When Smart Devices Become Security Risks: From Robot Hoovers to Connected Fridges
IOT or rather “connected devices” are now common in both homes and workplaces. From smart speakers and lighting systems to robot vacuum cleaners and internet-connected refrigerators, the number of Internet of Things (IoT) devices in use continues to grow rapidly. Whilst these devices offer convenience and automation, they also introduce new security considerations. Many consumer […]
Software Supply Chain Attacks Are Increasing: What Organisations Should Do Now
Software supply chains have become an increasingly attractive target for cyber attackers. Rather than compromising individual organisations directly, threat actors are focusing on widely used development tools and open-source components to distribute malicious code across multiple environments simultaneously. Recent research highlighted a campaign where attackers compromised widely used development tools including Trivy and Checkmarx integrations […]
From Vulnerability Discovery to Effective Remediation
Identifying vulnerabilities is only the first step in improving an organisation’s security posture. Many organisations discover that after a penetration test, audit or vulnerability assessment they are left with a significant list of technical findings but limited internal capacity to address them. In practice, remediation can be complex. Security issues often involve configuration changes, system […]
Exploitation of BeyondTrust Remote Support and Privileged Remote Access (CVE-2026-1731)
As an Assured Cyber Incident Response provider, we are sharing the NCSC’s guidance on vulnerability CVE-2026-1731 to help organisations understand the potential risk and take any necessary action. we recommend reviewing the advice carefully. See NCSC advice below: The NCSC are directly aware of the attempted and successful exploitation of CVE-2026-1731. The NCSC advises organisations […]
Ransomware in 2026: Why Extortion Tactics Are Evolving
Ransomware continues to represent one of the most disruptive cyber threats facing organisations. While the techniques used by attackers are evolving, the operational impact remains the same: service disruption, financial loss and reputational damage. If we look to the wider picture, threat intelligence is also indicating to us that ransomware activity is continuing to increase […]
CVE-2026-24061: Critical Telnet Vulnerability Highlights the Ongoing Risk of Legacy Protocols
Prism Infosec have been following the recent disclosure of a critical Telnet vulnerability affecting the GNU InetUtils Telnetd server, which has refocused attention widely on the risks posed by legacy protocols that continue to exist within modern IT Infrastructure. Tracked as CVE-2026-24061, the raised flaw allows an unauthenticated attacker the ability to gain root-level access […]
Beyond Compliance: Building True Cyber Resilience in 2025
Compliance is not enough Across the UK, organisations continue to invest heavily in compliance. ISO 27001 certification, NCSC alignment and annual penetration tests all play an important role. But compliance alone does not guarantee readiness. Compliance demonstrates that controls are in place. Resilience proves they actually work under pressure. Recent incidents have shown that even […]
Securing the Cloud: Visibility, Control and Confidence
Cloud adoption without compromise Cloud platforms have transformed how global organisations deliver services, manage data and scale operations. However, whilst flexibility and speed have improved, visibility and control have often decreased. Many incidents reported to the NCSC over the past year have been linked to cloud misconfiguration or weak access controls, not platform flaws. The […]
Cyber Governance at the Board Level: Turning Awareness into Action
Cyber security is now a boardroom issue In today’s regulatory and operational landscape, cyber security has moved beyond IT. Boards are accountable for the resilience of the business, not just its financial performance. A single cyber incident can disrupt operations, damage reputation and trigger regulatory scrutiny. Awareness is improving, but awareness alone? It’s not enough. […]
From Simulation to Response: Turning Exercises into Real Capability
Running a cyber incident exercise is an excellent way to test response readiness, but too many stop at the simulation itself. The real value lies in what happens afterwards. Every drill, tabletop or technical run-through should end with clear evidence of progress, not a list that disappears into an inbox. Why most exercises fall short […]
