supply chain attacks Archives

DeepSeek Data Leak: How a Simple Security Flaw Exposed Over a Million Records

In January 2025, the cybersecurity community was alerted to a significant data exposure involving DeepSeek, a prominent Chinese artificial intelligence (AI) startup. Researchers from Wiz, a cloud security firm, discovered that DeepSeek had inadvertently left a critical database accessible on the internet without any authentication measures. This lapse exposed over a million records, including system […]

DeepSeek Data Leak: How a Simple Security Flaw Exposed Over a Million Records Read More »

Managing Supply Chain Attacks with Cyber Security

Articles, Information Assurance / Ian Reynolds

Supply chain security is an important but often overlooked step of cyber security risk management. Incidents that affect your suppliers can have as much of a damaging impact on your organisation as a direct attack would. Understanding your supply chain, and the points at which vulnerabilities can be introduced and exploited, is a key step

Managing Supply Chain Attacks with Cyber Security Read More »

Preparing for the Cyber Security Threats of 2023

Articles, Information Assurance / Ian Reynolds

The cyber security challenges faced by organisations last year can give hints towards the way cyber crime is evolving this year. Ransomware has established itself as a constant threat, and is now available on demand through ransomware-as-a-service models, phishing events have increased, with more sophisticated landing pages, and widespread flaws such as Log4j continue to

Preparing for the Cyber Security Threats of 2023 Read More »

Evolving Cyber Security Threats in 2022

Articles, Information Assurance / Ian Reynolds

The threats faced in cyber security are constantly evolving, with state actors taking part in cyber espionage, and cyber criminal groups creating paid-for campaigns and offering services for hire. The National Cyber Security Centre (NCSC), a part of GCHQ, and the UK government’s technical authority for cyber security, have released their annual review for 2022

Evolving Cyber Security Threats in 2022 Read More »

Uber Breached in Targeted Attack

News, Vulnerabilities / Ian Reynolds

The credentials of an Uber contractor were stolen and used to access multiple accounts and company files in a targeted attack. Uber released an initial security update statement that they were dealing with a cybersecurity incident when this breach was first identified and have since updated this post to give details about the attack and

Uber Breached in Targeted Attack Read More »

Twilio Targeted in Latest ‘0ktapus’ Phishing Attacks

Articles, Information Assurance, Social Engineering / Ian Reynolds

A large-scale phishing attack was recently launched against employees at Twilio, a global cloud-based communications and infrastructure company. Phishing text messages were sent to employees, impersonating Twilio’s IT department, with the aim of harvesting employee credentials. These stolen credentials were used to access internal systems, resulting in a breach of confidentiality in which the data

Twilio Targeted in Latest ‘0ktapus’ Phishing Attacks Read More »

How to improve your supply chain security

Articles, Information Assurance / Ian Reynolds

The security of every business is dependent on the security of its suppliers. From the PCs on peoples desks, to the servers in cloud, the firewalls in the office and the experts that connect to your network to tune your database or manage your servers. A security failing at any of these suppliers could allow

How to improve your supply chain security Read More »

NCSC Updates Guidance on Russian cyber threat

News / Ian Reynolds

The NCSC has issued updated guidance on the evolving threat from Russian state actors and cyber criminals due to the ongoing war in Ukraine. The joint Cybersecurity Advisory (CSA) from the cybersecurity authorities in the UK, USA, Australia, Canada and New Zealand warns that: “Evolving intelligence indicates that the Russian government is exploring options for

NCSC Updates Guidance on Russian cyber threat Read More »

Azure developers targeted in supply chain attack

News, Tools / Ian Reynolds

Last week over 200 malicious packages were discovered in the npm registry targeting Azure developers with PII stealing malware. Reported by security firm JFrog, the malicious packages were uploaded to npm in a sort of typosquatting attack which targeted packages within the @azure scope. The attack method is simple: the attacker creates a malicious package

Azure developers targeted in supply chain attack Read More »

Npm sabotaged by Ukraine protest

News / Ian Reynolds

Earlier this month, the Vue.js JavaScript framework was subject to a supply chain attack via the npm ecosystem. The node-ipc package was sabotaged by its creator and was pulled into other people’s projects resulting in anti-war messages being displayed to users and, in some cases, data destruction. Node-ipc is a popular module used in the

Npm sabotaged by Ukraine protest Read More »

supply chain attacks

DeepSeek Data Leak: How a Simple Security Flaw Exposed Over a Million Records

Managing Supply Chain Attacks with Cyber Security

Preparing for the Cyber Security Threats of 2023

Evolving Cyber Security Threats in 2022

Uber Breached in Targeted Attack

How to improve your supply chain security

NCSC Updates Guidance on Russian cyber threat

Azure developers targeted in supply chain attack

Npm sabotaged by Ukraine protest

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch