Our Managed Detection and Response Services provide continuous monitoring from a team who’ll neutralise any breaches at speed...
Gain access to malware experts to quickly contain threats and reduce future exposure to attacks...
Integrity360 has been recognised as a Gartner Representative Vendor.
Many organisations are choosing CyberFire MDR to strengthen their defences. Discover how it can protect your business in our brochure.
Cyber attacks often seem faceless, but hidden behind the headlines of financial loss and technical details there are very real human stories.
In 2025, we’re witnessing a shift in how ransomware operates, who it targets, and the consequences of falling victim.
Stay ahead of the latest cybersecurity industry developments, advancements and threats, and understand how you can best protect your organisation.
Do you know what your company’s network vulnerabilities are? Businesses that invest in penetration testing do.
If your business handles credit card data, PCI DSS compliance isn’t optional—it’s critical. From retailers and e-commerce platforms to service providers and financial institutions, securing credit card data is critical to customer trust and preventing fraud.
Stay informed with the latest cybersecurity news with our weekly threat roundups.
Confused about cybersecurity? Our A-Z Glossary of terms can help you navigate this complicated industry.
For many small and mid-sized businesses, cybersecurity can feel overwhelming.
SOC 2 certification reflects Integrity360’s continued investment in strengthening cyber resilience for clients across highly regulated and high-risk industries.
Leading Canadian cybersecurity services provider Advantus360 joins Integrity360 creating the group’s first hub in North America
Under Attack?
Posts by:
.jpg)
Veeam has disclosed multiple security flaws in its Backup & Replication (VBR) software that expose backup infrastructure to remote code execution (RCE) attacks. The critical vulnerability CVE202559470 and two additional issues were patched on January 6, 2026.
.png)
The chained zero-day exploit against SonicWall SMA1000 appliances (CVE-2025-40602 & CVE-2025-23006) enables unauthenticated RCE as root via exposed management consoles.
This is a high severity, actively exploited zero-day targeting Cisco AsyncOS appliances exposed to the internet. Immediate access restrictions, segmentation, threat monitoring, and preparation for incident response and patch deployment are critical defenses until an official fix is released.
Following the critical “React2Shell” disclosure earlier this month, three additional vulnerabilities were identified in React Server Components (RSC). These new flaws, carry high severity and widespread impact, requiring immediate developer action. As these new flaws allow an attacker to cause Denial of Service (DoS) or leak server-side source code.
.png)
Ivanti has released urgent patches for a critical code execution vulnerability in its Endpoint Manager (EPM) platform, tracked as CVE‑2025‑10573 (CVSS 9.6). The flaw allows unauthenticated, remote attackers to perform low-complexity cross-site scripting (XSS) attacks that require minimal user interaction, potentially compromising administrative sessions and leading to code execution.
Fortinet has disclosed two critical authentication bypass vulnerabilities in its FortiCloud SSO feature—affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. An attacker could gain unfettered administrative access using crafted SAML assertions when FortiCloud SSO is enabled.
Two critical vulnerabilities have been disclosed in React Server Components (RSC) and Next.js App Router, enabling unauthenticated remote code execution (RCE). These flaws stem from unsafe deserialization of RSC payloads, allowing attackers to execute arbitrary JavaScript code on the server.
Cyber security analysts from Group-IB and UKUK have identified a continuing and expanding cyber-espionage operation run by the threat actor known as Bloody Wolf. Active since at least late 2023, the group has steadily evolved its methods while extending its reach across Central Asia. Their activity demonstrates a shift toward low-cost, legitimate remote-administration tools delivered through carefully crafted social-engineering campaigns.
Scattered Lapsus$ Hunters group appears to be targeting Zendesk users in a new phishing campaign.
.png)
Sha1-Hulud 2.0 is an aggressive evolution of the September 2025 Shai-Hulud npm supply chain attack. This second wave introduces preinstall-phase execution, enabling malware to run automatically during dependency installation, bypassing traditional static code scans. The campaign leverages compromised maintainer accounts to publish trojanized npm packages, impacting major projects like Zapier, ENS Domains, PostHog, and Postman
