Insights

Operational Technology (OT) environments are vital to industries like manufacturing, energy, utilities, and transportation, to name but a few. Indeed most organisations have some degree of OT infrastructure in place. But as these systems become increasingly interconnected with IT networks, they’ve also become a growing target for cybercriminals. A single breach can bring production lines to a standstill, impact economies, compromise safety, and inflict long-lasting reputational and financial damage. 

advisory ID: ADV-2025-ALL-05
date issued: 14 May 2025
severity: Critical (CVE-2025-29966), High (CVE-2025-30397)
CVSs scores:

A ransomware attack is a nightmare scenario for any organisation. It’s disruptive, costly, and often deeply damaging to your reputation. How you respond in the first 24 hours can make all the difference between containment and catastrophe. In those critical moments, fast and informed action is essential. Not just to mitigate harm, but to enable recovery and identify root causes.

CVSS Base Score: 9.8 CRITICAL 

It doesn't matter how large your organisation is, you are at risk and sooner or later cyber criminals will try to attack you. It’s not a matter of whether your organisation will face a security incident but when. That's why a robust incident response plan is crucial. So what elements should your incident response plan include to be truly effective?

With the increasing sophistication of cyber threats, businesses need more than just security tools—they need expert-driven, proactive defence. Managed Detection and Response (MDR) services provide this, but not all MDR solutions are created equal. Choosing the right provider can mean the difference between efficient threat detection and response or drowning in alert noise and ineffective security measures. 

Here we are again—another World Password Day, and still the most commonly used password is 123456. It’s 2025, and that sequence remains the digital equivalent of leaving your front door wide open with a neon “come on in” sign above it.

As cyber threats become more sophisticated and relentless, organisations can no longer rely on reactive defences alone.  

We hear a lot about external threats but in reality, one of the biggest risks to your organisation might already be on the inside. Insider threatswhether malicious, negligent, or compromisedpose a significant threat to organisations. And with privileged accounts often at the centre of these threats, Privileged Access Management (PAM) has become an essential part of any modern cyber defence strategy. 

CyberFire MDR, Integrity360’s advanced Managed Detection and Response service, is purpose-built to address the real and persistent challenges facing modern businesses. Powered by our proprietary CyberFire platform and backed by 24/7 global SOC coverage, it delivers low-noise, high-accuracy protection where it matters most.

A critical vulnerability in Erlang's Open Telecom Platform (OTP) SSH implementation has recently been published. OTP is a collection of middleware, libraries and tools written in the Erlang programming language and is used by a large number of global companies for communications. According to https://erlang-companies.org, companies that may be affected include Ericsson, T-Mobile, BT and Bet365 (that reportedly use it in it's live betting infrastructure) and major products that may be affected include WhatsApp, Klarna and Discord. 

 

The vulnerability has the highest severity possible with a CVSS score of 10 out of 10. This is likely because it may allow an attacker to perform unauthenticated remote code execution on a target server. The attack complexity has been described at low, meaning exploitation is likely trivial. Any network facing server with the Erlang OTP implementation of SSH enabled that isn't version OTP-27.3.3, OTP-26.2.5.11 or OTP-25.3.2.20 should be considered vulnerable. The current recommendation is to either update to these versions, or disabling the SSH server or access to it temporarily until it's patched. 

 

If you are currently or have been vulnerable to this exploitation, please feel free to reach out to Integrity360 for more advice. We are monitoring the situation and will provide more updates as they arise.

Foundational security organisation MITRE announced on the 15th April that the funding it received to maintain the CVE and CWE program would not be renewed. This was important, because MITRE, along with NIST and the CISA, are a huge contributor to the CVE program.
 
The announcement came abruptly, with the funding organisation DHS declining to comment on the reason at this time, however they provided the following statement:
 
"Although CISA's contract with the MITRE Corporation will lapse after April 16th, we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely."
 
This meant that after 16th April 2025, the CVE database, which is critical for tracking and understanding vulnerabilities, might experience disruption. This meant that vulnerabilities discovered after this time would not likely be tracked and published until a resolution is found (this is not thought to affect CVE records dating before the 16th).
 
All cybersecurity tools and processes rely on the CVE database to track and respond to newly discovered vulnerabilities across the environment. A disruption in this service, even temporary, would have affected the visibility of emerging threats and delayed the publication of official CVE records. This, in turn, could have impacted the accuracy of vulnerability scans, the speed of detection, and the prioritisation of response actions.
 
Integrity360 learned that on the morning (EST) of the 16th, the U.S. Government had (at the last minute) extended it's funding for the program, buying more time for a more long-term approach to be agreed.
 
Integrity360 is monitoring the situation and will provide more updates as they arise.
 
Below is the original MITRE letter that was circulated on the 15th April, explaining the halting of the service.