Blog

April 2025 brought a wave of alarming developments in the field of information security. From large-scale ransomware attacks on healthcare institutions to geopolitical cyber threats and fundamental regulatory changes, it's clear that the digital domain is increasingly resembling…

Suppose you're a cracker not looking to find backdoors, but to create them. Then what? One option is to infiltrate GitHub and carry out a supply chain attack that impacts thousands of CI/CD pipelines. March 2025 was marked by a large-scale supply chain attack that exposed the vu…

February 2025 brought one of the most notable data breaches in recent memory: a large-scale intrusion at Orange, in which more than 600,000 customer and business records were stolen. The attack primarily affected Orange Romania, but other international divisions of the telecom c…

Cybersecurity trends that shaped January 2025 Yes, we used the term "cybersecurity trends". You read that correctly. Of course, we mean trends in the world of information security. But we, too, can’t avoid using words that others might search for. Such is life. Anyway. January 2…

As 2024 comes to a close and the holiday season approaches, we want to take a moment to reflect. This year has been one of constant change, both for us and for our customers. The world of web security hasn't stood still this year, and that's been evident every day at Forendox. I…

Compared to a year ago, there has been a 75% increase in hybrid threats, where cyberattacks and physical sabotage reinforce each other. This new dynamic has changed the way we look at information security. It is a sign that we are living in an era where the boundaries between di…

The number of companies falling victim to ransomware has increased, according to figures released today by the Dutch Data Protection Authority (AP). These figures pertain to last year, 2023, and are now complete. Melissa, a collaboration between the police and security firms, h…

The Dutch government makes use of American cloud services to store data, such as Amazon’s AWS, for example. It also turns out that 75% of government institutions have outsourced their email services to Microsoft or Google. Privacy has always been a topic of concern in this conte…

This month, a remarkable campaign was discovered in which North Korean threat actors used malicious npm packages, including 'qq-console' and 'helmet-validate'. These packages were part of a larger operation, known as the "Contagious Interview" campaign, and were aimed at softwar…

In July 2024, a major cybersecurity incident occurred due to a failed update by CrowdStrike, a leading provider of endpoint security. This incident led to millions of systems crashing worldwide. The update, meant for their Falcon platform, caused severe system disruptions, parti…

We live in a time of global tensions and societies that are highly dependent on technology. This can cause friction. An often undervalued aspect of software development is finishing. Often, when custom software is created, it is done through a method that consists of short devel…

Around February 24, it was discovered that the WordPress plugin Ultimate Member is vulnerable. The vulnerability involves an attack vector through SQL injection. The latest update of this plugin, version 2.8.3, fixes this vulnerability. However, it appears that many websites hav…

A vulnerability published on November 28, 2023, under CVE-2023-24023, appears to affect almost all Bluetooth devices. This was discovered by the French assistant professor and researcher at Eurecom, Daniele Antonioli. It involves a so-called man-in-the-middle attack, where an at…

ABN Amro has found, after research, that victims of Dutch online fraud can prevent nearly half of the cases by not clicking on links too quickly. The study involved five hundred victims of online fraud, revealing that 44 percent of them admitted to clicking too quickly, enabling…

A tumultuous start to September. Google, Adobe, Mozilla, and Microsoft have patched various zero-day attack vectors in software, ranging from Chrome, Acrobat Reader, Firefox, Thunderbird, Windows, to Word. Some of these vulnerabilities are already being actively exploited, while…

Recently, a serious vulnerability has come to light in the widely used WinRAR software. With a user base of up to 500 million worldwide, this discovery holds potentially far-reaching consequences. The vulnerability, known as CVE-2023-40477, has also been rated with a severity sc…

This article is about internet security and privacy for advanced users or those who want to delve deeper into the world of cookies and tracking in general, and how being followed can be prevented. Above all, it explains why you should be concerned about this and how you can take…

At the moment, the governmental institution UWV is regularly making headlines. They have possibly not behaved as ethically on the technical front. For example, it recently came to light that they might be placing cookies for a longer duration than is desirable. What is a cookie,…

Ensuring the security of our information is of great importance. Monitoring can be compared to installing security cameras to protect your business assets. However, in the field of technology, we often see insufficient attention being given to monitoring our digital assets. Moni…

In the rapidly evolving world of technology and digitization, information security has become one of the biggest challenges for businesses. Protecting sensitive information and ensuring customer and employee privacy is critical, but surprisingly, many companies don't think about…

LastPass released a new official response on March 1, 2023 about last year's break-in. This article is therefore a follow-up to an earlier article that already laid out the events surrounding the LastPass break-in up to that point. The good news A new post has appeared in LastP…

In August 2022, LastPass, a digital password vault service, reported that it had been broken into. The latest announcement came just before the holidays. Meanwhile, it is almost February 2023. A good time to look back. At least, what is clear by now? And is it actually over yet?…

The year is almost over again. The month of the holiday season is upon us. For those working in information security, a month of mixed feelings. On the one hand coziness, family, warmth, food and drinks ... and on the other hand often a high work pressure. From sifting through l…

It is estimated that 60% of all web traffic on the internet involves bots, or robots if you will. Some are friendly, others are malicious. Examples of friendly bots include well-known major search engines. These come along to include your website in their search results. In this…

The European Commission has presented the Cyber Resilience Act proposal. The proposal should apply to any device that can connect to another, or to the Internet. The purpose of the proposal is to make device security, through legislation, no longer voluntarily required of manufa…

The WordPress plugin WPGateway has a zero day vulnerability. The vulnerability is numbered CVE-2022-3180. It is a critical issue with potentially serious consequences. All versions of the plugin are at risk, up to and including the current version 3.5. An update with a fix is no…

In the second half of 2022, a predicted but strikingly increasing trend was detected by our SOC. An increase in automated attacks. All devices connected to the Internet will sooner or later encounter curious visitors. Whether it's a camera system, SCADA system or webshop. Often…

Sometimes a small idea grows out of control. And when that moment comes, it's time for new solutions. This blog will help us keep a grip on the news we share. It will not only serve as an archive, but it will also become the central place from which we will share news from now o…