Latest Insights and Cybersecurity Resources
What Is Third Party Risk Management?
Your suppliers are part of your business – whether they manage your cloud, payroll, or IT. But what happens when they go down, get breached, or drop the ball? In this blog, we break down what Third Party Risk Management really means, why startups and scaleups can't afford to ignore it, and how to build a practical, scalable approach that protects your growth without adding friction.
Policy, Plan, or Playbook? What Your Incident Management Process Should...
Most scaleups and mid-sized businesses either lack an incident response plan or have one that’s unusable when it matters most. This blog lays out a practical, five-layer framework for incident management - spanning crisis planning, policies, IRPs, technical playbooks, and frontline battlecards.
It explains who should own each document, how they fit together, and why a clear, structured approach beats improvisation every time. Designed for IT leaders without security degrees, the blog includes actionable resources to help you build your response system before the breach hits.
Threat Advisory: Website compromise brings down corporate email
How a threat actor exploited a known vulnerability in the Miniorange 2FA plugin to compromise a Wordpress site using a malicious WP Rock plugin, causing unexpected knock-on impacts to the company's email reputation, leading to lost revenue and unnecessary costs.
Why can’t I get Threat Intelligence that’s relevant to my...
Many companies rely on generic cybersecurity tools for threat intelligence—but these tools don’t reveal if your business is being actively targeted. Learn why tailored, context-aware threat intelligence is essential for staying ahead of modern cyber threats.
Navigating the UK Cybersecurity Regulatory Landscape: A Guide for Medium-Sized...
Midsize organisations in the UK are subject to a number of mandatory regulations relating to cybersecurity, data protection and data privacy. For IT, security and business leaders, navigating this landscape can be both complex and challenging. Download our summary of the most relevant regulations, key standards and upcoming legislation to best position your organisation to avoid the pitfalls of non-compliance and foster trust amongst your customers, partners and other key stakeholders.
Threat Advisory: Obfuscation and process hollowing with GOO and XWorm
This threat advisory provides a detailed breakdown of a recent XWorm malware attack, revealing how attackers leveraged phishing emails, fileless execution, and process hollowing to infiltrate a target environment. By analysing the multi-stage attack chain, security professionals gain insights into obfuscation techniques, persistence mechanisms, and credential theft strategies used by adversaries.
The attack occurred just before Christmas, highlighting the increased risk of cyber threats during holidays when security teams may be understaffed. This real-world case study demonstrates how Managed Detection and Response (MDR) teams detected and mitigated the attack, offering practical takeaways for improving threat detection and response.
By reading this advisory, cybersecurity professionals can stay informed about emerging threats, learn how attacks unfold and enhance their defensive strategies. With insights from real incident response efforts, security teams can fine-tune detection rules, strengthen phishing defences and increase vigilance during high-risk periods.