Cyber Security Redefined
Why Partner with CyberWhite?
24 hours a day and seven days a week, we support clients irrespective of sector, size, or location.
We deliver information security advisory services, risk mitigation strategies and technical solutions to protect information within organisations.
We deliver innovative services, tailored to suit specific organisational requirements and risk profiles. We then map these against the appetite to address identified risks, providing a fully managed support network to ensure successful a project outcome.
Our Latest Resources
Here we discuss everything from cyber security news and knowledge updates to the latest technology and events.
ChatGPT Patch
ChatGPT Patch Fixes Data Exposure Glitch (Yes, That’s Slightly Awkward) OpenAI has addressed a security flaw in ChatGPT that could allow limited exposure of user data under specific conditions. The issue stemmed from a vulnerability that could enable users to view fragments of other users’ conversations or sensitive information due to caching or processing anomalies. […]
Axios Supply Chain Attack
When Your Dependencies Betray You: The Axios Supply Chain Attack A supply chain attack targeting the popular JavaScript library Axios has been identified, where attackers injected malicious code into compromised packages. The tampered versions enabled cross-site scripting (XSS) style attacks, potentially allowing credential theft, session hijacking, and data exfiltration from affected applications. The malicious packages […]
Russian CTRL Toolkit Campaign
CTRL Toolkit: Not the Shortcut You Want A campaign distributing the Russian-linked CTRL toolkit has been identified, using deceptive delivery methods such as phishing or malicious downloads. The toolkit enables attackers to maintain persistence, execute commands, and exfiltrate data from compromised systems. Its modular design allows flexible deployment depending on attacker objectives. Researchers note increasing […]
Oracle Critical Patch
Oracle Issues Patch (And You Should Probably Install It) Oracle has released a critical patch addressing CVE-2026-21992, a severe vulnerability affecting its software products. The flaw could allow attackers to execute arbitrary code or compromise systems if left unpatched. Oracle’s update is part of its regular Critical Patch Update cycle, which includes fixes for multiple […]
Claude Extension Zero-Day
Zero-Click, Zero Effort, Maximum Trouble A vulnerability in a Claude browser extension enabled a zero-click attack scenario, allowing malicious content to execute without user interaction. The flaw could be exploited to access sensitive data or perform actions within the extension’s permissions. Researchers highlighted the risks associated with overly permissive browser extensions and insufficient validation of […]
TikTok Accounts Under Siege
MiTM Phishing Targets TikTok Business Accounts A new adversary-in-the-middle (MiTM) phishing campaign is targeting TikTok business accounts to bypass multi-factor authentication and steal credentials. Attackers use sophisticated proxy-based techniques to intercept login sessions in real time, allowing them to capture session cookies and gain account access. The campaign is particularly concerning due to its effectiveness […]
iPhones Not So Untouchable After All
TA446 Deploys Leaked DarkSword iOS Spyware The threat group TA446 has been observed deploying a leaked version of the DarkSword iOS spyware toolkit in targeted campaigns. Originally developed for surveillance purposes, the tool enables data exfiltration, device monitoring, and remote control capabilities. Its leak has lowered the barrier to entry for cybercriminals, increasing the risk […]
Citrix NetScaler Under Active Recon
NetScaler in the Spotlight: Attackers Circle Like Sharks Threat actors are actively scanning the internet for vulnerable Citrix NetScaler instances following recent disclosures of security flaws. Researchers observed widespread reconnaissance activity targeting exposed endpoints, suggesting attackers are preparing for exploitation at scale. While no confirmed mass exploitation has yet been reported, the level of scanning […]
Apple Issues Security Updates for Older Devices
Apple patches older devices because attackers do not care how old your iPhone is Apple released security updates for older iPhone, iPad and macOS Sonoma devices after a WebKit flaw, CVE-2023-43010, was found to have been used in the Coruna exploit kit. The company backported the fix to legacy supported versions so users on older […]
OAuth Trap EDR Killer
ThreatsDay Bulletin: OAuth Trap, EDR Killer and More The ThreatsDay bulletin pulled together a range of notable developments, including OAuth token theft, Signal and WhatsApp account hijacking, Zombie ZIP archive evasion, cloud weaknesses, malware delivered through Microsoft Teams, AI-platform compromise and botnet activity. One highlighted technique, Zombie ZIP (CVE-2026-0866), uses malformed ZIP headers to evade […]
Veeam Patches 7 Critical Backup Vulnerabilities
If your backups are vulnerable, things get awkward quickly Veeam released fixes for seven critical vulnerabilities in Backup & Replication, including several remote code execution flaws with CVSS scores as high as 9.9. The issues affect version 12 builds prior to 12.3.2.4465, with additional fixes included in version 13.0.1.2067. Some bugs allow authenticated domain users […]
Storm-2561 Spreads Trojan VPN
Fake VPNs: because regular phishing apparently wasn’t enough Microsoft detailed a campaign by Storm-2561 that used SEO poisoning and fake software sites to push trojanised VPN clients. Victims searching for legitimate enterprise VPN tools were redirected to malicious ZIP files and MSI installers, in some cases hosted via GitHub, that masqueraded as trusted products. The […]
