Testing & Simulations

gurushyam.mony
September 14, 2022
No Comments

Cloud & Cyber Consultations

gurushyam.mony
September 14, 2022
No Comments

Breach & Attack Simulation

AI is a Security Analyst’s Copilot, Not a Replacement August 19, 2025
AI has fundamentally changed cybersecurity. Even the most primitive attackers are now capable of launching attacks at an unprecedented speed, frequency, and level of sophistication. As a result, defenders are under more pressure than ever. Often, when we talk about AI, we talk about its potential to put people out of work. This is perhaps […]
Josh Breaker Rolfe
Workday Confirms Data Breach After Social-Engineering Attack on Third‑Party CRM August 19, 2025
Workday, a cloud-based platform used for human capital managment and financial management, has disclosed a data breach after attackers gained access to a third-party CRM platform in a recent social engineering attack. The company said bad actors contacted employees by text or phone, pretending to be from HR or IT. Their goal was to fool […]
Kirsten Doyle
SAP NetWeaver: CVE-2025-31324 Now Exploitable at Scale August 19, 2025
In April 2025, SAP patched a critical vulnerability in NetWeaver AS Java Visual Composer. The flaw, tracked as CVE-2025-31324, allows unauthenticated remote code execution through the Visual Composer “metadata uploader” endpoint. Within weeks, proof-of-concept code appeared in public forums. Now, the exploit is no longer theoretical. Full tooling has been released. Source code is out […]
Kirsten Doyle
UK Businesses Hit by Wave of Breaches Caused by Insecure Code August 19, 2025
A new survey has revealed the extent to which poor coding practices are leaving UK businesses exposed. Two-thirds of senior technology leaders admitted their organisations suffered at least one breach or serious security incident in the past year. The common cause: insecure code. SecureFlag’s research found that of the 100 executives surveyed, nearly half reported […]
Kirsten Doyle
Massive PayPal Credential Dump Surfaces on Dark Web Forums August 19, 2025
A threat actor is selling secrets. Big ones. Operating under the alias Chucky_BF, the attacker has surfaced on underground forums with a staggering claim: over 15.8 million PayPal credentials for sale. The haul includes email addresses, plaintext passwords, and direct URLs to PayPal services. It’s being marketed as the “Global PayPal Credential Dump 2025.” Hackread […]
Kirsten Doyle
KawaLocker Ransomware Emerges in New Attack August 18, 2025
Huntress analysts have tracked a fresh ransomware incident involving KawaLocker, also known as KAWA4096. The variant is new, but the method is familiar. Attackers gained access, disabled defenses, and moved to encrypt files. Ransomware families surface often. A year ago, Huntress reported on ReadText34. Just last month, a never-before-seen strain called Crux appeared. KawaLocker joins […]
Kirsten Doyle
Managing Third-Party Security Risks in Education August 15, 2025
In December 2024, PowerSchool — one of North America’s most widely used student information systems — disclosed a breach that affected millions of students and educators. Hackers gained access using a compromised password and remained undetected for nine days, exposing sensitive personal information, including Social Security numbers and medical histories. This wasn’t just a system […]
Zac Amos
Canadian Parliament Hit by Cyberattack, Investigation Underway August 15, 2025
The House of Commons and Canada’s cybersecurity agency are investigating a significant breach of parliamentary employee data, CBC News reports. An internal email to CBC staff on Monday 11 August said a malicious actor exploited a recent Microsoft vulnerability to gain unauthorized access to a database used to manage computers and mobile devices. The data […]
Kirsten Doyle
Credential Theft and Data Exfiltration Lead Modern Ransomware Threats August 15, 2025
Ransomware and infostealer threats are evolving faster than most organizations can keep pace. Security teams have invested heavily in backup and recovery systems, yet today’s most damaging attacks often bypass encryption altogether. Picus Security’s Blue Report 2025 uncovered a shift: threat actors are targeting credential theft, data exfiltration, and lateral movement, founded on stealth and […]
Kirsten Doyle
Why upskilling must be a strategic priority for UK tech organisations August 14, 2025
The UK tech sector stands at a crossroads. On one hand, we are seeing ambitious investments in emerging technologies, particularly AI, cloud computing, and cybersecurity. On the other hand, a significant disconnect grows between the pace of innovation and the digital capabilities of the current workforce. According to a 2024 study by the University of […]
Alexia Pedersen

Service Categories: Testing & Simulations

Cloud & Cyber Consultations

Breach & Attack Simulation

[email protected]