Insights

Next.js is a popular development library for web developers. In the authentication section of the library in affected versions, there is a vulnerability which would allow an attacker to bypass authentication, potentially gaining access to sensitive data or maninpulating targeted accounts. 

Securing identities has become just as important as protecting networks and endpoints. Identity and Access Management (IAM) is at the heart of this effort, ensuring that only the right individuals have access to the right resources at the right times. Without a robust IAM strategy, organisations risk unauthorised access, data breaches, and insider threats—whether malicious or accidental. 

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-23120, has been discovered in Veeam Backup & Replication (VBR). This flaw allows authenticated domain users to execute arbitrary code on the affected system. The vulnerability has been assigned a CVSS v3.1 score of 9.9, indicating its critical severity. 

Holiseum will form a new Integrity360 services practice focused on OT/IoT and as a regional hub for the group in France

 

Cyber attacks don’t just happen inside your network anymore. Your brand, credentials, and sensitive data are all potential targets. The modern cyber threat landscape demands more than reactive defence. That’s where Threat Intelligence and Managed Digital Risk Protection (DRP) come into play.

In 2025, we’re witnessing a shift in how ransomware operates, who it targets, and the consequences of falling victim. It’s no longer just about stolen data—it’s about eroded trust, crippled operations, and long-term brand damage. This blog explores the evolving ransomware threat landscape for 2025. 

Cyber attacks can strike an organisation at any moment, demanding constant vigilance to ensure robust security. Integrity360’s Cyber SOC with our six fully integrated Security Operations Centres (SOCs), delivers 24/7 cyber security monitoring and immediate incident response to keep organisations safe. 

As cyber threats grow in complexity, the debate continues—should organisations rely more on automation or human expertise? The reality is that the strongest security strategies integrate both, leveraging cutting-edge technology to enhance human capabilities rather than replace them. At Integrity360, we believe this balance is the key to a resilient security posture, and is be the central theme of our Security First 2025 conferences starting this week!

Important Update on PCI DSS SAQ A Eligibility Criteria

The PCI Security Standards Council (PCI SSC) has published a new Frequently Asked Question (FAQ 1588) to help businesses better understand the updated eligibility criteria for Self-Assessment Questionnaire (SAQ) A under PCI DSS v4.0.1. These new requirements will take effect on April 1, 2025 and are especially important for e-commerce merchants using embedded payment pages (like iframes).

Overview: 

MITRE Caldera is an open-source cyber security platform designed for automating adversary emulation, red teaming, and threat hunting. It allows security teams to simulate real-world cyber threats, test defences, and improve incident response. 

With the skills gap growing, finding the right IT security professionals can be a daunting task. CyberConnect360, powered by Integrity360, is here to simplify that process. Our resource placement service connects businesses with top-tier cyber security talent, ensuring the perfect match for critical roles. This FAQ provides insights into how CyberConnect360 works and why it stands out from traditional recruitment services.

Cyber security threats are growing more sophisticated by the day and organisations need to stay ahead of adversaries by continuously refining their security strategies. One powerful approach is Purple Teaming—a strategy that bridges the gap between offensive and defensive security tactics. But what exactly is Purple Teaming, and how does it enhance an organisation’s security posture? Let’s take a closer look at this critical aspect of cyber security testing.