#No.7 Edition
Sharp & curated cybersecurity news to keep your business safe & secure
Hello again, cybersecurity enthusiasts️, apprentices, and newcomers 🚀!
Twice a month, we’re “hacking” your feed with AROBS Cyber News(letter) – fresh and straight from the cybersec bubble 🔒. We promise to keep it short and sharp ✂️.
Here’s what you’ll find in our sections:
• The Only Article You Need to Read This Week 📝
• The Specialists’ Take 🎯
• You Need to Know That 📖
Critical WordPress Plugin Vulnerability in OttoKit (SureTriggers) Actively Exploited
Hackers began exploiting a high-severity authentication bypass vulnerability (CVE-2025-3102) in the OttoKit WordPress plugin (formerly SureTriggers) just hours after its public disclosure.
Affected Versions: All versions up to 1.0.78
Patched Version: 1.0.79 (released April 3)
Impact: Allows attackers to bypass authentication and create admin accounts, leading to a potential full site takeover
Cause: Missing value check in the authenticate_user() function when the plugin is configured without an API key
Active Installations: Approx. 100,000 sites
Security researchers observed the first attack attempts just 4 hours after the disclosure. The attacks appear automated, targeting vulnerable sites rapidly.
🛡️ What You Should Do:
Immediately update OttoKit/SureTriggers to version 1.0.79
Check logs for:
Unexpected admin accounts
Unknown plugin/theme installations
Changes in security settings
Unusual database activity
Failure to act quickly could leave your site exposed to complete compromise.
Your Insurance Won't Save You from a Data Breach — But This Might
The Specialist
Mihai Șchiopu is a Cybersecurity Specialist in our Software Services Division.
If you're running a small or medium-sized business, you've taken the responsible step of getting cyber insurance. That's smart. But there's the hard truth.
Cyber insurance won't stop a data breach from happening.
It might help cover some of the costs afterwards — legal fees, customer notifications, and maybe some downtime. However, once a breach occurs, damage to your business, reputation, and customer trust is already done.
And here's where most business owners get it wrong:
They treat cyber insurance as a replacement for cybersecurity, not a backup plan.
The Real-World Risks Small Businesses Face
Many SMBs still think they're too small to be on a hacker's radar. That's outdated thinking.
Modern cyberattacks are often automated, casting a wide net across thousands of businesses looking for easy targets — outdated software, weak passwords, exposed cloud storage, and unsecured APIs. You don't need to be famous or high-profile to be hit. You just need to be vulnerable.
And trust us — attackers are very good at finding those vulnerabilities.
Penetration Testing: Your First Line of Defence
That's where penetration testing (also known as pentesting) comes in.
A professional pentest simulates a real-world attack on your infrastructure — whether it's your website, internal network, mobile app, or cloud systems — to uncover exactly where you're exposed before a real attacker does.
Think of it like hiring an ethical hacker to break into your systems and giving you the blueprint to fix everything they find.
Here's why it matters:
Insurance kicks in after the breach. Pentesting helps you prevent it.
Claims can be denied if you haven't taken reasonable security precautions.
Downtime is expensive. In many SMBs, a single compromised system can shut down operations for days or weeks.
Reputation loss is harder to recover from than financial loss.
Prevention Is Always Cheaper Than Recovery
A thorough pentest can uncover critical issues that insurance alone cannot fix — such as outdated software with known exploits, exposed admin panels, or misconfigured cloud services. Fixing these issues costs a fraction of what a breach can cost your business.
Cybersecurity isn't just an IT problem. It's a business continuity issue. A customer trust issue. It's a survival issue.
Final Thoughts: A Smarter Security Strategy
Cyber insurance is a smart part of a larger strategy. But relying on it alone is like buying fire insurance and then disabling your smoke detectors.
If you're serious about protecting your business, the first step is knowing where you stand — and closing the gaps before someone else finds them.
That's what we do.
Phishing Simulations Aren't Just for Big Corporations
Phishing emails remain the primary method by which hackers gain access to companies, and small and medium-sized businesses are no exception. Attackers often see SMBs as easier targets: fewer defences, less training, and more trust-based decision-making.
A phishing campaign is a controlled, simulated attack designed to test how your team reacts to real-world scams.
Running a phishing simulation helps uncover who clicks, who replies, and who needs guidance. But it doesn't stop there. When followed by focused, practical training, it becomes a powerful tool to build awareness and strengthen your company's first line of defence: your people.
It's one of the most effective ways to turn human risk into resilience.
The numbers speak for themselves:
57% of organisations report facing phishing attempts on a weekly or even daily basis.
According to IBM's threat intelligence, 41% of cybersecurity incidents start with a phishing email.
Most eye-opening is that 95% of breaches involve human error.
These aren't just stats; they're red flags. They prove that technical security alone isn't enough.
Your people need to be trained, tested, and ready to respond.
Want to know how your team would handle a phishing attempt?
Contact us to learn more and take a proactive step toward stronger cybersecurity.
Contributor: Iulia Raboi, Project Manager in Cybersecurity
Stay safe, stay secure!