Threat Report 160

Written by Craig Pepper | Jan 26, 2026 9:45:01 AM

This week's threat report covers Cisco communications systems under active attack via a critical vulnerability, Oracle releases a fix for maximum-severity flaw in widely used middleware, NHS issues urgent guidance on Fortinet firewall security, and UK Impact: London Councils Still Recovering Months After Cyberattack.

Cisco Unified Communications Systems Under Active Attack

Cisco has released urgent security updates to fix a critical vulnerability in its Unified Communications products. The flaw allows attackers to take complete control of affected systems without needing a password. Cisco has confirmed that criminals are already using this vulnerability to attack organisations. The problem affects Cisco Unified Communications Manager, Unity Connection, and Webex Calling systems.

Many UK organisations, including NHS Trusts and private healthcare providers, use Cisco's voice and video calling systems for daily operations. An attacker exploiting this flaw could listen to calls, steal data, or disrupt your ability to communicate with patients and staff. For organisations working towards DSPT compliance, failing to patch this vulnerability quickly could result in a serious security breach and regulatory problems.

Recommendations

Apply Cisco's security updates immediately to all affected Unified Communications systems
Check your systems to see if you are running vulnerable versions (details in the NHS alert)
Review your security logs for any suspicious activity targeting these systems
If you cannot patch straight away, work with your IT team to isolate affected systems from the internet where possible

Oracle Releases Fix for Maximum-Severity Middleware Flaw

Oracle has published a security update that fixes a critical vulnerability in Oracle Fusion Middleware. This flaw has been given the highest possible severity rating of 10.0 out of 10.0. An attacker can exploit this weakness by sending a specially crafted web request to an Oracle HTTP Server or WebLogic Server. A successful attack allows the attacker to create, delete, or change critical data without needing any login credentials.

Oracle Fusion Middleware is widely used by large organisations, including those in healthcare and the public sector, to run business-critical applications. If exploited, this vulnerability could allow attackers to access patient data, modify records, or cause serious disruption to services. The NHS National CSOC has assessed that exploitation is highly likely, which means there is a real and immediate risk to UK organisations using this software.

Recommendations

Apply Oracle's January 2026 Critical Patch Update as soon as possible
Prioritise patching systems that are accessible from the internet or untrusted networks
Review access controls to ensure that only necessary systems can reach your Oracle middleware
Monitor for unusual web traffic or access patterns that could indicate an attack attempt
If you use third-party suppliers who manage Oracle systems on your behalf, confirm they have applied the patches

NHS Warns on Fortinet Firewall Security Following Buffer Overflow Flaw

Fortinet has released security updates to fix a high-severity vulnerability in FortiOS and FortiSwitch Manager. The flaw is a buffer overflow issue that could allow an attacker who is not logged in to run malicious code or commands on affected devices. This type of vulnerability is particularly dangerous because it allows attackers to take control of network security devices that are meant to protect you.

Fortinet firewalls are commonly used by UK businesses and healthcare organisations to protect their networks. If your firewall is compromised, an attacker could gain access to your entire network, steal sensitive data, or launch further attacks. For NHS suppliers and organisations subject to DSPT requirements, a compromised firewall could lead to a major data breach and failure to meet your security obligations.

Recommendations

Apply Fortinet's security updates to all affected FortiOS and FortiSwitch Manager devices immediately
Check that your Fortinet devices are running supported versions (older versions may no longer receive security updates)
Review firewall logs for any unusual login attempts or configuration changes
Ensure that management interfaces are not accessible from the internet unless absolutely necessary
Consider enabling multi-factor authentication for administrative access to Fortinet devices

Want help staying ahead of threats like these? Contact Periculo about our Threat Intelligence services. We help UK businesses and digital health organisations stay protected against the latest cyber threats.

UK Impact: London Councils Still Recovering Months After Cyberattack

Several London boroughs, including Westminster and Kensington & Chelsea, are still experiencing major disruption two months after a cyberattack that hit their shared IT systems in November 2025. While some services are slowly returning, core functions remain offline. Westminster City Council, for example, cannot process direct debits or issue birth certificates, and Kensington & Chelsea’s council tax team still cannot access their systems.

This incident is a stark reminder of the long-lasting and costly impact of a serious cyberattack. It shows that disruption is not measured in hours or days, but often in months. For UK businesses and NHS suppliers, this highlights the importance of not just defence, but also resilience. A similar attack could cripple invoicing, disrupt supply chains, and cause significant reputational damage that lasts long after the initial incident.

Recommendations

Review and test your organisation’s incident response and business continuity plans. Do they account for a prolonged outage of critical systems?
Ensure you have offline backups of critical data that are tested regularly.
For NHS suppliers, confirm that your own resilience plans align with the expectations of your healthcare partners and the DSPT.

View full post