Glasswing Blog

AI Cybersecurity Insights

Expert analysis on AI-driven security, VPN comparisons, and tools to protect your digital life.

AI Security

Microsoft 365 Copilot's SearchLeak Flaw Could Steal Emails and MFA Codes in a Single Click

Varonis disclosed a one-click data exfiltration flaw in Microsoft 365 Copilot Enterprise (CVE-2026-42824). The now-patched attack silently harvested emails, MFA codes, and SharePoint files — here's what Australian M365 users need to know.

17 June 2026 10 min read
Vulnerability

Oracle PeopleSoft Zero-Day CVE-2026-35273: ShinyHunters Breaches 100+ Universities — What Australian Institutions Must Do Now

ShinyHunters exploited a critical SSRF-to-RCE zero-day in Oracle PeopleSoft to compromise 300 servers across 100+ universities before Oracle patched. Australian institutions must act now.

16 June 2026 11 min read
Ransomware

Ransomware Shuts Down Mackay Sugar: When The Gentlemen Came for Australia's Cane Fields

The Gentlemen ransomware group shut down two of Mackay Sugar's Queensland mills on 10 June 2026, halting harvests across 1,300 farms. Here's what the attack reveals about Australia's industrial cyber risks.

15 June 2026 10 min read
Phishing

Google Sues the Chinese PhaaS Ring That Used Gemini AI to Build 1.59 Million Phishing Sites — Australia Is in the Crosshairs

Google filed a landmark lawsuit on 12 June 2026 against Chinese cybercrime network Outsider Enterprise for weaponising Gemini AI to power mass smishing campaigns. The network stole 3.87 million credit cards. Australian mobile users are a confirmed target.

14 June 2026 11 min read
VPN Security

Check Point VPN Zero-Day CVE-2026-50751: Qilin Ransomware Exploited It for a Month Before the Patch

A critical Check Point VPN authentication bypass (CVSS 9.3) was exploited by Qilin ransomware for over a month before the June 8 patch. What Australian businesses must do now.

13 June 2026 9 min read
Vulnerability

Ivanti Sentry CVE-2026-10520: A Perfect-Score Flaw Already Exploited

A CVSS 10.0 command injection flaw in Ivanti Sentry allows unauthenticated root-level code execution. With PoC code public and instances already backdoored, Australian organisations must patch immediately.

12 June 2026 9 min read
Supply Chain

Miasma Worm: How 73 Microsoft GitHub Repositories Were Compromised via AI Coding Tools — and Why Australian Developers Are Exposed

A self-replicating worm named Miasma compromised 73 Microsoft GitHub repositories on 5 June 2026, planting credential-harvesting payloads that activated via AI coding tools including Claude Code, Cursor, and VS Code.

11 June 2026 9 min read
Vulnerability

Microsoft's Record June 2026 Patch Tuesday: 200+ CVEs, Three Zero-Days, and a Critical HTTP.sys RCE Australian Businesses Must Patch Now

Microsoft's largest-ever Patch Tuesday drops 200+ CVEs including a critical unauthenticated HTTP.sys RCE (CVSS 9.8). Here's what Australian businesses must patch within 48 hours under the Essential Eight.

10 June 2026 11 min read
WordPress Security

Everest Forms Pro CVE-2026-3300: The WordPress RCE Exploit With 29,000 Attacks — Is Your Site at Risk?

CVE-2026-3300 in Everest Forms Pro lets unauthenticated attackers run arbitrary PHP code on your WordPress site. CISA confirmed exploitation. Australian site owners must update to version 1.9.13 now.

9 June 2026 10 min read
WordPress Security

Hackers Are Hiding Malware Commands Inside Steam Game Profiles — 1,980 WordPress Sites Caught

GoDaddy Security discovered 1,980 WordPress sites backdoored with malware hiding C2 commands inside Steam gaming profiles using invisible Unicode steganography. Here's how it works and how to detect it.

