Page Header

autogram-xml-xxe-cve-2026-3511

Adam Cooke

A new CVE shows Slovensko.Digital Autogram’s XML /sign endpoint can be abused by a crafted website to perform SSRF and read local files; act now to inventory, contain and disable external entities.

News & Article

Apache Artemis auth bypass allows message injection and exfiltration

Adam Cooke

CVE-2026-27446 lets unauthenticated attackers coerce brokers into outbound federation to rogue servers; patch to 2.52.0 or apply vendor mitigations now.

NCSC warns UK organisations after Iran fallout

Adam Cooke

The NCSC has urged UK businesses and universities to review cyber defences amid rising Middle East tensions; practical ISO 27001 and continuity steps organisations should take now.

Oil and Gas Authority Levy and Fees Regulations 2026: implications for UK health and safety governance and regulatory compliance

Adam Cooke

New OGA levy and fees alter regulatory funding; oil and gas organisations must adjust budgeting and governance to maintain health and safety compliance.

CGM CLININET session takeover via username-only authentication

Adam Cooke

A critical CGM CLININET vulnerability lets attackers generate sessions with only a username, risking unauthorised access to clinical accounts; organisations should contain, enforce MFA, review privileges and follow ISO 27001 and ISO 22301 guidance.

Critical SQL injection in Dayneks e‑commerce platform, vendor silent

Adam Cooke

A 9.8 critical SQL injection (CVE-2025-11251) in Dayneks’ e‑commerce platform was disclosed with no vendor response, forcing businesses to assume exposure, contain risk and accelerate supplier and patching processes.

Carrier liability for passengers without electronic travel authorisation under UK health and safety law: what it means for business

Adam Cooke

New commencement extends liability for carriers regarding passengers without ETA, demanding stronger verification, documentation controls and governance for UK regulatory compliance.

Appointment

Schedule to visit

Donec ullamcorper nulla non metus auctor fringilla. Cras justo odio, dapibus ac facilisis in, egestas eget

Page Header

autogram-xml-xxe-cve-2026-3511

News & Article

Apache Artemis auth bypass allows message injection and exfiltration

NCSC warns UK organisations after Iran fallout

Oil and Gas Authority Levy and Fees Regulations 2026: implications for UK health and safety governance and regulatory compliance

CGM CLININET session takeover via username-only authentication

Critical SQL injection in Dayneks e‑commerce platform, vendor silent

Carrier liability for passengers without electronic travel authorisation under UK health and safety law: what it means for business

Schedule to visit

Unit 18, Office T1, Brooke’s Mill Office Park, Armitage Bridge, Huddersfield, HD4 7NR, England.
Registered in England and Wales. Company Number: 8892510
Privacy Notice

Subscribe to our newsletter

Subscribe to our newsletter

Subscribe to our newsletter