Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ClickFix is an emerging social engineering technique that has gained traction among both cybercriminals and APT groups due to its effectiveness and low barrier to execution. First observed around October 19, 2023, disguised as Cloudflare anti-bot protection, ClickFix deceives users into taking action to “fix” a non-existent issue, often through fake reCAPTCHA pages, spoofed software updates, or fraudulent security prompts.

In the current climate, we are tackling the challenge of raising awareness at an industry level, highlighting the advantages of threat intelligence sharing: a practical and collaborative way to enhance cybersecurity awareness across industries and gain a tactical advantage in the evolving threat landscape.

CVE-2025-24859 is a critical security vulnerability in Apache Roller, a Java-based web application used for blogging and content management, that allows unauthorized session reuse due to insufficient session expiration after a user’s password is changed. Notably, the application fails to invalidate active user sessions upon password modification, irrespective of whether the change is initiated by the user or an administrative entity.

In today’s digital-first world, cyber threats are not only increasing in volume, but they’re also becoming more targeted, coordinated, and expensive. According to IBM’s Cost of a Data Breach Report 2024, the global average data breach cost has reached USD 4.88 million, a 10% increase over last year and the highest total recorded to date.

Fraudsters are relentless in their pursuit, targeting physical cards, intercepting personal data, and exploiting online vulnerabilities, all with minimal risk and significant financial reward. In the first half of 2024 alone, unauthorised payment card fraud surged to over £275 million, marking a 7% increase compared to the previous year, according to UK Finance. While the risks associated with fraudsters are well understood, apprehending them remains a significant challenge.

A new activist group is targeting insurance companies. Boycott Bloody Insurance (BBI) aims to raise awareness of the insurance industry’s role in perceived global injustices. Escalatory tactics that disrupt insurers’ day-to-day operations are possible. This may include physical threats against premises and individuals and/or logical threats, such negative social media or cyberattacks.