8 June 2026 10 min read
Android Security

Android Zero-Day CVE-2025-48595 Is Under Active Attack — 124 Vulnerabilities Patched in Google's June 2026 Update

Google's June 2026 Android patch fixes 124 vulnerabilities including zero-day CVE-2025-48595, confirmed under active exploitation. Check your patch level and learn what else needs to change on your device.

7 June 2026 11 min read
Phishing

Tax Time Phishing Alert: ATO and myGov Scammers Are Now Targeting Australians via iMessage and RCS

Proofpoint has documented over 100 tax-themed phishing campaigns in 2026 targeting Australians via ATO and myGov impersonation — and attackers have shifted delivery to iMessage and RCS to bypass email filters.

6 June 2026 9 min read
WordPress Security

CVE-2026-8206: The Kirki WordPress Plugin Flaw That Lets Attackers Hijack Your Admin Account

A critical unauthenticated privilege escalation flaw in the Kirki Freeform Page Builder plugin is being actively exploited — 150,000 sites on vulnerable versions need to patch to 6.0.7 immediately.

5 June 2026 11 min read
Nation-State Threats

Five Eyes Warn: Chinese Intelligence Is Using LinkedIn and Upwork to Recruit Australian Insiders

ASIO and four allied agencies have named LinkedIn, Indeed and Upwork as platforms used by Chinese military intelligence to recruit Australians with access to sensitive information — here's what to watch for.

4 June 2026 8 min read
DDoS Security

VentraIP's 600Gbps DDoS Attack: How Australian Home Devices Brought Down a Web Host

Australia's largest private web host was hit by an unprecedented 600Gbps DDoS fuelled by compromised NBN home devices. Here's what VentraIP's 300,000 customers experienced and what every Australian SMB should do now.

3 June 2026 11 min read
Data Breach

MIFF Data Breach: How a Shared Ticketing Platform Put 27,000 Australian Customers at Risk

A breach via the Ferve ticketing platform exposed 27,000 Melbourne Film Festival customer records, with a threat actor claiming 340,000+ records now for sale on underground forums. Here's what happened and how to respond.

2 June 2026 10 min read
WordPress Security

WP Maps Pro CVE-2026-8732: The Plugin Flaw That Lets Any Attacker Create a WordPress Admin Account

CVE-2026-8732 in WP Maps Pro (CVSS 9.8) lets unauthenticated attackers create WordPress admin accounts with a single HTTP request. Over 3,600 attacks blocked in 24 hours across 15,000 vulnerable sites. Australian operators must update to version 6.1.1 now.

1 June 2026 10 min read
Vulnerability

Palo Alto GlobalProtect CVE-2026-0257: Actively Exploited VPN Auth Bypass — What Australian Organisations Must Do Now

CVE-2026-0257 was added to CISA's KEV catalogue on 29 May 2026 after confirmed exploitation since 17 May. Attackers forge session cookies to gain full internal network access via GlobalProtect. Australian businesses and MSPs must patch PAN-OS immediately.

31 May 2026 11 min read
Malware

PureLogs Infostealer Hides Malware Inside Cat Photos to Steal Australian Passwords

A steganography loader called PawsRunner is smuggling PureLogs infostealer inside PNG images. Australian organisations are named as targets. If your team stores passwords in Chrome or Firefox, here is what you need to know.

30 May 2026 11 min read
Vulnerability

Cisco SD-WAN CVE-2026-20182: The Sixth Zero-Day in 2026 Is a CVSS 10.0 Auth Bypass That Gives Remote Attackers Admin Access

The sixth Cisco Catalyst SD-WAN zero-day of 2026 carries a CVSS score of 10.0. CVE-2026-20182 is actively exploited by UAT-8616, allowing unauthenticated remote admin access. ACSC co-signed the Five Eyes guidance. Australian organisations must patch now.

