Glasswing Blog
Expert analysis on AI-driven security, VPN comparisons, and tools to protect your digital life.
Two CVSS 9.8 remote code execution flaws in Windows DNS (CVE-2026-41096) and Netlogon (CVE-2026-41089) headline May 2026 Patch Tuesday. Australian businesses must apply updates immediately.
Google's Threat Intelligence Group confirmed the first AI-crafted zero-day exploit: a Python script that bypasses two-factor authentication on a popular open-source admin tool. Here's what Australian SMBs must do before the next campaign launches.
ShinyHunters stole 275 million records from Canvas LMS in May 2026, hitting dozens of Australian universities and state school systems during exam period. Here's what happened and what affected Australians must do now.
Australia's ACSC has confirmed an active ClickFix campaign using compromised WordPress sites to deliver Vidar Stealer — an infostealer that harvests saved passwords, session cookies, and crypto wallet data. No exploit required: users are tricked into running the malware themselves.
A critical double-free in Apache HTTP Server 2.4.66's mod_http2 (CVSS 8.8) enables denial-of-service on all servers and remote code execution on Debian and Docker deployments. Australian site owners must patch to 2.4.67 or apply WAF mitigation now.
DragonForce ransomware struck gelato chain Gelatissimo and builder Champion Homes in April 2026, exposing staff and customer data. Here's what Australian SMBs must do before they're next.
Six national cybersecurity agencies — including Australia's ACSC — issued their first joint guidance on agentic AI. Here's what it means for Australian businesses using AI tools.
A nine-year-old Linux kernel bug grants root in seconds with no race condition required. CISA added it to KEV. What Australian businesses and website owners must do now.
ACSC and 15 allied agencies confirm Russia's GRU Unit 26165 is actively targeting logistics and tech companies. Here's what Australian organisations must do now.
A critical pre-auth SQL injection in LiteLLM's AI gateway proxy (CVSS 9.3) was exploited within 36 hours of disclosure, stealing OpenAI, Anthropic, and Bedrock credentials. Patch checklist and secrets hygiene for Australian developers.
A CVSS 9.8 authentication bypass in cPanel and WHM was exploited for two months as a zero-day before the patch dropped. The ACSC confirms active exploitation in Australia — here's what to do.
Qilin recorded 31 confirmed victims in a single week in late April 2026, making it the world's most prolific ransomware group. Multiple Australian organisations have already been hit — here's what you need to do.
A Roblox cheat download planted Lumma Stealer at a third-party vendor, bypassing MFA entirely and exposing environment variables from hundreds of Vercel customer projects.
A joint advisory from 16 agencies — including Australia's ACSC — warns China-linked groups are weaponising compromised home routers for espionage and pre-positioning attacks on critical infrastructure.
Australia's ACSC has warned of a CVSS 10.0 unauthenticated RCE vulnerability in n8n workflow automation. Over 26,000 servers remain exposed months after a patch was released.
An NSW Treasury staffer was arrested after allegedly transferring 5,600 sensitive government documents to an external server. Here's what every Australian organisation must know about insider threat detection and prevention.
The official Bitwarden CLI npm package was compromised for 93 minutes on 22 April 2026, deploying a self-propagating worm that stole developer credentials across npm, SSH, and cloud environments.
Microsoft's April 2026 Patch Tuesday patched a SharePoint zero-day already exploited in the wild. Over 1,370 servers remain exposed globally. Here's what Australian organisations must check and do now.
Attackers secretly inserted a PHP backdoor into 31 WordPress plugins in 2025, then activated it in April 2026 to inject SEO spam into 400,000 sites. A separate attack hit Smart Slider 3 Pro the same week. Here's what Australian site owners need to check and do now.
The Gentlemen RaaS exploded from 35 to 320+ victims in six months and now deploys a 1,570-host botnet via SystemBC. Australian firms are a priority target — here's how the attacks work and what to do.
CISA added four Cisco Catalyst SD-WAN Manager CVEs to its exploit watchlist in 48 hours. Threat actor UAT-8616 is chaining them to seize full network control — Australian organisations have days to act.
The world's largest-ever credential dump exposes 16 billion logins harvested by infostealer malware — including Australian government portals and banking accounts. Here's what it means and exactly what to do.
BlueHammer, RedSun, and UnDefend are all being actively exploited. Microsoft has patched only one. Here's what Australian organisations must do while two flaws remain open.
Space Bears ransomware published 213 GB of stolen client data — including bank details and signed tax forms — from a Melbourne financial firm after the ransom deadline passed this week.
Five Eyes agencies have confirmed INC Ransom is actively targeting Australian hospitals. Here's how the attacks work, what the ACSC advisory means, and how to protect your organisation.
CISA added six critical vulnerabilities to its KEV catalogue on 14 April 2026, including a near-perfect CVSS 9.8 Fortinet SQL injection that needs no credentials to exploit. Here's what to patch right now.
Booking.com confirmed a supply chain breach on 13 April exposing traveller data. Australian users are being hit by targeted WhatsApp phishing — here's what to do right now.
Researchers from ETH Zurich uncovered 25 attack vectors across Bitwarden, LastPass, and Dashlane affecting 60 million users. Here's what happened and how to protect yourself.
Everything you need to know about the largest coordinated vulnerability disclosure in history, powered by Claude Mythos.
We tested NordVPN, Surfshark, and PureVPN for Australian users. Here's which one you should choose based on your needs.
AI systems are discovering entire new classes of security flaws that human researchers missed for decades. Here's how it works.
A detailed head-to-head comparison of the two most popular VPNs on speed, security, price, and features.