Security Insights

Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

A photoreal editorial scene of a server room bathed in low blue light, with a single rack of servers visibly older and d
Vulnerabilities
5 min read
3 Jun 2026

CISA Flags Two-Year-Old Oracle WebLogic Flaw as Actively Exploited — Federal Deadline Is Four Days

CVE-2024-21182 earned a CVSS 7.3 score and a July 2024 Oracle patch. Neither was enough to stop threat actors from finding the organizations that never bothered.

A close-up, photoreal editorial photograph of a glowing computer monitor displaying a WordPress admin dashboard with an
Vulnerabilities
5 min read
2 Jun 2026

CVE-2026-8732: Attackers Are Creating Rogue Admin Accounts on WordPress Sites Right Now

A critical unauthenticated privilege-escalation flaw in the WP Maps Pro plugin lets anyone register a full administrator account — no login, no phishing, no waiting. Active exploitation is already underway.

Photoreal editorial scene: a developer's dimly lit workstation at night, multiple monitors showing terminal windows with
Vulnerabilities
4 min read
2 Jun 2026

Miasma Supply Chain Attack Plants Credential-Stealing Worm Inside Red Hat npm Packages

A sophisticated campaign named Miasma has weaponized npm packages tied to the Red Hat ecosystem, silently harvesting developer credentials and burrowing into CI/CD pipelines the moment a compromised package lands on disk.

A photoreal close-up editorial scene of a single physical combination padlock sitting on a dark brushed-metal surface, i
Breaches
5 min read
2 Jun 2026

Dashlane Brute-Force Attack Pulled Encrypted Vaults From Fewer Than 20 Accounts

An unknown actor targeted the 2FA layer on personal-plan accounts on May 31, 2026. The vaults left the server encrypted. Whether they stay that way depends entirely on how strong each user's master password is.

!@
Phishing Awareness
5 min read
28 Mar 2026

How to Recognise Phishing Emails in 2026

Phishing remains the number one attack vector for cyber criminals. Learn the telltale signs of a phishing email and how to protect yourself and your organisation from these increasingly sophisticated attacks.

Password Security
4 min read
20 Mar 2026

Building a Strong Password Policy

Compromised credentials are implicated in the majority of hacking-related breaches. Discover best practices for creating and managing strong passwords, implementing MFA, and using password managers across your organisation.

Social Engineering
6 min read
12 Mar 2026

Social Engineering: The Human Factor

Attackers don't just hack computers — they hack people. Understand the psychology behind social engineering attacks and how to train your team to recognise manipulation tactics.

A+
Compliance
7 min read
5 Mar 2026

GDPR Compliance Training Checklist

Ensure your organisation meets GDPR requirements with our comprehensive training checklist. From data handling procedures to breach notification protocols, cover all the essentials.

24h
Incident Response
8 min read
25 Feb 2026

Incident Response: The Critical First 24 Hours

When a security incident occurs, every minute counts. This guide walks through the critical first 24 hours of incident response, from detection to containment and communication.

VPN
Remote Security
5 min read
15 Feb 2026

Securing Remote and Hybrid Work Environments

With hybrid work becoming the norm, securing remote environments is essential. Learn about VPN best practices, secure home networks, and protecting sensitive data outside the office.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress