Our Managed Detection and Response Services provide continuous monitoring from a team who’ll neutralise any breaches at speed...
Gain access to malware experts to quickly contain threats and reduce future exposure to attacks...
Integrity360 has been recognised as a Gartner Representative Vendor.
Many organisations are choosing CyberFire MDR to strengthen their defences. Discover how it can protect your business in our brochure.
Cyber attacks often seem faceless, but hidden behind the headlines of financial loss and technical details there are very real human stories.
In 2025, we’re witnessing a shift in how ransomware operates, who it targets, and the consequences of falling victim.
Stay ahead of the latest cyber security industry developments, advancements and threats, and understand how you can best protect your organisation.
Do you know what your company’s network vulnerabilities are? Businesses that invest in penetration testing do.
If your business handles credit card data, PCI DSS compliance isn’t optional—it’s critical. From retailers and e-commerce platforms to service providers and financial institutions, securing credit card data is critical to customer trust and preventing fraud.
Stay informed with the latest cyber security news with our weekly threat roundups.
Confused about cyber security? Our A-Z Glossary of terms can help you navigate this complicated industry.
Despite its value, Penetration Testing is often misunderstood.
SOC 2 certification reflects Integrity360’s continued investment in strengthening cyber resilience for clients across highly regulated and high-risk industries.
Holiseum will form a new Integrity360 services practice focused on OT/IoT and as a regional hub for the group in France
Under Attack?
Posts by:
SesameOp is a newly identified, stealthy .NET backdoor that exploits trusted cloud AI infrastructure—specifically OpenAI’s Assistants API—as a covert command-and-control (C2) channel. Discovered by Microsoft DART, this advanced threat blends into legitimate developer environments and HTTPS traffic, making detection extremely difficult. This advisory breaks down how the attack works, why it’s significant, and what defenders need to know to mitigate the risk.
On October 14, 2025, Microsoft attempted to patch a critical unauthenticated RCE in Windows Server Update Services (WSUS). The fix proved incomplete, and an out-of-band (OOB) update was released on October 23, 2025. Within hours, multiple firms observed active exploitation in the wild against Internet-exposed WSUS over TCP 8530/8531. CISA added the bug to the KEV catalog on October 24, 2025, and urged rapid remediation. Risk is severe: pre-auth RCE as SYSTEM on a central patching service enables lateral movement and potential internal supply-chain abuse.
.jpg)
On 2025-10-26, ransomware operator “Everest Group” announced on their TOR-hosted web page that they had allegedly accessed the data of Dublin Airport regarding a large number of travellers to the airport. Early estimates for the potential number of affected victims range from 1-200K up to 1.5 Million, however no details have been positively confirmed.
Although unconfirmed it is likely that this data breach is related to the Collins Aerospace ransomware attack which occurred earlier in Sept 2025. A likely strategy for the Everest Group is to threaten individual airports and airlines, increasing the chance of successful payment. Everest Group has also threatened to release the data of Air Arabia on 2025-10-25, signaling that further aerospace organisations may face threats in the coming days.
Examination of the group’s TTPs suggests a heavy focus on social engineering and access broker techniques to gain initial access to victim’s environments. Research performed by the NCC group showed that Everest use legitimate, compromised accounts, removing the need for exploitation and privilege escalation which often raises suspicion among network defenders. The group has been operational since at least 2021, is linked to the “Blackbyte” and “Conti” ransomware groups and is a double extortion ransomware operator.
A notable communication by the group in 2023 showed the intention to recruit parties with access to systems which would be exchanged for monetary reward on completion of a successful attack. It is unclear whether this was intended for corporate employees, access brokers, or both.
Social engineering attacks abusing legitimate credentials appear to be common among modern high profile ransomware operators in that they can be used to bypass an organization's defenses if deployed correctly.
The Integrity360 Incident Response team recommends some practical steps to mitigate the risk of attacks which begin with social engineering:
.png)
F5 has revealed new details about a major cybersecurity incident involving a highly sophisticated nation-state threat actor who maintained prolonged access to parts of the company’s internal network. Discovered in August 2025, the breach allowed the attacker to infiltrate F5’s BIG-IP product development environment and engineering knowledge management platforms, where they exfiltrated files containing portions of BIG-IP source code and technical information about vulnerabilities that had not yet been disclosed. F5 emphasized that there is no evidence of any critical or remote code execution vulnerabilities being exploited, and no indication that the attackers gained access to F5’s customer relationship management, financial, support, or iHealth systems.
Cyber security researchers have uncovered multiple malicious packages distributed through npm, PyPI, and RubyGems that secretly send stolen developer data to Discord channels. The attackers use Discord webhooks as a command-and-control (C2) mechanism, exploiting their simplicity and lack of authentication requirements. Since webhook URLs are “write-only,” defenders cannot easily review or delete the stolen data once it’s transmitted.
.png)
CVE-2021-43226 is a local privilege-escalation vulnerability in the Microsoft Common Log File System (CLFS) driver that allows a local, authenticated attacker with standard user privileges to trigger a buffer-overflow in CLFS and obtain SYSTEM level code execution. CISA has confirmed evidence of active exploitation and placed the CVE in its KEV catalog. Organizations must prioritize patching and apply mitigations immediately.
.png)
Redis has revealed a critical security flaw in its in-memory database software that carries the maximum possible severity rating, potentially allowing remote code execution in certain conditions. The vulnerability, identified as CVE-2025-49844 and nicknamed “RediShell,” has been assigned a CVSS score of 10.0.
Oracle have released a new critical Advisory for a zero-day vulnerability, now tracked as “CVE-2025-61882” that is being actively exploited in the wild. This vulnerability, which affects the Oracle E-Business Suite has been assigned a CVSS 3.1 Base Score of 9.8 (CRITICAL). This allows an unauthenticated attacker with network access to compromise the system by enabling them to perform RCE (Remote Code Execution) on the affected host.
A newly discovered Android banking trojan named Klopatra has infected more than 3,000 devices, with most cases observed in Spain and Italy. First identified by the Italian firm Cleafy in late August 2025, Klopatra is a sophisticated remote access trojan that leverages Hidden VNC to seize full control of compromised smartphones. It employs dynamic overlays to steal credentials and ultimately enables its operators to perform fraudulent financial transactions.
Cisco has confirmed active exploitation of multiple vulnerabilities in the VPN/web services of Cisco Secure Firewall (ASA) and FTD. Threat actors chained a missing-authorization flaw with a separate web-service buffer overflow to achieve remote code execution and deploy persistent tooling. Government partners and national CERTs have supported the investigation and issued mitigations; CISA has published Emergency Directive ED 25-03 and added the exploited CVEs to its KEV catalog.
