Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 20

This week’s cybersecurity developments reveal a relentless pace of emerging threats, vendor responses, and policy-level shifts. Apple has issued its first-ever security patch for the C1 modem in iOS 18.5, addressing privacy vulnerabilities alongside a wider iOS update. Fortinet responded to an actively exploited zero-day vulnerability in FortiVoice systems, while ENISA launched the European Vulnerability Database to strengthen coordinated defence across the EU. Meanwhile, hundreds of online stores were compromised through long-dormant, backdoored Magento extensions in a renewed supply chain attack.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 19

Cyberattacks are escalating in scale and frequency, with recent incidents underscoring how vulnerable critical systems remain across retail, tech, and industrial sectors. In this roundup, we cover the breach affecting Co-op customers, Harrods becoming the third UK retailer hit in a widening attack wave, and a ransomware strike on German brewer Oettinger ransomware strike on German brewer Oettinger. Meanwhile, Microsoft’s Entra ID endures over 600 million daily attacks Microsoft’s Entra ID endures over 600 million daily attacks, and the company faced a record number of vulnerabilities in 2024.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 18

In this weeks news, a series of serious cybersecurity incidents have affected major organisations across retail, enterprise software, and national infrastructure. From attempted breaches at the Co-operative Group to a high-impact ransomware attack on Marks and Spencer. At the same time, critical vulnerabilities in widely used platforms like SAP NetWeaver, Commvault, and SonicWall have been actively exploited, placing pressure on businesses to respond rapidly and reinforce their defences. Co-op Shuts Down IT Systems to Contain Cyberattack Attempt The Co-operative Group has taken precautionary measures by shutting down parts of its IT infrastructure following an attempted cyberattack, making it the second major UK retailer affected by cyber threats in recent days, after Marks & Spencer.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 17

This week’s cybersecurity highlights include a supply chain attack compromising Ripple’s xrpl.js npm package, and a cyberattack on Marks and Spencer disrupting online orders and in-store payments. A critical Commvault vulnerability allows unauthenticated remote code execution, while deleted GitHub files continue to expose sensitive data. The UK ICO fined Advanced £3.07 million over a ransomware breach affecting health records. Microsoft patched Remote Desktop freezes in Windows 11 and Server 2025, and Google dropped Chrome’s standalone cookie prompt.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 16

Week 16 has been packed with critical cybersecurity developments, highlighting growing threats and major defensive efforts across the industry. A severe vulnerability in Apache Roller risks persistent unauthorised access, while SonicWall’s SMA100 suffers from an OS command injection flaw. Microsoft’s April Patch Tuesday addressed over 130 vulnerabilities, including a WinRAR bug that bypasses Windows security warnings and a critical Erlang/OTP SSH flaw allowing unauthenticated remote code execution. Meanwhile, a new variant of the BrickStorm malware is actively targeting Windows systems.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 15

This Weeks Headlines WhatsApp Vulnerability Allowed Remote Code Execution on Windows PCs Microsoft Patches 125 Flaws, Including Actively Exploited Windows CLFS Vulnerability Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Vulnerability CrushFTP File Transfer Vulnerability Exploited by Ransomware Group PoisonSeed Exploits CRM Credentials to Launch Cryptocurrency Seed Phrase Attacks Elevation of Privilege Vulnerability in Network Configuration Operators Group High Court Dismisses Judicial Review Over HSE Ransomware Data Breach WhatsApp Vulnerability Allowed Remote Code Execution on Windows PCs Meta has patched a critical vulnerability in WhatsApp for Windows, identified as CVE-2025-30401, which could have allowed attackers to execute arbitrary code on users’ devices.