Featured Story
Azure AD ‘Log in With Microsoft’ Authentication Bypass Affects Thousands
A critical vulnerability has been discovered in Azure Active Directory (Azure AD) allowing authentication bypass through “Log in with Microsoft.” This affects thousands of organizations using Azure AD as an identity provider and exposes them to unauthorized access risks.
Immediate action is needed to patch and harden Azure AD environments.
Our recommendations:
- Apply all relevant Microsoft security updates
- Conduct vulnerability and configuration assessments
- Enforce Multi-Factor Authentication (MFA) across all Azure AD accounts
Contact our SOC team for audit or remediation support.
Other Stories
Apple Patches Multiple Actively Exploited Vulnerabilities
Apple released updates addressing critical kernel and WebKit vulnerabilities (CVE-2023-32434, CVE-2023-32435, CVE-2023-32439) that are actively exploited. Devices including iPhones, iPads, Macs, and Apple Watches are affected.
Recommended upgrades include:
- iOS/iPadOS 16.5.1 or 15.7.7
- macOS Ventura 13.4.1, Monterey 12.6.7, Big Sur 11.7.8
- Safari 16.5.1, watchOS 9.5.2 / 8.8.1
Contact us if you need help with endpoint compliance or update validation.
Millions of GitHub Repositories Vulnerable to RepoJacking Attacks
Aqua Security warns of widespread “RepoJacking” vulnerabilities across GitHub. Attackers can hijack abandoned usernames to replace dependencies with malicious content, even affecting organizations like Google and Lyft.
Ensure your development pipelines:
- Use secure package registries
- Regularly validate ownership of external dependencies
- Review redirects and legacy GitHub usernames
Our SOC team is available to assist with codebase reviews and repo security strategies.
5 Steps to Minimize Dark Data Risk
Dark data — unused, unknown, or forgotten data — poses a major breach risk. It includes logs, backups, and sensitive records that organizations fail to manage properly.
Protect dark data by:
- Enforcing access controls and encryption
- Conducting regular data classification audits
- Using monitoring tools to detect anomalous behavior
Need help managing your data exposure? Contact our SOC.
Summer Holiday Scams on the Rise
Cybercriminals are exploiting vacation season by launching scams involving fake airline tickets, hotel bookings, and travel deals. In the UK alone, over £15M was lost to travel fraud last year.
Watch out for:
- Unrealistic offers on social media
- Requests for direct bank transfers
- Links to fake travel portals
Our Awareness & Phishing team can help educate employees and protect against seasonal scams.
