Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 33

Week 33 of 2025 brought a series of high impact cybersecurity incidents and critical vulnerability disclosures, underscoring the ongoing pressure on organisations to maintain robust defences. Major vendors, including Zoom, Xerox and Microsoft, released urgent security updates addressing severe flaws, while Fortinet warned of a global brute force campaign targeting its SSL VPNs. On the threat actor front, ShinyHunters claimed responsibility for a significant breach of Salesforce CRM data at Google and Dutch authorities confirmed a cyberattack compromising the records of nearly half a million cancer patients.

GRC

ISO 27001 - 7 reasons why organisations are certifying to the standard

ISO 27001 (ISO/IEC 27001:2022) is an internationally recognised and widely adopted standard which outlines best practices and requirements for an organisation’s Information Security Management System (ISMS). The ISMS is designed to preserve the confidentiality, integrity and availability of information by applying a risk management process with the aim of assisting organisations in keeping their information secure. In other words, the standard assists in helping organisations protect their sensitive information including customer information, financial data and intellectual property from unauthorised access.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 32

Week 32 of 2025 brought a wave of high impact security disclosures and emerging threats across enterprise, cloud and endpoint environments. From Google unmasking a vishing campaign targeting Salesforce users to SonicWall probing reports of a potential SSL VPN zero-day, the week underscored how trusted technologies are increasingly being exploited. Vulnerabilities in widely used platforms, including Trend Micro Apex One, Dell firmware, Microsoft Exchange and the Cursor AI editor, raised serious concerns about patching speed and persistent access risks.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 31

Week 31 of 2025 saw a series of significant cybersecurity events, highlighting the ongoing challenges facing digital infrastructure and security operations. Apple and Google both responded to active threats. Apple patched a critical WebKit zero day also affecting Chrome, while Google launched the open beta of DBSC to bolster browser security. Law enforcement scored a significant victory as arrests related to the notorious Scattered Spider group disrupted operations, though copycat actors remain a lingering threat.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 30

Week 30 of 2025 saw a surge in cybersecurity developments spanning policy, infrastructure vulnerabilities, advanced threat campaigns and law enforcement action. The UK took a firm stance on ransomware by introducing a public sector payment ban and mandatory reporting requirements, aiming to break the financial incentives behind these attacks. Meanwhile, a critical zero-day vulnerability in Microsoft SharePoint is being actively exploited, prompting urgent patching and mitigation efforts. Google unveiled its OSS Rebuild initiative to strengthen open-source software integrity and prevent supply chain tampering.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 29

This week in cybersecurity, several critical threats were identified across various sectors, involving unauthenticated access, supply chain vulnerabilities, and sophisticated malware deployment. A severe SQL injection flaw in FortiWeb has been identified, enabling full remote code execution, while critical VMXNET3 vulnerabilities in VMware products may allow guest-to-host code execution. Meanwhile, FortiGuard Labs has uncovered the integration of Lcryx ransomware into the H2miner cryptomining botnet, signaling a dangerous evolution in hybrid cyberattacks.