A critical vulnerability in HPE OneView tracked as CVE 2025 37164 allows unauthenticated remote code execution. This blog explains the flaw impact and best practices for patching CVEs and strengthening infrastructure security.

Cisco has warned of active cyberattacks exploiting misconfigured AsyncOS email security appliances. This blog explains how attackers abuse configuration weaknesses, why email systems are targeted, and what organisations should do now to reduce risk.

A critical UEFI firmware vulnerability in Asus ASRock Gigabyte and MSI motherboards allows early boot direct memory access attacks that bypass operating system security. This blog explains how the flaw works how it can be exploited and what organisations must do to protect against firmware level threats.

Dentsu Merkle suffered a cyberattack in 2025 that exposed internal and client data. This blog explains how attackers may have exploited vulnerabilities and misconfigurations, the role of penetration testing and CVE management, and practical steps organisations should take to protect themselves now.

A bug in Windows 11 sign-in options can weaken authentication protections and allow bypass attempts. This blog explains how the issue works, potential exploitation scenarios, and what users and organisations should do to protect their systems through patching, configuration changes, and penetration testing.

A VMware ESXi zero-day vulnerability is being actively exploited in ransomware attacks, threatening enterprise servers and virtual machines. This blog explains how the exploit works, why hypervisor security matters, and what organisations should do to defend their infrastructure.

F5 has patched critical vulnerabilities in its BIG-IP products that could be exploited for remote code execution or administrative bypass. This blog explains the risks, how attackers exploit network appliance flaws, and what organisations must do to protect their infrastructure.

A ransomware attack on Bridgepay highlights the ongoing risk to payment processors and enterprise infrastructure. This blog explains how attackers typically exploit vulnerabilities, the importance of CVE tracking and penetration testing, and key steps organisations should take to protect their systems.

CISA has updated its guidance to remove certain edge devices from the critical infrastructure list. This blog explains why edge device security still matters, real risk scenarios, and what organisations must do including patching, configuration management, and penetration testing.

Hackers are abusing free Firebase developer accounts to serve malicious content, phishing pages, and malware. This blog explains how these abuses work, the risks they pose, and what organisations should do including stronger access controls, monitoring, and penetration testing.

A FortiOS LDAP authentication bypass vulnerability could allow attackers to evade login protections and access firewall management systems. Enterprises should patch affected systems and review authentication controls immediately.

Microsoft’s February 2026 Patch Tuesday fixes 54 vulnerabilities, including critical remote code execution flaws. Organisations should prioritise patching and monitor for exploitation attempts.