On January 14, 2025 Fortinet confirmed a critical zero-day vulnerability, CVE-2024-55591, in Fortinet’s FortiOS and FortiProxy systems that has been actively exploited in the wild. This authentication bypass vulnerability allows attackers to gain super-admin privileges via crafted requests to the Node.js WebSocket module, enabling unauthorized access to firewalls, rogue administrative account creation, and configuration changes.

Cybercrime affects over 5 million individuals in the UK every year, with a majority living in London. This densely populated area is unsurprisingly a hotspot for cybercriminal activity. It’s one of the world’s leading financial and technological hubs, with thousands of Londoners experiencing cybercrimes such as scams, hacked accounts, and intimate image abuse annually.

Learn how one of Europe's largest healthcare tech leaders transformed their Secrets Security with GitGuardian, cutting incidents by half without compromising developer productivity.

Protecting sensitive information is critical in healthcare. Personally Identifiable Information (PII) and Protected Health Information (PHI) form the foundation of healthcare operations. However, these data types come with significant privacy risks. Advanced de-identification techniques provide a reliable way to secure this data while complying with regulations like HIPAA.

Cyber security threats are increasingly complex, and while external attacks like phishing and malware often take centre stage, insider threats are emerging as a significant concern. Insider threats are risks originating from within an organisation, which pose unique challenges. They exploit an insider’s knowledge of systems, processes, and vulnerabilities, making detection and prevention particularly challenging.

AWS and other cloud infrastructure exposed to after attacks uncovered in the wild Cloud networking solutions provider Aviatrix has published a new vulnerability (CVE-2024-50603) in its controller. This vulnerability allows unauthenticated actors to run arbitrary commands. This Remote Code Execution (RCE) vulnerability, rated CVSS 10 (critical), has been exploited in the wild. A patch is already available on GitHub. Alternatively, users can update to the secure versions 7.1.4191 or 7.2.4996.

Ever wondered how to keep your business safe from the ever-growing wave of cyber threats? Let’s understand what Endpoint Detection and Response (EDR) is and how it can be a trusted ally in protecting your business online.

On January 15th, the FSOCIETY ransomware group published on their official DLS (data leak site) that they have begun a partnership with the rising Funksec group. The FunkSec ransomware group first emerged publicly in late 2024 and rapidly gained prominence by publishing over 85 claimed victims—more than any other ransomware group in the month of December.

In an era where password breaches have become all too common, Multi-Factor Authentication (MFA) has emerged as a critical layer of security. MFA provides an authentication method that requires users to present multiple forms of identification before gaining access to systems, which is considered a more robust defence against cyber attacks. However, as cyber criminals evolve tactics, MFA is no longer impervious to threats, particularly phishing attacks that exploit vulnerabilities.