Cyber Team is RECATOOLS’ cybersecurity desk, covering vulnerabilities, data breaches, supply-chain attacks, threat intelligence, exploit activity, and security best practices. The desk focuses on practical implications for developers, SMEs, IT teams, and ASEAN organisations.

About this byline

Cyber Team is a specialist RECATOOLS editorial desk focused on cybersecurity coverage. Articles are produced and reviewed under RECATOOLS editorial supervision.

68
Articles
Cybersecurity
Primary beat
Jan 2026
Writing since
~398 min
Total reading
All 68 Cybersecurity 67 Developer Tools 1

Articles · Cybersecurity Showing 21–30 of 67

EchoLeak: Zero-Click Prompt Injection in Microsoft 365 Copilot Quietly Exfiltrates Enterprise Data
Cybersecurity

EchoLeak: Zero-Click Prompt Injection in Microsoft 365 Copilot Quietly Exfiltrates Enterprise Data

EchoLeak shows a malicious email can trigger Microsoft 365 Copilot into exfiltrating enterprise data without a single user click. The bug type is now OWASP's top AI risk for 2026.

17 May 2026 · 8 min read
Hackers Reach Anthropic's Restricted Mythos Model Through a Vendor Environment as FSB Calls Briefing
Cybersecurity

Hackers Reach Anthropic's Restricted Mythos Model Through a Vendor Environment as FSB Calls Briefing

A small group of unauthorised users reached Mythos via a third-party vendor environment on the same day Anthropic announced the model. The Financial Stability Board has now asked Anthropic to brief regulators on the findings.

17 May 2026 · 9 min read
Anthropic's Project Glasswing Lines Up AWS, Apple, Google, Microsoft, JPMorgan to Test Mythos for Cyber Defence
Cybersecurity

Anthropic's Project Glasswing Lines Up AWS, Apple, Google, Microsoft, JPMorgan to Test Mythos for Cyber Defence

Project Glasswing pairs Anthropic's restricted Mythos model with a roster of hyperscalers, banks and the Linux Foundation. $100 million in model credits plus $4 million in open-source security donations underwrite the programme.

16 May 2026 · 8 min read
Exchange Server Zero-Day CVE-2026-42897 — Crafted-Email XSS Spoofs OWA Without User Click
Cybersecurity

Exchange Server Zero-Day CVE-2026-42897 — Crafted-Email XSS Spoofs OWA Without User Click

Microsoft disclosed CVE-2026-42897 on 14 May 2026 — an XSS spoofing flaw in Exchange OWA exploited via crafted email. CVSS 8.1, no patch at disclosure. Mitigations and detection guidance.

14 May 2026 · 13 min read
Instructure Pays Ransom to ShinyHunters After Canvas Breach Exposes 275 Million Records Across 8,809 Schools
Cybersecurity

Instructure Pays Ransom to ShinyHunters After Canvas Breach Exposes 275 Million Records Across 8,809 Schools

After ShinyHunters stole 3.65TB of data from 8,809 schools using the Canvas LMS, Instructure quietly paid the ransom. What this means for the education sector and the wider ransomware economy.

12 May 2026 · 12 min read
ShinyHunters Breach Instructure Canvas: 275 Million Students' Data Stolen in One of Education's Largest Ever Cyberattacks
Cybersecurity

ShinyHunters Breach Instructure Canvas: 275 Million Students' Data Stolen in One of Education's Largest Ever Cyberattacks

Hacking group ShinyHunters claims to have stolen data on 275 million people from Canvas LMS operator Instructure, exposing names, emails, student IDs and private messages across 9,000 schools worldwide.

8 May 2026 · 9 min read
Critical Palo Alto Firewall Zero-Day Actively Exploited by State-Sponsored Hackers — CISA Orders Patch by 9 May
Cybersecurity

Critical Palo Alto Firewall Zero-Day Actively Exploited by State-Sponsored Hackers — CISA Orders Patch by 9 May

CVE-2026-0300, a critical PAN-OS buffer overflow enabling unauthenticated root-level RCE, is being actively exploited by state-sponsored actors. CISA has ordered federal agencies to patch by 9 May 2026. Singapore organisations should act immediately.

8 May 2026 · 8 min read
Iran's MuddyWater Used Microsoft Teams to Run a Fake Ransomware Attack — While Quietly Stealing Your Data
Cybersecurity

Iran's MuddyWater Used Microsoft Teams to Run a Fake Ransomware Attack — While Quietly Stealing Your Data

Iran-linked MuddyWater used unsolicited Microsoft Teams chats, screen-sharing, and credential-harvesting to conduct sustained espionage — disguising the operation as a Chaos ransomware attack to misdirect incident responders.

8 May 2026 · 9 min read
AI-Assisted Attacks Are the New Normal: Mandiant M-Trends 2026 Shows Exploit Windows Have Inverted
Cybersecurity

AI-Assisted Attacks Are the New Normal: Mandiant M-Trends 2026 Shows Exploit Windows Have Inverted

Mandiant's M-Trends 2026 report confirms 28.3% of CVEs are now exploited within 24 hours of disclosure — and documents three real AI-enabled attacks by actors with no prior coding skills, including teenagers who hit Rakuten Mobile 220,000 times using ChatGPT.

8 May 2026 · 8 min read
ASEAN Is Short 3.5 Million Cybersecurity Professionals — And the Gap Is Widening
Cybersecurity

ASEAN Is Short 3.5 Million Cybersecurity Professionals — And the Gap Is Widening

ASEAN Is Short 3.5 Million Cybersecurity Professionals — And the Gap Is Widening. Technical analysis, regional impact, and expert verdict for businesses and security professionals.

6 May 2026 · 5 min read
Editorial Policy →