29 May 2026 10 min read
Vulnerability

CVE-2026-35616: Attackers Are Using FortiClient EMS to Push Credential-Stealing Malware Across Australian Business Networks

A critical flaw in Fortinet FortiClient EMS (CVSS 9.1) is being actively exploited to deliver the EKZ infostealer to managed endpoints. ACSC has issued guidance for Australian organisations. Patch to 7.4.7 immediately.

28 May 2026 10 min read
Phishing

FIFA World Cup 2026 Phishing Scams Are Targeting Australian Fans — Here's What You Need to Know

Over 7,000 fake FIFA 2026 domains are live and 130,000 infostealer logs contain FIFA credentials. Australian fans face fake ticket scams, session hijacking and credential theft. Here's how to protect yourself before kickoff.

27 May 2026 11 min read
Vulnerability

Ghost CMS CVE-2026-26980: SQL Injection Flaw Has Hijacked 700+ Websites — What Australian Site Owners Must Do Now

A critical SQL injection flaw in Ghost CMS (CVE-2026-26980, CVSS 9.4) has compromised 700+ sites including Harvard and DuckDuckGo, turning them into ClickFix malware platforms. If you run Ghost CMS, patch to 6.19.1 now.

26 May 2026 11 min read
Threat Intelligence

Verizon DBIR 2026: Exploitation Has Overtaken Credentials — What Australian Businesses Need to Act On

For the first time in 19 years, vulnerability exploitation — not stolen credentials — is the top breach vector. Verizon's 2026 DBIR analysed 22,000+ confirmed breaches. Here's what Australian SMBs must prioritise.

25 May 2026 11 min read
Windows Security

YellowKey CVE-2026-45585: The BitLocker Bypass That Turns a Stolen Laptop Into a Data Breach

A zero-day called YellowKey bypasses Windows BitLocker via WinRE without a password or network access. CVE-2026-45585 affects Windows 11 and Server 2025. Here's what Australian businesses must do now.

24 May 2026 11 min read
Vulnerability

Avada Builder CVE-2026-4798: SQL Injection and File Read Flaws Leave 1 Million WordPress Sites Exposed

Two security flaws in Avada Builder expose over 1 million WordPress sites to credential theft via SQL injection and arbitrary file read. Australian site owners running WooCommerce must patch to version 3.15.3 now.

23 May 2026 11 min read
Privacy

Australia's Age Verification Deadline Is Weeks Away — What It Means for Your Privacy

Google and Bing must verify Australian users' ages by 27 June 2026. VPN downloads already tripled in response to the March rollout. Here's what age verification systems collect and how to protect yourself.

22 May 2026 10 min read
Data Breach

youX Data Breach 2026: 444,000 Australians' Financial Records Exposed by Sydney Fintech

Most of the 444,538 affected Australians never heard of youX — their data arrived via mortgage brokers and car finance intermediaries. Here's what happened, what was taken, and what to do now.

21 May 2026 11 min read
Vulnerability

Drupal's Highly Critical Patch Lands Today: What Every Australian Website Owner Must Do Right Now

Drupal patches a highly critical no-authentication flaw across all supported versions today. Australian government, university, and business sites are at immediate risk — exploit code could emerge within hours of today's disclosure.

20 May 2026 11 min read
Vulnerability

CVE-2026-42897: Microsoft Exchange OWA Zero-Day Is Being Exploited With No Patch — What Australian Organisations Must Do Now

An actively exploited zero-day in on-premise Exchange Server OWA (CVE-2026-42897, CVSS 8.1) has no patch yet. CISA KEV-listed. Australian organisations must apply Microsoft's temporary mitigations immediately.

19 May 2026 11 min read
Compliance

Australia's 72-Hour Ransomware Reporting Law: What Every Business Must Know About Phase 2 Enforcement

Since 1 January 2026, businesses with $3M+ annual turnover face fines up to $19,800 for failing to report ransomware payments within 72 hours. Here's what the Cyber Security Act requires and how to comply.

