Cyber Team is RECATOOLS’ cybersecurity desk, covering vulnerabilities, data breaches, supply-chain attacks, threat intelligence, exploit activity, and security best practices. The desk focuses on practical implications for developers, SMEs, IT teams, and ASEAN organisations.

About this byline

Cyber Team is a specialist RECATOOLS editorial desk focused on cybersecurity coverage. Articles are produced and reviewed under RECATOOLS editorial supervision.

68
Articles
Cybersecurity
Primary beat
Jan 2026
Writing since
~398 min
Total reading
All 68 Cybersecurity 67 Developer Tools 1

Articles · Cybersecurity Showing 1–10 of 67

Conceptual image of a headset and a glowing login screen on a dark desk — illustrating the voice-phishing-to-single-sign-on chain behind these breaches.
Cybersecurity

No Zero-Day Required: ShinyHunters' Salesforce Vishing Spree Snares Charter and Carnival in One Week

Two major consumer brands confirmed breaches days apart — Carnival began notifying nearly six million people, and Charter's customer data was dumped on a leak site after an extortion threat. Neither attack needed a software flaw. Both trace to the same playbook: a phone call that talks an employee out of their single sign-on, then a quiet export of the corporate Salesforce. It is the year's defining identity-and-trust attack, and the control that stops it is not a patch.

2 Jun 2026 · 7 min read
Network server room with rack cabling, illustrating a firewall vulnerability at the network edge.
Cybersecurity

CISA orders agencies to patch an actively exploited Palo Alto firewall flaw by 1 June

Attackers are exploiting a flaw in Palo Alto Networks' PAN-OS that lets them slip past security controls and open an unauthorised VPN connection through GlobalProtect gateways. The US cyber agency has added CVE-2026-0257 to its must-patch list and set a 1 June deadline for federal agencies.

1 Jun 2026 · 2 min read
Nova ransomware group claim against Badan Pangan Nasional Indonesia food agency May 2026
Cybersecurity

Nova Ransomware Claims Indonesia's National Food Agency in Latest Government Sector Hit

Nova ransomware claimed Badan Pangan Nasional — Indonesia's National Food Agency — on 29 May 2026, citing 133 compromised credentials and 39 exposed attack-surface items. The group, which operated as RALord from March 2025 before rebranding to Nova in late April 2025, has now claimed at least two Indonesian public-sector bodies. No official confirmation from BPN or BSSN has been issued.

1 Jun 2026 · 5 min read
Server room with warning indicators representing a Security Operations Centre failure at two Vietnamese government ministries
Cybersecurity

VNCERT: SOC Systems Failed to Catch Breaches at Two Vietnamese Ministries, Millions of Records Stolen

Vietnam's national cybersecurity authority disclosed on 22 May 2026 that hackers breached two ministerial-level agencies and exfiltrated millions of user records — while both organisations' Security Operations Centre platforms raised no alerts. The incident is a case study in why tool deployment without qualified operators offers the appearance of security rather than the substance.

1 Jun 2026 · 5 min read
Bombay High Court building with a digital lock overlay representing the HDFC AMC ransomware injunction ruling
Cybersecurity

Morpheus Ransomware Steals 680 GB from HDFC AMC; Bombay HC Issues Temporary Injunction

On 16 May 2026 HDFC AMC's IT administrator detected anomalies in the company's infrastructure and received an extortion email from "Morpheus" claiming 680 GB of investor data had been exfiltrated. Bombay HC Justice Shreeram Shirsat granted a temporary injunction on 29 May and directed DoT and MeitY to block any platforms distributing the stolen records.

1 Jun 2026 · 5 min read
Cisco Catalyst SD-WAN Controller authentication bypass CVE-2026-20182 zero-day vulnerability diagram
Cybersecurity

Cisco Patches Sixth SD-WAN Zero-Day of 2026 as UAT-8616 Gains Admin Access via CVSS 10.0 Auth Bypass

Cisco has disclosed CVE-2026-20182, a CVSS 10.0 authentication bypass in its Catalyst SD-WAN Controller — the sixth actively exploited SD-WAN zero-day of 2026. Researchers at Rapid7 traced the flaw to a missing device-type check in the vbond_proc_challenge_ack() function, which allowed threat group UAT-8616 to gain persistent high-privileged access and, via a separately chained older vulnerability, escalate to root. CISA ordered federal agencies to patch by 17 May 2026.

1 Jun 2026 · 5 min read
Microsoft Exchange Server OWA zero-day CVE-2026-42897 actively exploited vulnerability alert
Cybersecurity

Microsoft Exchange OWA Zero-Day CVE-2026-42897 Actively Exploited With No Permanent Patch

Microsoft confirmed active exploitation of CVE-2026-42897, a cross-site scripting flaw in Exchange's Outlook Web Access component, on 14 May 2026 — two days after a Patch Tuesday that addressed 138 separate vulnerabilities. No permanent fix exists. CISA added the flaw to its Known Exploited Vulnerabilities catalogue the same day, giving federal agencies until 29 May to remediate. On-premises Exchange 2016, 2019, and SE are affected; Exchange Online is not.

1 Jun 2026 · 5 min read
Server rack in a data centre representing shared hosting infrastructure affected by CVE-2026-48172
Cybersecurity

LiteSpeed cPanel Plugin Zero-Day CVE-2026-48172: Maximum-Severity Root Escalation Under Active Exploitation

CVE-2026-48172 in the LiteSpeed User-End cPanel Plugin carries a CVSS v4.0 score of 10.0 and was added to CISA's KEV catalogue on 26 May 2026. A low-privilege cPanel account is enough to gain root on the entire host. Here is what operators need to know and do now.

1 Jun 2026 · 5 min read
Digital map of Southeast Asia overlaid with network intrusion indicators representing the SHADOW-EARTH-053 espionage campaign
Cybersecurity

SHADOW-EARTH-053: China-Aligned Espionage Campaign Hits Government and Defence Networks Across ASEAN and Beyond

A China-aligned intrusion cluster designated SHADOW-EARTH-053 maintained covert access inside government ministries, defence contractors, and critical infrastructure across eight countries for at least 17 months. TrendAI researchers published findings on 1 May 2026 identifying targets in seven Asian nations plus Poland, with ShadowPad deployed via long-unpatched Exchange and IIS vulnerabilities — including the five-year-old ProxyLogon chain and a newer React Server Components flaw.

1 Jun 2026 · 6 min read
Dark screen of system code and a terminal, illustrating software vulnerabilities being patched.
Cybersecurity

This week's bugs to patch: a critical OTRS flaw and a Linux root hole on CISA's list

A short, practical read of the week's most urgent vulnerabilities: a critical pre-authentication flaw in the OTRS service-desk platform, and a Linux privilege-escalation bug that the US cyber agency has confirmed is being exploited and added to its must-patch catalogue.

1 Jun 2026 · 3 min read
Editorial Policy →