All Posts

Cyber risks continue to evolve rapidly, making cybersecurity a continuous process rather than a one-time effort. Regular risk assessments are essential for organizations to identify new vulnerabilities, evaluate emerging threats, and ensure that existing security controls remain effective over time. Conducting risk assessments on a quarterly basis allows organizations to maintain visibility into their security posture while adapting to changes in technology, business operatio

Recent cybersecurity research and industry reporting highlight how developer workstations are becoming a major target in modern cyberattacks and software supply chain operations. Rather than focusing only on servers or traditional endpoints, attackers are increasingly targeting developer environments because they often contain privileged access to source code repositories, cloud infrastructure, CI/CD pipelines, containers, and sensitive enterprise systems. As organizations co

Recent advisories and reports published by CyberSecurity Malaysia and the MyCERT Advisory Portal highlight the growing volume and sophistication of cyber threats affecting both organizations and individual users in Malaysia. Through its Cyber999 Incident Response Centre, CyberSecurity Malaysia continues to monitor, investigate, and publish alerts related to malware, phishing, mobile threats, vulnerabilities, and large-scale cyber incidents impacting the country. Rising Threat

Google has introduced a new security capability called Android Intrusion Logging, aimed at improving the detection and forensic investigation of advanced mobile spyware and targeted surveillance operations. The feature is being rolled out as part of Android Advanced Protection Mode and is designed primarily for high-risk users such as journalists, activists, government officials, and human rights defenders who are more likely to face sophisticated mobile attacks. Unlike tradi

Effective cybersecurity is not only about deploying security solutions but it is also about ensuring those solutions are continuously supported, maintained, and optimized. Through unlimited remote support for Endpoint Detection and Response (EDR) and firewall technologies, organizations gain direct access to experienced security professionals who can assist with day-to-day security operations, troubleshooting, and incident-related concerns. This support helps reduce operation

Microsoft’s May 2026 Patch Tuesday release addressed 138 security vulnerabilities across its ecosystem, including Windows, Office, Azure, Edge, SQL Server, .NET, and Copilot-related products. Among these, 30 vulnerabilities were rated Critical, reflecting the growing complexity and scale of security risks affecting modern enterprise environments. Several of the patched flaws impact core Windows networking and authentication components such as DNS Client and Netlogon, making t

A large-scale Android scam campaign known as CallPhantom has recently been uncovered, involving deceptive applications distributed through the official Google Play Store. The apps falsely claimed they could provide access to sensitive information such as call histories, SMS records, and WhatsApp call logs for any phone number capabilities that legitimate Android applications cannot technically or legally perform. Despite these unrealistic claims, the campaign successfully att

Modern web services depend heavily on stability at the infrastructure layer, and few components are as widely trusted as the Apache HTTP Server. That’s exactly why the disclosure of CVE-2026-23918 is drawing serious attention across the cybersecurity landscape. This newly identified flaw targets Apache’s HTTP/2 implementation (mod_http2) and carries a high severity rating (CVSS 8.8). What makes it particularly concerning isn’t just the technical detail, but the real-world imp

Phishing has steadily evolved from simple email scams into highly organized operations, but Bluekit marks a notable shift in how these attacks are built and delivered. Designed as a phishing-as-a-service (PhaaS) platform, Bluekit consolidates the entire attack lifecycle into a single, accessible interface, allowing attackers to launch campaigns with minimal technical effort. Its integration of AI-driven assistance further amplifies its effectiveness, enabling the rapid creati

Cybersecurity frameworks and standards play a critical role in helping organizations establish a structured and consistent approach to managing cyber risks. For organizations in Malaysia and across the globe, adopting recognized best practices ensures that security efforts are not only effective, but also aligned with international expectations and regulatory requirements. Frameworks provide a common language for assessing security posture, identifying gaps, and implementing

Some vulnerabilities do not rely on dramatic exploits or visible system compromise. Instead, they operate quietly in the background, extracting what matters most is credentials. CVE-2026-32202 is one such case, affecting the Windows Shell and actively exploited in the wild. While classified as a spoofing vulnerability with moderate severity, its real danger lies in how effectively it enables credential theft and fuels larger attack chains. The issue stems from a failure in pr

Security teams often assume that firewalls and perimeter appliances are the strongest line of defense. The FIRESTARTER campaign challenges that assumption by turning these very systems into long-term intrusion points. Discovered during an investigation involving a U.S. federal agency, this malware targets Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), exploiting known vulnerabilities to gain entry and establish deep persistence. Rather than acting

An essential component of any MDR service is effective endpoint visibility and control, and this scope focuses on delivering exactly that through structured 8x5 Endpoint Detection and Response (EDR) management. This service ensures that endpoints across your environment including laptops, desktops, and servers are continuously monitored and managed during business hours. Rather than simply deploying an EDR tool and leaving it idle, this service emphasizes active management, e

Not all malware is designed to steal data or encrypt files. Some are built with a far more disruptive purpose which is to interfere with the physical systems people rely on every day. ZionSiphon is one such example, targeting water treatment and desalination infrastructure with capabilities that go beyond traditional IT-focused threats. Instead of focusing on endpoints or enterprise data, it is designed to interact directly with operational technology (OT) and industrial cont

Not every cyber threat targets enterprise servers or user endpoints. Some of the most disruptive attacks begin with overlooked devices quietly running in the background. The Nexcorium campaign, a Mirai-based botnet, demonstrates how vulnerable Internet of Things (IoT) devices can be transformed into a large-scale attack infrastructure. By exploiting CVE-2024-3721 in TBK DVR systems, attackers are able to remotely execute commands and deploy malware without requiring any user

When comparing a vCISO and a traditional Chief Information Security Officer (CISO), the primary difference lies in how the role is structured and delivered within an organization. A CISO is a full-time, in-house executive who becomes an integral part of the leadership team, working closely with stakeholders across departments to shape long-term cybersecurity strategy. They are deeply embedded in the organization’s culture, operations, and decision-making processes. In contras

Not all cyberattacks begin with suspicious executables or obvious malware. Sometimes, the most dangerous payload is hidden inside a trusted document. A critical zero-day vulnerability, CVE-2026-34621, has been actively exploited in widely used PDF software from Adobe, affecting both Acrobat Reader and Acrobat. The flaw, classified as a prototype pollution issue, allows attackers to manipulate how JavaScript objects behave within the application. Because PDF files are universa

Choosing the right Managed Detection and Response (MDR) provider requires more than a simple review of features which is it demands a thorough understanding of a vendor’s detection, investigation, and response capabilities. When evaluating MDR solutions, organizations should look beyond basic monitoring and ask how deeply the provider can understand and act on threats. The quality of detection is critical which is the best MDR vendors ingest both raw telemetry and alerts, bui

Not all mobile threats rely on user interaction. Apple Inc. has expanded its iOS 18.7.7 update to address the DarkSword exploit, a highly advanced attack chain capable of compromising iPhones without requiring users to click links or install malicious apps. This campaign highlights a shift toward zero-click style attacks that exploit underlying system vulnerabilities rather than human behavior. DarkSword has reportedly been active since late 2025, primarily used by state-spon

Not all security improvements come from fixing vulnerabilities but some come from removing anonymity. Google has expanded its Android Developer Verification program, making identity verification mandatory for all developers publishing apps on the Play Store. This marks a shift toward stronger accountability, requiring developers to submit official identification such as government IDs or business credentials. The move is designed to address long-standing concerns around malic