Insights

As cyber threats become more sophisticated and relentless, organisations can no longer rely on reactive defences alone.  

We hear a lot about external threats but in reality, one of the biggest risks to your organisation might already be on the inside. Insider threatswhether malicious, negligent, or compromisedpose a significant threat to organisations. And with privileged accounts often at the centre of these threats, Privileged Access Management (PAM) has become an essential part of any modern cyber defence strategy. 

CyberFire MDR, Integrity360’s advanced Managed Detection and Response service, is purpose-built to address the real and persistent challenges facing modern businesses. Powered by our proprietary CyberFire platform and backed by 24/7 global SOC coverage, it delivers low-noise, high-accuracy protection where it matters most.

A critical vulnerability in Erlang's Open Telecom Platform (OTP) SSH implementation has recently been published. OTP is a collection of middleware, libraries and tools written in the Erlang programming language and is used by a large number of global companies for communications. According to https://erlang-companies.org, companies that may be affected include Ericsson, T-Mobile, BT and Bet365 (that reportedly use it in it's live betting infrastructure) and major products that may be affected include WhatsApp, Klarna and Discord. 

 

The vulnerability has the highest severity possible with a CVSS score of 10 out of 10. This is likely because it may allow an attacker to perform unauthenticated remote code execution on a target server. The attack complexity has been described at low, meaning exploitation is likely trivial. Any network facing server with the Erlang OTP implementation of SSH enabled that isn't version OTP-27.3.3, OTP-26.2.5.11 or OTP-25.3.2.20 should be considered vulnerable. The current recommendation is to either update to these versions, or disabling the SSH server or access to it temporarily until it's patched. 

 

If you are currently or have been vulnerable to this exploitation, please feel free to reach out to Integrity360 for more advice. We are monitoring the situation and will provide more updates as they arise.

Foundational security organisation MITRE announced on the 15th April that the funding it received to maintain the CVE and CWE program would not be renewed. This was important, because MITRE, along with NIST and the CISA, are a huge contributor to the CVE program.
 
The announcement came abruptly, with the funding organisation DHS declining to comment on the reason at this time, however they provided the following statement:
 
"Although CISA's contract with the MITRE Corporation will lapse after April 16th, we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely."
 
This meant that after 16th April 2025, the CVE database, which is critical for tracking and understanding vulnerabilities, might experience disruption. This meant that vulnerabilities discovered after this time would not likely be tracked and published until a resolution is found (this is not thought to affect CVE records dating before the 16th).
 
All cybersecurity tools and processes rely on the CVE database to track and respond to newly discovered vulnerabilities across the environment. A disruption in this service, even temporary, would have affected the visibility of emerging threats and delayed the publication of official CVE records. This, in turn, could have impacted the accuracy of vulnerability scans, the speed of detection, and the prioritisation of response actions.
 
Integrity360 learned that on the morning (EST) of the 16th, the U.S. Government had (at the last minute) extended it's funding for the program, buying more time for a more long-term approach to be agreed.
 
Integrity360 is monitoring the situation and will provide more updates as they arise.
 
Below is the original MITRE letter that was circulated on the 15th April, explaining the halting of the service.

This advisory highlights a critical zero-day vulnerability in Fortinet's FortiOS and FortiProxy products that is being actively exploited in the wild. The flaw allows unauthenticated remote code execution via the SSL VPN interface, potentially giving attackers full control over affected devices. With multiple versions impacted across FortiOS and FortiProxy, and threat actors reportedly selling related exploits on dark web forums, the risk of widespread exploitation is high. Fortinet strongly urges immediate patching and additional mitigation steps, making this advisory crucial for organisations relying on Fortinet products to secure their networks. 

Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes.

Looking for an MDR solution that delivers fast, accurate threat detection with minimal noise and maximum support? Here’s everything you need to know about why CyberFire MDR stands out from the crowd.

Privileged Access Management (PAM) is a critical layer of defence in today’s cyber security landscape. With attackers increasingly targeting privileged accounts to access sensitive data and systems, having the right PAM strategy in place is essential. In this blog, we answer the most common questions about PAM, explaining why it matters, what it involves, and how Integrity360’s tailored services can help organisations of all sizes manage privileged access effectively. Whether you’re looking to improve compliance, reduce risk, or streamline secure access, this guide covers everything you need to know about PAM. 

A critical vulnerability, CVE-2025-22457, has been identified in Ivanti Connect Secure (ICS), Pulse Connect Secure (PCS), Ivanti Policy Secure, and ZTA Gateways. This stack-based buffer overflow allows remote, unauthenticated attackers to execute arbitrary code on affected devices. The flaw is currently being actively exploited by a suspected Chinese advanced persistent threat (APT) group, UNC5221, to deploy custom malware families, TRAILBLAZE and BRUSHFIRE, facilitating persistent access and deep network intrusion.

Deepfake technology is rapidly evolving, making it easier for cybercriminals to manipulate digital content and deceive individuals and organisations. One of the most concerning threats that has emerged from this technology is deepfake social engineering – a sophisticated cyber attack method that leverages artificial intelligence (AI) to create realistic fake audio, video, or images to manipulate and defraud targets.

CyberFire MDR is now available across Integrity360’s European markets, bringing advanced threat detection, full incident response, and predictable pricing to organisations of all sizes.