VulnHub

Real-time Cybersecurity News

Companies House platform suffers security issue exposing director data

SCM feed for Latest
Data Breach

Overview

On March 13, the WebFiling service of Companies House was taken offline after a security issue was discovered that exposed sensitive data of company directors. This incident raises concerns about the privacy and security of personal information for those listed as directors, as it could potentially be misused by malicious actors. Companies House, which is responsible for registering company information in the UK, has not provided detailed information about the nature of the data that was exposed or how many individuals were affected. The downtime of the service indicates a proactive measure to prevent further unauthorized access. This situation emphasizes the importance of maintaining secure systems, especially when handling sensitive personal data.

Key Takeaways

  • Affected Systems: Companies House WebFiling service, director data
  • Action Required: Service taken offline to prevent further exposure.
  • Timeline: Disclosed on March 13, 2023

Original Article Summary

The incident occurred on March 13 when the WebFiling service was taken offline at 1:30 p.m. UTC.

Impact

Companies House WebFiling service, director data

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Disclosed on March 13, 2023

Remediation

Service taken offline to prevent further exposure

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Read Original Article

Related Coverage

AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner

Infosecurity Magazine

According to a recent report by Gartner, security teams should prioritize their involvement in artificial intelligence (AI) projects to prevent expensive incident response efforts in the future. The research suggests that by 2028, AI-related issues will account for half of all incident response activities. This shift highlights the growing intersection between cybersecurity and AI, emphasizing that companies need to integrate security considerations from the outset of AI development. Failing to do so could lead to significant vulnerabilities and costly breaches. As AI technology becomes more prevalent in various sectors, understanding its risks and preparing for potential security incidents will be crucial for organizations.

Mar 18, 2026

Tracking the Iran War: A Month of Escalation and Regional Impact

Security Affairs

The ongoing conflict in Iran is expected to extend, leading to an increase in cyber threats and potential disruptions in energy supply across the region. Companies operating in the Middle East may face heightened risks as tensions escalate. Cybersecurity experts are warning that this situation could result in more frequent and severe cyberattacks aimed at critical infrastructure and private enterprises. The implications of such attacks could be wide-ranging, impacting not just local businesses but also global markets and energy prices. Stakeholders in the region are advised to bolster their cybersecurity measures to mitigate potential risks.

Mar 18, 2026

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

The Hacker News

A significant security vulnerability, identified as CVE-2026-3888, has been discovered in default installations of Ubuntu Desktop versions 24.04 and later. This flaw allows unprivileged local attackers to escalate their privileges to root access, potentially giving them complete control over the affected systems. With a CVSS score of 7.8, this high-severity issue poses a serious risk to users who have not applied necessary security measures. It is crucial for Ubuntu users to be aware of this vulnerability, as it could lead to unauthorized access and manipulation of sensitive data. Immediate action is recommended to safeguard systems against potential exploitation.

Mar 18, 2026

Global fraud losses climb to $442 billion

Help Net Security

Online fraud is becoming a significant issue globally, with losses reaching $442 billion, according to INTERPOL's latest report. The increase is attributed to the rise of digital tools and organized crime networks that operate internationally. Between 2024 and 2025, there was a 54% increase in fraud-related notices, indicating a growing number of victims affected by these scams. The report categorizes financial fraud as one of the top five global crime threats, emphasizing the need for better security measures and awareness. The surge in fraud impacts individuals and businesses alike, highlighting the urgency for enhanced protective strategies in the digital space.

Mar 18, 2026

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23

The Hacker News

Researchers have identified a severe vulnerability in the GNU InetUtils telnet daemon, known by its CVE identifier CVE-2026-32746. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges through Telnet connections on port 23. With a CVSS score of 9.8, this vulnerability poses a significant risk to systems using the affected telnetd. The issue arises from an out-of-bounds write in the LINEMODE Set, which could be exploited easily by attackers. Organizations using this software need to take immediate action to secure their systems, as the implications of this flaw could lead to unauthorized access and control over critical infrastructure.

Mar 18, 2026

GlassWorm campaign evolves: ForceMemo attack targets Python repos via stolen GitHub tokens

SCM feed for Latest

The ForceMemo attack is a new tactic used by the GlassWorm malware, targeting developers by compromising their systems through malicious extensions for Visual Studio Code and Cursor. Once the malware infiltrates a developer's environment, it steals sensitive information, including GitHub tokens, which can then be used to access and manipulate code repositories. This poses a significant risk to software projects, as attackers can potentially alter or insert malicious code into popular Python repositories. Developers and organizations relying on GitHub for collaboration and version control should be particularly vigilant. It's crucial for users to ensure their development tools are secure and to monitor their accounts for any suspicious activity.

Mar 17, 2026