18 May 2026 11 min read
Vulnerability

25 GitLab Vulnerabilities Patched in May 2026: ACSC Code Repository Warning Is Now Urgent for Australian Developers

GitLab patched 25 flaws on 13 May 2026, including XSS bugs that hijack developer sessions (CVSS 8.7) and an unauthenticated DoS that crashes CI/CD pipelines. ACSC's second High Alert on code repository targeting in five months makes this essential reading for Australian teams running self-managed GitLab.

17 May 2026 11 min read
Vulnerability

CVE-2026-8181: Burst Statistics WordPress Plugin Authentication Bypass — What Australian Website Owners Must Do Now

A critical authentication bypass in the Burst Statistics WordPress plugin (CVE-2026-8181, CVSS 9.8) lets attackers create rogue admin accounts on 200,000+ sites. Active exploitation confirmed — Australian website owners must update to version 3.4.2 immediately.

16 May 2026 11 min read
Credential Security

World Password Day 2026: Why AI and Infostealers Have Made Passwords Obsolete for Australians

ACSC data shows one cybercrime report every six minutes in Australia. On World Password Day 2026, discover why AI-powered infostealers have rendered strong passwords obsolete — and what Australian SMBs must do now.

15 May 2026 11 min read
11 min read
Vulnerability

Microsoft's May 2026 Patch Tuesday: Two Critical RCE Flaws Every Australian Business Must Patch Now

Two CVSS 9.8 remote code execution flaws in Windows DNS (CVE-2026-41096) and Netlogon (CVE-2026-41089) headline May 2026 Patch Tuesday. Australian businesses must apply updates immediately.

14 May 2026 10 min read
Threats

Criminals Used AI to Build the World's First Zero-Day 2FA Bypass — What Australian Businesses Must Know

Google's Threat Intelligence Group confirmed the first AI-crafted zero-day exploit: a Python script that bypasses two-factor authentication on a popular open-source admin tool. Here's what Australian SMBs must do before the next campaign launches.

13 May 2026 11 min read
Data Breach

ShinyHunters Hacks Canvas LMS: Australian Students Hit in 275-Million-Record Breach

ShinyHunters stole 275 million records from Canvas LMS in May 2026, hitting dozens of Australian universities and state school systems during exam period. Here's what happened and what affected Australians must do now.

12 May 2026 11 min read
Malware

ClickFix Vidar Stealer: ACSC Warns Australian Businesses of WordPress Infostealer Campaign

Australia's ACSC has confirmed an active ClickFix campaign using compromised WordPress sites to deliver Vidar Stealer — an infostealer that harvests saved passwords, session cookies, and crypto wallet data. No exploit required: users are tricked into running the malware themselves.

10 May 2026 11 min read
Vulnerabilities

CVE-2026-23918: Apache HTTP/2 Double-Free Flaw Is Crashing Servers and Enabling RCE — What Australian Site Owners Must Do Now

A critical double-free in Apache HTTP Server 2.4.66's mod_http2 (CVSS 8.8) enables denial-of-service on all servers and remote code execution on Debian and Docker deployments. Australian site owners must patch to 2.4.67 or apply WAF mitigation now.

7 May 2026 11 min read
Ransomware

DragonForce Ransomware Strikes Two Australian Businesses: What SMBs Must Do Now

DragonForce ransomware struck gelato chain Gelatissimo and builder Champion Homes in April 2026, exposing staff and customer data. Here's what Australian SMBs must do before they're next.

6 May 2026 10 min read
AI Security

Five Eyes Agencies Warn Australian Businesses: Your AI Agents Are a Security Gap

Six national cybersecurity agencies — including Australia's ACSC — issued their first joint guidance on agentic AI. Here's what it means for Australian businesses using AI tools.

5 May 2026 11 min read
Linux Security

Copy Fail (CVE-2026-31431): The Nine-Year Linux Kernel Flaw That Hands Root to Any Attacker

A nine-year-old Linux kernel bug grants root in seconds with no race condition required. CISA added it to KEV. What Australian businesses and website owners must do now.