GlassWorm Supply-Chain Attack
GlassWorm Supply-Chain Attack Abuses Open VSX Extensions A new phase of the GlassWorm campaign abused 72 malicious Open VSX extensions and affected 151 GitHub repositories, targeting developers through software supply-chain channels. Researchers said the attackers escalated their tactics by abusing extensionPack and extensionDependencies, allowing seemingly harmless extensions to later pull in malicious ones after trust […]
ClickFix Campaigns Spread
ClickFix Campaigns Spread MacSync on macOS Researchers found three ClickFix campaigns pushing a macOS infostealer called MacSync via fake AI and developer tool installers. Rather than exploiting a software flaw, the attacks rely on users copying and running malicious Terminal commands from convincing setup pages hosted on legitimate platforms such as Cloudflare Pages, Squarespace, and […]
Apple Patches Actively Exploited Zero-Day
Apple Fixes Exploited Zero-Day Affecting iOS, macOS and More Apple has released security updates to address an actively exploited zero-day vulnerability, tracked as CVE-2026-20700, affecting iOS, iPadOS, macOS, tvOS, watchOS and visionOS. The flaw exists within Apple’s Dynamic Link Editor (dyld), a core system component responsible for loading libraries. Successful exploitation could allow arbitrary code […]
BeyondTrust Vulnerability Exploited
BeyondTrust Vulnerability Exploited — Remote Access Tools in the Crosshairs Security researchers have identified active exploitation of a critical vulnerability affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) solutions. The flaw, rated CVSS 9.9, allows unauthenticated remote code execution via specially crafted requests. Attackers have been observed extracting session values and establishing WebSocket […]
DNS-Based ClickFix Attack
Microsoft Warns of DNS-Based ClickFix Attack Using Nslookup Microsoft has disclosed a new variant of the ClickFix social engineering attack that abuses DNS and the Windows nslookup utility to deliver malware. Instead of relying on traditional web downloads, attackers trick victims into running DNS queries that retrieve encoded malicious payloads. The technique allows threat actors […]
Chrome Zero-Day Exploited
New Chrome Zero-Day (CVE-2026-2441) Under Active Exploitation Google has released an emergency security update to address CVE-2026-2441, a high-severity zero-day vulnerability in Chrome that is being actively exploited in the wild. The flaw stems from a use-after-free bug in the browser’s CSS engine, which can allow attackers to execute arbitrary code by tricking users into […]
ZeroDayRAT: Spyware for Sale
New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft Security researchers have uncovered a new mobile spyware platform called ZeroDayRAT, actively marketed on Telegram to cybercriminals. The malware targets both Android and iOS devices and offers real-time surveillance capabilities, including location tracking, keystroke logging, SMS interception, microphone and camera access, and credential harvesting. It […]
Password Managers-Not Quite Foolproof
Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers A new academic study looked at popular cloud-based password managers — including Bitwarden, Dashlane, and LastPass — to see if their “zero-knowledge” encryption held water when sent on rough seas. Researchers found 25 distinct attack vectors tied to password recovery and vault logic. Under […]
Our Services
What Our Clients Say
“CyberWhite have been a pleasure to deal with by repeatedly demonstrating their professionalism and technical knowledge throughout the procurement process and execution of our project. From initially exploring our goals to a consultant working with us on-site and remotely, we’ve enjoyed a positive experience that has ultimately benefited our organisation and helped to improve our Cyber Security posture.”
“I would like to say a thousand “thank you’s” to CyberWhite after rescuing us from the commercial disaster we faced after being subjected to a very sophisticated fraud. Without the timely involvement and expertise from CyberWhite, we would undoubtedly have faced catastrophic consequences including a significant financial loss and possibly a forced closure of the business. We will always remember the kindness and professional approach taken by the CyberWhite team. They were able to successfully recover the critical data which was the life blood of our business. This expertise has allowed us to continue trading and provided us with the additional benefits of ensuring that we are more cyber risk aware and we now have a security partner to support us.”
“As an Operator of Essential Services, PX Group comply with advice provided by recognised security bodies such as NCSC. The advice is relevant to all organisations who provide infrastructure or support to the UK’s critical national infrastructure. PX Group engaged CyberWhite to undertake Third Party Security Audits (aligned to ISO28000:2007) against key suppliers who had access to information assets within the PX Group domain. CyberWhite created a comprehensive audit document set and supported this with interviews and visits in order to validate responses. The output from CyberWhite was comprehensive and provided security assurance to PX Groups stakeholders and interested parties that the key suppliers had a focus on security and understood and could demonstrate best practices in relation to the handling of PX Groups information assets. This process has been invaluable in validating what we believed and providing a platform from which we will continue to assess, review and benchmark all parties in our information supply chain.”
Do you know how secure your systems are?
