Jaguar Land Rover, and the spread of a dangerous self-replicating worm. Additionally, we’ll cover takedowns of criminal services and the patching of multiple zero-day vulnerabilities in browsers and mobile operating systems, underscoring the constant battle between developers and attackers.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 37

The past week has seen a significant number of cybersecurity incidents, underscoring the persistent and evolving nature of global threats. The headlines highlight a diverse range of attacks and vulnerabilities, from the discovery of new and sophisticated malware families like CHILLYHELL and ZynorRAT, to critical supply chain compromises affecting major software ecosystems. A phishing campaign on npm led to the hijacking of 18 critical JavaScript packages, while a separate GitHub account compromise resulted in a supply chain attack on 22 companies through a Salesloft-Drift integration.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 36

Welcome to our weekly cybersecurity roundup, where we dissect the most critical threats and vulnerabilities that emerged in Week 36. This week’s headlines are dominated by the far reaching consequences of the Salesloft Drift Breach, the alarming weaponisation of HexStrike AI to Exploit Citrix Flaws, and a critical update to the CISA’s Known Exploited Vulnerabilities (KEV) Catalog. We’ll also dive into the defence against a Record Breaking DDoS Attack mitigated by Cloudflare, analyse the impact of a significant Ransomware Attack on Miljödata and review the urgent patch for a critical vulnerability in Passwordstate that affects over 370,000 IT professionals.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 35

Welcome to this week’s cybersecurity roundup, we’ve compiled a critical overview of recent cybersecurity events, spotlighting vulnerabilities and emerging threats that demand attention. This digest covers Anthropic’s disruption of an AI powered cyberattack ring, a crucial Docker patch for a container escape flaw, a significant supply chain attack hijacking Nx Dev Tools, the unsettling Grok AI chatbot leak exposing private conversations, the concerning rise of “legal botnets” through services like DSLRoot, and persistent firmware flaws in Dell ControlVault3.