React2Shell Isn’t Just Another CVE
It’s a Warning About How We Secure Modern Web Apps When the React team disclosed CVE-2025-55182 in early December 2025, the initial reaction was familiar: another critical vulnerability, another urgent upgrade advisory, another round of “patch immediately” guidance. But that framing misses the point. React2Shell isn’t just a severe bug, it’s a signal that the […]
CVE-2025-49844 and the Cloud’s Redis Problem: Risk, Urgency, and How Modern Defenses Bridge the Patch Gap
The world of cloud infrastructure received a wake-up call with the disclosure of CVE-2025-49844, a vulnerability that could rightfully be called a cloud-wide emergency. Uncovered by Wiz Research and dubbed “RediShell,” this flaw in the ubiquitous Redis database earned a rare 10.0 CVSS score, reflecting not only its technical danger, but its oversized ripple effect […]
Beyond CVSS: How Attackers Really Exploit CVEs and What That Means for Patch Prioritisation
In 2025 we’ve seen organisations face a paradox: record-shattering numbers of new vulnerabilities, but only a handful ever lead to real-world breaches. As exploited CVEs mount and patch management struggles to keep up, is it time to rethink what, and how, we patch? The Rising Tide: More CVEs, More Complexity Between 2023 and 2025, the […]
The Challenges of Securing Acquired Environments Post-M&A
Mergers and Acquisitions (M&A) are complex undertakings with significant strategic and operational benefits. However, they also bring with them a host of cybersecurity challenges, particularly when it comes to securing and patching the newly acquired environments. Even for organizations with robust vulnerability management programs, it can take months or even years to fully secure an […]
Navigating the Rapid Exploitation of POC Code and LotL (Living off the Land) Techniques
Organisations are grappling with the rapid discovery and disclosure of vulnerabilities, creating a complex environment for maintaining their cyber posture. The increasing number of vulnerabilities complicates timely patching, controlling application sprawl, and managing shadow IT. Attackers now exploit proof-of-concept (POC) code within 24 hours of its release, infiltrating systems before organisations can implement adequate defences. […]
The Impact of Java Applications: Lessons from High-Profile Breaches
Organisations often choose Java for their applications due to its platform independence, robustness, scalability, and extensive ecosystem of libraries and frameworks. This widespread usage makes it an attractive target for attackers, and vulnerabilities often arise due to its complexity and the challenge of ensuring timely updates across diverse environments, leaving vulnerabilities unpatched. This is vividly […]
Thoughts on Healthcare and Legacy Systems
In the realm of healthcare, where the stakes involve not just the operational efficiency of providers but the very well-being and privacy of patients, the challenge of maintaining robust cybersecurity cannot be overstated. This sector, entrusted with some of the most sensitive personal information, faces unique pressures and vulnerabilities. The widespread reliance on legacy technology, […]