VulnHub

Real-time Cybersecurity News

Companies House Restores WebFiling After Flaw Exposed Director Details

Hackread – Cybersecurity News, Data Breaches, AI and More
VulnerabilityData Breach

Overview

Companies House, the UK's official register of companies, recently addressed a significant flaw in its WebFiling service. This vulnerability allowed unauthorized users to not only view sensitive director details but also modify company records. The issue prompted Companies House to take the service offline temporarily while they worked on a fix. After resolving the flaw, the WebFiling service was restored, but the incident raises concerns about the security of sensitive corporate information. Users and companies relying on this service need to be aware of the potential risks associated with such vulnerabilities.

Key Takeaways

  • Affected Systems: Companies House WebFiling service
  • Action Required: Flaw was fixed and WebFiling service was restored; specific patch details not mentioned.
  • Timeline: Newly disclosed

Original Article Summary

Companies House fixed a WebFiling flaw that allowed users to view director details and alter company records before the service was taken offline and restored.

Impact

Companies House WebFiling service

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

Flaw was fixed and WebFiling service was restored; specific patch details not mentioned.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability, Data Breach.

Read Original Article

Related Coverage

Global fraud losses climb to $442 billion

Help Net Security

Online fraud is becoming a significant issue globally, with losses reaching $442 billion, according to INTERPOL's latest report. The increase is attributed to the rise of digital tools and organized crime networks that operate internationally. Between 2024 and 2025, there was a 54% increase in fraud-related notices, indicating a growing number of victims affected by these scams. The report categorizes financial fraud as one of the top five global crime threats, emphasizing the need for better security measures and awareness. The surge in fraud impacts individuals and businesses alike, highlighting the urgency for enhanced protective strategies in the digital space.

Mar 18, 2026

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23

The Hacker News

Researchers have identified a severe vulnerability in the GNU InetUtils telnet daemon, known by its CVE identifier CVE-2026-32746. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges through Telnet connections on port 23. With a CVSS score of 9.8, this vulnerability poses a significant risk to systems using the affected telnetd. The issue arises from an out-of-bounds write in the LINEMODE Set, which could be exploited easily by attackers. Organizations using this software need to take immediate action to secure their systems, as the implications of this flaw could lead to unauthorized access and control over critical infrastructure.

Mar 18, 2026

GlassWorm campaign evolves: ForceMemo attack targets Python repos via stolen GitHub tokens

SCM feed for Latest

The ForceMemo attack is a new tactic used by the GlassWorm malware, targeting developers by compromising their systems through malicious extensions for Visual Studio Code and Cursor. Once the malware infiltrates a developer's environment, it steals sensitive information, including GitHub tokens, which can then be used to access and manipulate code repositories. This poses a significant risk to software projects, as attackers can potentially alter or insert malicious code into popular Python repositories. Developers and organizations relying on GitHub for collaboration and version control should be particularly vigilant. It's crucial for users to ensure their development tools are secure and to monitor their accounts for any suspicious activity.

Mar 17, 2026

UK businesses risk data breaches due to poor identity security

SCM feed for Latest

A recent report by SailPoint, which surveyed 333 IT decision-makers in the UK, reveals a significant security risk for businesses: 77% of organizations do not deactivate accounts of former employees in a timely manner. This oversight can leave sensitive data vulnerable to unauthorized access, as ex-employees may still have the ability to access company systems. The failure to manage identity security effectively could result in data breaches, potentially exposing businesses to severe financial and reputational damage. Companies must prioritize timely account deactivation protocols to protect their data and maintain compliance with data protection regulations. This situation is particularly concerning as it highlights a widespread issue that could affect numerous organizations across various sectors.

Mar 17, 2026

Companies House platform suffers security issue exposing director data

SCM feed for Latest

On March 13, the WebFiling service of Companies House was taken offline after a security issue was discovered that exposed sensitive data of company directors. This incident raises concerns about the privacy and security of personal information for those listed as directors, as it could potentially be misused by malicious actors. Companies House, which is responsible for registering company information in the UK, has not provided detailed information about the nature of the data that was exposed or how many individuals were affected. The downtime of the service indicates a proactive measure to prevent further unauthorized access. This situation emphasizes the importance of maintaining secure systems, especially when handling sensitive personal data.

Mar 17, 2026

Intuitive suffers data breach after phishing attack

SCM feed for Latest

Intuitive has reported a data breach resulting from a phishing attack that compromised sensitive information. The stolen data includes customer business and contact details, as well as employee and corporate data. This breach could potentially expose affected individuals and businesses to identity theft and fraud. Phishing attacks are a common tactic used by cybercriminals to gain unauthorized access to systems, making this incident a reminder of the constant need for vigilance in cybersecurity practices. Organizations are encouraged to review their security protocols and educate employees about recognizing phishing attempts to mitigate future risks.

Mar 17, 2026