We have a wide range of industry leading cyber security tools at our disposal. But first we will identify any vulnerabilities, specify our recommended solutions, then help you prioritise an effective schedule to greatly reduce your cyber risk exposure.
Meet the CyberWhite Team
CyberWhite News
Malware Takes Aim at Healthcare Industry
ResolverRat Malware Takes Aim at Healthcare Industry A malicious campaign using ResolverRat malware has been targeting healthcare providers globally, taking advantage of open RDP connections and phishing scams. The malware provides remote access to compromised systems, enabling attackers to exfiltrate medical data and potentially disrupt patient services. Security researchers warn that ResolverRat’s operators appear to […]
CyberWhite’s Path to Net Zero
At CyberWhite, we are determined to achieve net-zero carbon emissions by 2030. The video below showcases our efforts to reduce our carbon footprint significantly: Embracing Renewable Energy: We aim to minimise reliance on fossil fuels by investing in solar power. Green Transportation Solutions: Shifting to electric vehicles and encouraging remote work to cut down commuting […]
David Horn speaks on recent data breach at top UK organisations
At the end of May, 8 of the biggest organisations in the UK were hit with a cyber-attack exposing thousands of employees’ bank and personal data through their payroll system. So far only 3 of the companies have been named in the data breach: British Airways, Boots, and the BBC, with no official confirmation on […]
Partnership with Vianet Group PLC
CyberWhite Ltd announces partnerships with Vianet Group PLC and px Group for 3-year agreement’s to provide cyber security advice and support. David Horn and Matthew Hewison of CyberWhite met with px’s Mark Willis and Vianet’s Thom Menzies, to discuss how working closely together over the coming months and years will not only benefit businesses in […]
CyberWhite Open New HQ
CyberWhite are pleased to annouce the opening of their new HQ in Sunderland.
Meet the neighbours – Northern Spire Ltd
We were delighted this week to appear in Wear Business as they ran a featured article Northern Spire ltd, welcoming CyberWhite as business neighbours in Defender Court. Northern Spire specialise in providing a wide range of financial services and operate as a senior partner practice of St James’s Place Wealth Management. CyberWhite’s relationship with Northern […]
CEO Sleepout – Fundraising Total
CEO SLEEPOUT – FUNDRAISING UPDATE You may remember earlier in the year that our Director, Matt Hewison took part in the CEO Sleepout event in Middlesbrough city centre. We can now inform you that the event raised a phenomenal c£21,800.00!!! Over 40 people bedded down at Middlesbrough Town Hall in the pouring rain, to raise […]
Weekly Round Up 19th – 23rd July
Welcome CyberWhite followers to our latest week in review. We’d like to first of all thank all of our current and new followers. It means a great deal to us that our security advice is able to reach you. It would be fantastic if you could lend us a helping hand simply by liking our […]
New Middlesbrough office for cyber security firm
Middlesbrough Mayor, Andy Preston with CyberWhite directors Matt Hewison and David Horn CyberWhite, an established provider of cyber security and cyber risk mitigation solutions for business, has opened a new office in Middlesbrough’s Boho Zone. The technology solutions provider is proud to be at the centre of a number of key local developments for the […]
CyberWhite’s Week in Review – 17 May to 21 May
We’d like to take a moment of your time and share with you what CyberWhite have been up to during the last week in case you’ve missed any of our activities. Please click the button below to download our week in review. We hope you enjoy it. Any questions, please get in touch. Click here […]
Businesses urge local authorities to take action
A group of North East businesses has written to the newly elected police and crime commissioner for Cleveland to call on him to put tackling fraud at the heart of his agenda as increasing numbers of people and businesses are targeted. Active Chartered Financial Planners, a Stockton-based finance specialist, Cyberwhite, a cyber security specialist with […]
Budget 2021
We’re sure you’ve all been keeping up to date with the 2021 Budget unveiled by Chancellor Rishi Sunak in the House of Commons. As we look ahead to life on the other side of the pandemic, the Chancellor released several initiatives that look to have a hugely positive impact on the North East, and in particular, the Tees valley region. As a growing business […]
CyberWhite Newsletter Summer 2020
Summer is officially here and so is our much anticipated Summer 2020 Newsletter This edition contains a fantastic interview with industry veteran Bruce Hockin, Channel Sales Director from Arcserve plus interviews with our very own Jemma Cavana-Cole and Charlotte Topping. You can also find out more about what we’ve been up to during lockdown including […]
Finalist in the ‘Small Business of the Year’
We are delighted to announce that CyberWhite Ltd has been named as a finalist in the ‘Small Business of the Year’ category in the upcoming UK Social Mobility Awards. CyberWhite Ltd is committed to making a difference and we are incredibly humbled to have our efforts recognised in these flagship awards.
CyberWhite Sponsors Young Teesside Cricketers
CyberWhite, a cybersecurity firm based in Seaham, is sponsoring Saltburn Cricket Club Under 13s following a disturbed start to the season due to COVID 19. Matt Hewison, chief operating officer of the firm, has been coach and manager of the team for the past two seasons, and wanted to increase his support of the club […]