Insights

CyberFire MDR is now available across Integrity360’s European markets, bringing advanced threat detection, full incident response, and predictable pricing to organisations of all sizes. 

Next.js is a popular development library for web developers. In the authentication section of the library in affected versions, there is a vulnerability which would allow an attacker to bypass authentication, potentially gaining access to sensitive data or maninpulating targeted accounts. 

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-23120, has been discovered in Veeam Backup & Replication (VBR). This flaw allows authenticated domain users to execute arbitrary code on the affected system. The vulnerability has been assigned a CVSS v3.1 score of 9.9, indicating its critical severity. 

Important Update on PCI DSS SAQ A Eligibility Criteria

The PCI Security Standards Council (PCI SSC) has published a new Frequently Asked Question (FAQ 1588) to help businesses better understand the updated eligibility criteria for Self-Assessment Questionnaire (SAQ) A under PCI DSS v4.0.1. These new requirements will take effect on April 1, 2025 and are especially important for e-commerce merchants using embedded payment pages (like iframes).

Overview: 

MITRE Caldera is an open-source cyber security platform designed for automating adversary emulation, red teaming, and threat hunting. It allows security teams to simulate real-world cyber threats, test defences, and improve incident response. 

The Payment Card Industry Security Standards Council (PCI SSC) has announced significant updates to Self-Assessment Questionnaire A (SAQ A), particularly affecting e-commerce merchants. These changes, taking effect on 31 March 2025, remove certain requirements and introduce new eligibility criteria that require merchants to strengthen website security and protect against malicious script attacks.

CVE-2025-21298 is a critical vulnerability present in the windows OLE that enables a remote code execution with a CVSS severity of 9.8. Object Linking and Embedding (OLE) is a proprietary technology developed by Microsoft that allows embedding and linking to documents and objects.

UPDATED ON 12/02/2025: 

London/Dublin/Cape Town/Johannesburg – 8 January 2025 – Continuing its global expansion plan, Integrity360 has acquired Nclose, a well-established and highly regarded cyber security services company operating out of both Cape Town and Johannesburg in South Africa. The terms of the transaction were not disclosed. The acquisition comes on the back of the previously announced acquisition of Cape Town headquartered Grove Group in August 2024.

Organisations often seek a Security Operations Center (SOC) for comprehensive cyber security monitoring and incident response. However, for Darktrace customers, Managed dSOC offers a uniquely valuable alternative that can address critical security needs without replicating the full scope of a traditional SOC.  

As the complexity of digital environments grows, businesses face increasing challenges in maintaining visibility and managing risk across their attack surface. Integrity360's Managed ASM (Attack Service management) service is designed to tackle these challenges head-on. Below, we answer some of the most frequently asked questions about this innovative service.

Leading PCI and Cyber Security Services Company Adsigo acquired by Integrity360 to expand European footprint 

London/Dublin/Stuttgart/Zurich – 4^th December 2024 – As part of its Pan European expansion plan Integrity360 has acquired leading European PCI QSA (Payment Card Industry Qualified Security Assessor) and cyber security services company Adsigo. The terms of the transaction were not disclosed. The acquisition will enable Integrity360 to expand further into continental Europe and provides additional skilled resources to its existing substantial PCI and cyber security compliance teams.