4 May 2026 11 min read
Threat Intelligence

Russian GRU (APT28) Is Targeting Logistics Firms — What Australian Businesses Must Know

ACSC and 15 allied agencies confirm Russia's GRU Unit 26165 is actively targeting logistics and tech companies. Here's what Australian organisations must do now.

3 May 2026 10 min read
Vulnerability

CVE-2026-42208: The SQL Flaw That Let Hackers Steal AI API Keys — What Australian Developers Must Do Now

A critical pre-auth SQL injection in LiteLLM's AI gateway proxy (CVSS 9.3) was exploited within 36 hours of disclosure, stealing OpenAI, Anthropic, and Bedrock credentials. Patch checklist and secrets hygiene for Australian developers.

2 May 2026 10 min read
Vulnerability

CVE-2026-41940: cPanel & WHM's Critical Authentication Bypass Is Under Active Attack in Australia

A CVSS 9.8 authentication bypass in cPanel and WHM was exploited for two months as a zero-day before the patch dropped. The ACSC confirms active exploitation in Australia — here's what to do.

1 May 2026 11 min read
Ransomware

Qilin Ransomware Is Now Australia's Most Active Threat: What Businesses Must Do in 2026

Qilin recorded 31 confirmed victims in a single week in late April 2026, making it the world's most prolific ransomware group. Multiple Australian organisations have already been hit — here's what you need to do.

29 April 2026 11 min read
Cloud Security

Vercel Breached: How a Roblox Cheat Download Exposed Cloud Secrets — and What Australian Businesses Must Do Now

A Roblox cheat download planted Lumma Stealer at a third-party vendor, bypassing MFA entirely and exposing environment variables from hundreds of Vercel customer projects.

28 April 2026 11 min read
Nation-State Threats

China-Nexus Covert Networks Are Targeting Australian Critical Infrastructure — What Businesses Must Do Now

A joint advisory from 16 agencies — including Australia's ACSC — warns China-linked groups are weaponising compromised home routers for espionage and pre-positioning attacks on critical infrastructure.

27 April 2026 10 min read
Vulnerability

CVE-2026-21858 (Ni8mare): Critical n8n Flaw Exposing 26,000+ Automation Servers to Remote Takeover

Australia's ACSC has warned of a CVSS 10.0 unauthenticated RCE vulnerability in n8n workflow automation. Over 26,000 servers remain exposed months after a patch was released.

26 April 2026 10 min read
Data Breach

NSW Treasury Insider Data Breach 2026: What Australian Organisations Must Learn

An NSW Treasury staffer was arrested after allegedly transferring 5,600 sensitive government documents to an external server. Here's what every Australian organisation must know about insider threat detection and prevention.

April 25, 2026 11 min read
Supply Chain Security

Bitwarden CLI Backdoored: The Shai-Hulud npm Supply Chain Attack and What Australian Developers Must Do

The official Bitwarden CLI npm package was compromised for 93 minutes on 22 April 2026, deploying a self-propagating worm that stole developer credentials across npm, SSH, and cloud environments.

24 April 2026 11 min read
Vulnerabilities

Microsoft SharePoint Zero-Day CVE-2026-32201: 1,370+ Servers Still Unpatched as Attackers Strike

Microsoft's April 2026 Patch Tuesday patched a SharePoint zero-day already exploited in the wild. Over 1,370 servers remain exposed globally. Here's what Australian organisations must check and do now.

April 23, 2026 10 min read
WordPress Security

31 WordPress Plugins Secretly Backdoored: The 2026 Supply Chain Attack Targeting 400,000 Sites

Attackers secretly inserted a PHP backdoor into 31 WordPress plugins in 2025, then activated it in April 2026 to inject SEO spam into 400,000 sites. A separate attack hit Smart Slider 3 Pro the same week. Here's what Australian site owners need to check and do now.

