Cyber Team is RECATOOLS’ cybersecurity desk, covering vulnerabilities, data breaches, supply-chain attacks, threat intelligence, exploit activity, and security best practices. The desk focuses on practical implications for developers, SMEs, IT teams, and ASEAN organisations.

About this byline

Cyber Team is a specialist RECATOOLS editorial desk focused on cybersecurity coverage. Articles are produced and reviewed under RECATOOLS editorial supervision.

68
Articles
Cybersecurity
Primary beat
Jan 2026
Writing since
~398 min
Total reading
All 68 Cybersecurity 67 Developer Tools 1

Articles Showing 11–20 of 68

Conceptual cyber scene: green code on a dark laptop over a backlit keyboard — illustrating this week's threat brief.
Cybersecurity

Threat Brief, Week of 18 May 2026: State-Backed Espionage in Malaysia, a Malware-Signing Takedown, and the Defender Itself Under Fire

Our weekly read of the threat landscape: a state-backed actor ran a bespoke espionage operation against Malaysian government networks, Microsoft dismantled a malware-signing-as-a-service business, and CISA flagged two actively exploited zero-days in Microsoft Defender — the very tool meant to catch the attacks. The throughline of the week: adversaries are weaponising trust.

30 May 2026 · 9 min read
Conceptual dark-terminal image reading 'data transfer complete' — evoking the data exfiltration in this Marimo RCE breach.
Cybersecurity

An LLM Agent Drove This Real Intrusion: Marimo RCE to Database Dump in Under an Hour

On 10 May an internet-exposed marimo notebook was breached through CVE-2026-39987 — and then an autonomous LLM agent took the keyboard. Sysdig's threat researchers say the agent improvised the entire post-exploitation chain, pulled an SSH key from AWS Secrets Manager, and dumped an internal database in under two minutes. A Chinese-language planning comment it left in the command stream gave it away.

30 May 2026 · 6 min read
Laravel-Lang Supply Chain Attack — 233 Versions Backdoored Across 700 Repos in a Composer-Autoload Trick
Cybersecurity

Laravel-Lang Supply Chain Attack — 233 Versions Backdoored Across 700 Repos in a Composer-Autoload Trick

On 22 May 2026, an attacker rewrote version tags across the Laravel-Lang ecosystem to deliver a 5,900-line PHP credential stealer via composer autoload. What every Laravel team must check this week.

22 May 2026 · 12 min read
Megalodon Campaign Backdoors 5,561 GitHub Repos in Six Hours — Inside the Largest GitHub Actions Supply-Chain Attack on Record
Cybersecurity

Megalodon Campaign Backdoors 5,561 GitHub Repos in Six Hours — Inside the Largest GitHub Actions Supply-Chain Attack on Record

An automated campaign called Megalodon pushed 5,718 malicious commits to 5,561 GitHub repos between 18-21 May 2026, exfiltrating CI secrets via poisoned GitHub Actions. What to check now.

21 May 2026 · 12 min read
Pwn2Own Berlin 2026 Pays Out $1.4M Across Three Days — Chrome Sandbox, Tesla Infotainment, Linux Kernel All Fall
Cybersecurity

Pwn2Own Berlin 2026 Pays Out $1.4M Across Three Days — Chrome Sandbox, Tesla Infotainment, Linux Kernel All Fall

The OffensiveCon Pwn2Own contest wrapped on Wednesday with $1.4 million paid out across 27 zero-days. A Chrome sandbox escape, a Tesla in-car LPE chain and a Linux kernel use-after-free were among the highest-paid bounties.

19 May 2026 · 8 min read
Anthropic Says It Disrupted the First Reported AI-Orchestrated Cyber-Espionage Campaign Using Claude
Cybersecurity

Anthropic Says It Disrupted the First Reported AI-Orchestrated Cyber-Espionage Campaign Using Claude

In a public write-up, Anthropic describes threat actors who induced Claude — by posing as defensive testers — into mapping internal networks and identifying high-value systems. The company says the sustained pattern is what eventually triggered detection.

18 May 2026 · 9 min read
AWS Confirms First Production Prompt-Injection Compromise in Bedrock Agents — Enterprise Customer Exfiltrated Documents
Cybersecurity

AWS Confirms First Production Prompt-Injection Compromise in Bedrock Agents — Enterprise Customer Exfiltrated Documents

In a quietly-published security bulletin, AWS confirmed an indirect prompt-injection attack in production Bedrock Agents pulled documents out of a customer's S3 bucket. The first publicly-disclosed in-the-wild compromise of an LLM-agent supply chain.

18 May 2026 · 8 min read
Google Documents First Observed AI-Developed Zero-Day Exploit Tied to a Planned Mass-Exploitation Campaign
Cybersecurity

Google Documents First Observed AI-Developed Zero-Day Exploit Tied to a Planned Mass-Exploitation Campaign

Google's Threat Intelligence Group has described what it believes is the first case of an AI-developed zero-day exploit attached to a mass-exploitation plan — a milestone defenders have been bracing for.

18 May 2026 · 8 min read
Network operations center with server racks and SD-WAN connectivity diagrams
Cybersecurity

Cisco Patches Sixth SD-WAN Zero-Day of 2026 — UAT-8616 Attribution from Talos

Cisco shipped an emergency advisory for CVE-2026-20182 on 15 May 2026, a peering authentication bypass in Catalyst SD-WAN Controller and Manager. It is the sixth SD-WAN zero-day Cisco has patched this year and the second tied by Talos to threat actor UAT-8616.

18 May 2026 · 3 min read
Abstract visualization of Linux server infrastructure and code highlighting kernel-level security
Cybersecurity

CISA Orders Federal Agencies to Patch Linux Kernel "Copy Fail" Zero-Day Within Two Weeks

A 732-byte Python script is all an unprivileged local user needs to take root on Ubuntu 24.04, RHEL 10.1, SUSE 16 and nearly every other major Linux distribution shipped in the last seven years. CISA gave federal agencies a May 15 deadline.

18 May 2026 · 3 min read
Editorial Policy →