Our Managed Detection and Response Services provide continuous monitoring from a team who’ll neutralise any breaches at speed...
Gain access to malware experts to quickly contain threats and reduce future exposure to attacks...
Integrity360 has been recognised as a Gartner Representative Vendor.
Many organisations are choosing CyberFire MDR to strengthen their defences. Discover how it can protect your business in our brochure.
Cyber attacks often seem faceless, but hidden behind the headlines of financial loss and technical details there are very real human stories.
In 2025, we’re witnessing a shift in how ransomware operates, who it targets, and the consequences of falling victim.
Stay ahead of the latest cyber security industry developments, advancements and threats, and understand how you can best protect your organisation.
Do you know what your company’s network vulnerabilities are? Businesses that invest in penetration testing do.
If your business handles credit card data, PCI DSS compliance isn’t optional—it’s critical. From retailers and e-commerce platforms to service providers and financial institutions, securing credit card data is critical to customer trust and preventing fraud.
Stay informed with the latest cyber security news with our weekly threat roundups.
Confused about cyber security? Our A-Z Glossary of terms can help you navigate this complicated industry.
An External Vulnerability Infrastructure Assessment tackles that visibility gap by focusing on the systems adversaries can see first.
SOC 2 certification reflects Integrity360’s continued investment in strengthening cyber resilience for clients across highly regulated and high-risk industries.
Holiseum will form a new Integrity360 services practice focused on OT/IoT and as a regional hub for the group in France
Under Attack?
Researchers at Watchtowr have released technical details on an exploit for the “CitrixBleed 2” (CVE-2025-5777) vulnerability released on 2025-06-17, leading to the development of a Proof of Concept (PoC) exploit.
Date Issued: 23 June 2025
Severity: Critical (CVSS v4 Score: 9.3)
Affected Product: Citrix NetScaler ADC / Gateway
Vulnerability ID: CVE-2025-5777
Exploitation Status: No confirmed active exploitation (as of advisory release)
CVE-2025-33073 is a critical vulnerability identified in Microsoft Windows Server Message Block (SMB) protocol implementations. This flaw stems from improper access control mechanisms, potentially allowing attackers to escalate privileges over a network to SYSTEM. The vulnerability has been assigned a CVSS v3.1 base score of 8.8, indicating a high-severity risk. An update to address this issue was in Microsoft June Patch Tuesday.
advisory ID: ADV-2025-ALL-05
date issued: 14 May 2025
severity: Critical (CVE-2025-29966), High (CVE-2025-30397)
CVSs scores:
Both high severity vulnerabilities reside in Google Chrome and are exploitable via a specially crafted HTML page. CVE-2025-5063 is a “Use after free” vulnerability that resides in the compositing subsystem of the browser whereby improper memory management when the browser renders layered page elements leads to a potential hijack of control flows during DOM manipulations. CVE-2025-5280 is an “out of bounds” exploit in the JavaScript V8 engine that could potentially allow arbitrary code to execute outside of the JavaScript sandbox, meaning it’s run natively on the target system.
A critical vulnerability in Erlang's Open Telecom Platform (OTP) SSH implementation has recently been published. OTP is a collection of middleware, libraries and tools written in the Erlang programming language and is used by a large number of global companies for communications. According to https://erlang-companies.org, companies that may be affected include Ericsson, T-Mobile, BT and Bet365 (that reportedly use it in it's live betting infrastructure) and major products that may be affected include WhatsApp, Klarna and Discord.
Foundational security organisation MITRE announced on the 15th April that the funding it received to maintain the CVE and CWE program would not be renewed. This was important, because MITRE, along with NIST and the CISA, are a huge contributor to the CVE program.
This advisory highlights a critical zero-day vulnerability in Fortinet's FortiOS and FortiProxy products that is being actively exploited in the wild. The flaw allows unauthenticated remote code execution via the SSL VPN interface, potentially giving attackers full control over affected devices. With multiple versions impacted across FortiOS and FortiProxy, and threat actors reportedly selling related exploits on dark web forums, the risk of widespread exploitation is high. Fortinet strongly urges immediate patching and additional mitigation steps, making this advisory crucial for organisations relying on Fortinet products to secure their networks.
Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes.
