Cybersecurity

Cybersecurity 7 min No Zero-Day Required: ShinyHunters' Salesforce Vishing Spree Snares Charter and Carnival in One Week Two major consumer brands confirmed breaches days apart — Carnival began notifying nearly six million people,... CY Cyber Team 2 Jun ASEAN Tech 3 min Singapore is spending to make 12,000 SMEs AI- and cyber-ready. Here is what they actually need. IMDA has lined up Grab and RSM to bring AI training and cyber drills to 12,000 small businesses. I have built... JE Jeffrey Tan 1 Jun AI & ML 3 min Singapore tested government AI agents in a sandbox. The hard part was trust, not capability. Singapore and Google ran AI agents against real government work for four months, on an air-gapped cloud, and p... JE Jeffrey Tan 1 Jun Cybersecurity 3 min This week's breaches needed no zero-day. The perimeter is identity now. A phone call took millions of records out of two large companies this week. A firewall bug let attackers walk... JE Jeffrey Tan 1 Jun Cybersecurity 2 min CISA orders agencies to patch an actively exploited Palo Alto firewall flaw by 1 June Attackers are exploiting a flaw in Palo Alto Networks' PAN-OS that lets them slip past security controls and o... CY Cyber Team 1 Jun Cybersecurity 5 min Microsoft Exchange OWA Zero-Day CVE-2026-42897 Actively Exploited With No Permanent Patch Microsoft confirmed active exploitation of CVE-2026-42897, a cross-site scripting flaw in Exchange's Outlook W... CY Cyber Team 1 Jun Cybersecurity 3 min This week's bugs to patch: a critical OTRS flaw and a Linux root hole on CISA's list A short, practical read of the week's most urgent vulnerabilities: a critical pre-authentication flaw in the O... CY Cyber Team 1 Jun ASEAN Tech 4 min Hong Kong's First Astronaut Is a Police Computer-Forensics PhD — and She's Now Aboard China's Tiangong Station When Shenzhou-23 lifted off on 24 May 2026, one of the three people aboard was Lai Ka-ying — a serving Hong Ko... SA Sarah Chen 30 May Cybersecurity 9 min Threat Brief, Week of 18 May 2026: State-Backed Espionage in Malaysia, a Malware-Signing Takedown, and the Defender Itself Under Fire Our weekly read of the threat landscape: a state-backed actor ran a bespoke espionage operation against Malays... CY Cyber Team 30 May Cybersecurity 6 min An LLM Agent Drove This Real Intrusion: Marimo RCE to Database Dump in Under an Hour On 10 May an internet-exposed marimo notebook was breached through CVE-2026-39987 — and then an autonomous LLM... CY Cyber Team 30 May Cybersecurity 9 min The AI SOC arms race lands in ASEAN: Flocks, Claude, and the agentic security stack of mid-2026 On 6 May 2026, Singapore-headquartered ThreatBook launched Flocks and SafeSkill — landing in an AI SOC categor... JE Jeffrey Tan 26 May Cybersecurity 6 min Three supply-chain incidents this week: Megalodon, Robinsons, and the Laravel-Lang Composer compromise Megalodon pushed 5,718 malicious commits into 5,561 GitHub repos in six hours. The Payload ransomware group li... JE Jeffrey Tan 25 May Cybersecurity 8 min Pwn2Own Berlin 2026 Pays Out $1.4M Across Three Days — Chrome Sandbox, Tesla Infotainment, Linux Kernel All Fall The OffensiveCon Pwn2Own contest wrapped on Wednesday with $1.4 million paid out across 27 zero-days. A Chrome... CY Cyber Team 19 May Cybersecurity 9 min Anthropic Says It Disrupted the First Reported AI-Orchestrated Cyber-Espionage Campaign Using Claude In a public write-up, Anthropic describes threat actors who induced Claude — by posing as defensive testers —... CY Cyber Team 18 May Cybersecurity 8 min AWS Confirms First Production Prompt-Injection Compromise in Bedrock Agents — Enterprise Customer Exfiltrated Documents In a quietly-published security bulletin, AWS confirmed an indirect prompt-injection attack in production Bedr... CY Cyber Team 18 May Cybersecurity 8 min Google Documents First Observed AI-Developed Zero-Day Exploit Tied to a Planned Mass-Exploitation Campaign Google's Threat Intelligence Group has described what it believes is the first case of an AI-developed zero-da... CY Cyber Team 18 May Cybersecurity 3 min Cisco Patches Sixth SD-WAN Zero-Day of 2026 — UAT-8616 Attribution from Talos Cisco shipped an emergency advisory for CVE-2026-20182 on 15 May 2026, a peering authentication bypass in Cata... CY Cyber Team 18 May Cybersecurity 3 min CISA Orders Federal Agencies to Patch Linux Kernel "Copy Fail" Zero-Day Within Two Weeks A 732-byte Python script is all an unprivileged local user needs to take root on Ubuntu 24.04, RHEL 10.1, SUSE... CY Cyber Team 18 May Cybersecurity 8 min EchoLeak: Zero-Click Prompt Injection in Microsoft 365 Copilot Quietly Exfiltrates Enterprise Data EchoLeak shows a malicious email can trigger Microsoft 365 Copilot into exfiltrating enterprise data without a... CY Cyber Team 17 May Cybersecurity 9 min Hackers Reach Anthropic's Restricted Mythos Model Through a Vendor Environment as FSB Calls Briefing A small group of unauthorised users reached Mythos via a third-party vendor environment on the same day Anthro... CY Cyber Team 17 May Cybersecurity 8 min Anthropic's Project Glasswing Lines Up AWS, Apple, Google, Microsoft, JPMorgan to Test Mythos for Cyber Defence Project Glasswing pairs Anthropic's restricted Mythos model with a roster of hyperscalers, banks and the Linux... CY Cyber Team 16 May Cybersecurity 9 min ShinyHunters Breach Instructure Canvas: 275 Million Students' Data Stolen in One of Education's Largest Ever Cyberattacks Hacking group ShinyHunters claims to have stolen data on 275 million people from Canvas LMS operator Instructu... CY Cyber Team 8 May Cybersecurity 8 min Critical Palo Alto Firewall Zero-Day Actively Exploited by State-Sponsored Hackers — CISA Orders Patch by 9 May CVE-2026-0300, a critical PAN-OS buffer overflow enabling unauthenticated root-level RCE, is being actively ex... CY Cyber Team 8 May Cybersecurity 9 min Iran's MuddyWater Used Microsoft Teams to Run a Fake Ransomware Attack — While Quietly Stealing Your Data Iran-linked MuddyWater used unsolicited Microsoft Teams chats, screen-sharing, and credential-harvesting to co... CY Cyber Team 8 May