April 23, 2026 11 min read
Ransomware

The Gentlemen Ransomware: How This Fast-Rising Group Is Targeting Australian Businesses in 2026

The Gentlemen RaaS exploded from 35 to 320+ victims in six months and now deploys a 1,570-host botnet via SystemBC. Australian firms are a priority target — here's how the attacks work and what to do.

April 23, 2026 10 min read
Critical Vulnerabilities

Four Cisco SD-WAN Flaws Under Active Attack: What Australian Networks Must Patch Now

CISA added four Cisco Catalyst SD-WAN Manager CVEs to its exploit watchlist in 48 hours. Threat actor UAT-8616 is chaining them to seize full network control — Australian organisations have days to act.

April 22, 2026 9 min read
Data Breach

16 Billion Passwords Leaked: What Australians Must Do Right Now

The world's largest-ever credential dump exposes 16 billion logins harvested by infostealer malware — including Australian government portals and banking accounts. Here's what it means and exactly what to do.

April 21, 2026 10 min read
Critical Vulnerabilities

Two Windows Defender Zero-Days Still Unpatched as Attackers Exploit All Three

BlueHammer, RedSun, and UnDefend are all being actively exploited. Microsoft has patched only one. Here's what Australian organisations must do while two flaws remain open.

April 20, 2026 9 min read
Ransomware

Melbourne Financial Firm 3P Corporation Hit by Space Bears Ransomware: What Australian SMBs Must Do Now

Space Bears ransomware published 213 GB of stolen client data — including bank details and signed tax forms — from a Melbourne financial firm after the ransom deadline passed this week.

April 19, 2026 10 min read
Ransomware

Australian Hospitals Under Fire: The INC Ransom Threat Targeting Healthcare in 2026

Five Eyes agencies have confirmed INC Ransom is actively targeting Australian hospitals. Here's how the attacks work, what the ACSC advisory means, and how to protect your organisation.

April 17, 2026 10 min read
Critical Vulnerabilities

CISA Warns of 6 Actively Exploited Flaws in Fortinet, Microsoft & Adobe — What Australian Businesses Must Do Now

CISA added six critical vulnerabilities to its KEV catalogue on 14 April 2026, including a near-perfect CVSS 9.8 Fortinet SQL injection that needs no credentials to exploit. Here's what to patch right now.

April 16, 2026 9 min read
Data Breach

Booking.com Data Breach 2026: What Australians Need to Know and How to Stay Safe

Booking.com confirmed a supply chain breach on 13 April exposing traveller data. Australian users are being hit by targeted WhatsApp phishing — here's what to do right now.

April 15, 2026 9 min read
Password Security

25 Critical Vulnerabilities Found in Major Password Managers: What You Need to Know

Researchers from ETH Zurich uncovered 25 attack vectors across Bitwarden, LastPass, and Dashlane affecting 60 million users. Here's what happened and how to protect yourself.

April 15, 2026 9 min read
AI Cybersecurity

What Is Project Glasswing? Anthropic's AI Cybersecurity Initiative Explained

Everything you need to know about the largest coordinated vulnerability disclosure in history, powered by Claude Mythos.

April 8, 2026 8 min read
VPN Comparison

Best VPNs for Australia in 2026: Privacy, Speed & Value Compared

We tested NordVPN, Surfshark, and PureVPN for Australian users. Here's which one you should choose based on your needs.

April 8, 2026 10 min read
AI Security

How AI Is Finding Zero-Day Vulnerabilities Faster Than Humans

AI systems are discovering entire new classes of security flaws that human researchers missed for decades. Here's how it works.

April 8, 2026 7 min read
VPN Comparison

NordVPN vs Surfshark 2026: Which VPN Is Better?

A detailed head-to-head comparison of the two most popular VPNs on speed, security, price, and features.

April 8, 2026 9 min read