Glasswing Blog
Expert analysis on AI-driven security, VPN comparisons, and tools to protect your digital life.
Varonis disclosed a one-click data exfiltration flaw in Microsoft 365 Copilot Enterprise (CVE-2026-42824). The now-patched attack silently harvested emails, MFA codes, and SharePoint files — here's what Australian M365 users need to know.
ShinyHunters exploited a critical SSRF-to-RCE zero-day in Oracle PeopleSoft to compromise 300 servers across 100+ universities before Oracle patched. Australian institutions must act now.
The Gentlemen ransomware group shut down two of Mackay Sugar's Queensland mills on 10 June 2026, halting harvests across 1,300 farms. Here's what the attack reveals about Australia's industrial cyber risks.
Google filed a landmark lawsuit on 12 June 2026 against Chinese cybercrime network Outsider Enterprise for weaponising Gemini AI to power mass smishing campaigns. The network stole 3.87 million credit cards. Australian mobile users are a confirmed target.
A critical Check Point VPN authentication bypass (CVSS 9.3) was exploited by Qilin ransomware for over a month before the June 8 patch. What Australian businesses must do now.
A CVSS 10.0 command injection flaw in Ivanti Sentry allows unauthenticated root-level code execution. With PoC code public and instances already backdoored, Australian organisations must patch immediately.
A self-replicating worm named Miasma compromised 73 Microsoft GitHub repositories on 5 June 2026, planting credential-harvesting payloads that activated via AI coding tools including Claude Code, Cursor, and VS Code.
Microsoft's largest-ever Patch Tuesday drops 200+ CVEs including a critical unauthenticated HTTP.sys RCE (CVSS 9.8). Here's what Australian businesses must patch within 48 hours under the Essential Eight.
CVE-2026-3300 in Everest Forms Pro lets unauthenticated attackers run arbitrary PHP code on your WordPress site. CISA confirmed exploitation. Australian site owners must update to version 1.9.13 now.
GoDaddy Security discovered 1,980 WordPress sites backdoored with malware hiding C2 commands inside Steam gaming profiles using invisible Unicode steganography. Here's how it works and how to detect it.
Google's June 2026 Android patch fixes 124 vulnerabilities including zero-day CVE-2025-48595, confirmed under active exploitation. Check your patch level and learn what else needs to change on your device.
Proofpoint has documented over 100 tax-themed phishing campaigns in 2026 targeting Australians via ATO and myGov impersonation — and attackers have shifted delivery to iMessage and RCS to bypass email filters.
A critical unauthenticated privilege escalation flaw in the Kirki Freeform Page Builder plugin is being actively exploited — 150,000 sites on vulnerable versions need to patch to 6.0.7 immediately.
ASIO and four allied agencies have named LinkedIn, Indeed and Upwork as platforms used by Chinese military intelligence to recruit Australians with access to sensitive information — here's what to watch for.
Australia's largest private web host was hit by an unprecedented 600Gbps DDoS fuelled by compromised NBN home devices. Here's what VentraIP's 300,000 customers experienced and what every Australian SMB should do now.
A breach via the Ferve ticketing platform exposed 27,000 Melbourne Film Festival customer records, with a threat actor claiming 340,000+ records now for sale on underground forums. Here's what happened and how to respond.
CVE-2026-8732 in WP Maps Pro (CVSS 9.8) lets unauthenticated attackers create WordPress admin accounts with a single HTTP request. Over 3,600 attacks blocked in 24 hours across 15,000 vulnerable sites. Australian operators must update to version 6.1.1 now.
CVE-2026-0257 was added to CISA's KEV catalogue on 29 May 2026 after confirmed exploitation since 17 May. Attackers forge session cookies to gain full internal network access via GlobalProtect. Australian businesses and MSPs must patch PAN-OS immediately.
A steganography loader called PawsRunner is smuggling PureLogs infostealer inside PNG images. Australian organisations are named as targets. If your team stores passwords in Chrome or Firefox, here is what you need to know.
The sixth Cisco Catalyst SD-WAN zero-day of 2026 carries a CVSS score of 10.0. CVE-2026-20182 is actively exploited by UAT-8616, allowing unauthenticated remote admin access. ACSC co-signed the Five Eyes guidance. Australian organisations must patch now.
A critical flaw in Fortinet FortiClient EMS (CVSS 9.1) is being actively exploited to deliver the EKZ infostealer to managed endpoints. ACSC has issued guidance for Australian organisations. Patch to 7.4.7 immediately.
Over 7,000 fake FIFA 2026 domains are live and 130,000 infostealer logs contain FIFA credentials. Australian fans face fake ticket scams, session hijacking and credential theft. Here's how to protect yourself before kickoff.
A critical SQL injection flaw in Ghost CMS (CVE-2026-26980, CVSS 9.4) has compromised 700+ sites including Harvard and DuckDuckGo, turning them into ClickFix malware platforms. If you run Ghost CMS, patch to 6.19.1 now.
For the first time in 19 years, vulnerability exploitation — not stolen credentials — is the top breach vector. Verizon's 2026 DBIR analysed 22,000+ confirmed breaches. Here's what Australian SMBs must prioritise.
A zero-day called YellowKey bypasses Windows BitLocker via WinRE without a password or network access. CVE-2026-45585 affects Windows 11 and Server 2025. Here's what Australian businesses must do now.
Two security flaws in Avada Builder expose over 1 million WordPress sites to credential theft via SQL injection and arbitrary file read. Australian site owners running WooCommerce must patch to version 3.15.3 now.
Google and Bing must verify Australian users' ages by 27 June 2026. VPN downloads already tripled in response to the March rollout. Here's what age verification systems collect and how to protect yourself.
Most of the 444,538 affected Australians never heard of youX — their data arrived via mortgage brokers and car finance intermediaries. Here's what happened, what was taken, and what to do now.
Drupal patches a highly critical no-authentication flaw across all supported versions today. Australian government, university, and business sites are at immediate risk — exploit code could emerge within hours of today's disclosure.
An actively exploited zero-day in on-premise Exchange Server OWA (CVE-2026-42897, CVSS 8.1) has no patch yet. CISA KEV-listed. Australian organisations must apply Microsoft's temporary mitigations immediately.
Since 1 January 2026, businesses with $3M+ annual turnover face fines up to $19,800 for failing to report ransomware payments within 72 hours. Here's what the Cyber Security Act requires and how to comply.
GitLab patched 25 flaws on 13 May 2026, including XSS bugs that hijack developer sessions (CVSS 8.7) and an unauthenticated DoS that crashes CI/CD pipelines. ACSC's second High Alert on code repository targeting in five months makes this essential reading for Australian teams running self-managed GitLab.
A critical authentication bypass in the Burst Statistics WordPress plugin (CVE-2026-8181, CVSS 9.8) lets attackers create rogue admin accounts on 200,000+ sites. Active exploitation confirmed — Australian website owners must update to version 3.4.2 immediately.
ACSC data shows one cybercrime report every six minutes in Australia. On World Password Day 2026, discover why AI-powered infostealers have rendered strong passwords obsolete — and what Australian SMBs must do now.
11 min readTwo CVSS 9.8 remote code execution flaws in Windows DNS (CVE-2026-41096) and Netlogon (CVE-2026-41089) headline May 2026 Patch Tuesday. Australian businesses must apply updates immediately.
Google's Threat Intelligence Group confirmed the first AI-crafted zero-day exploit: a Python script that bypasses two-factor authentication on a popular open-source admin tool. Here's what Australian SMBs must do before the next campaign launches.
ShinyHunters stole 275 million records from Canvas LMS in May 2026, hitting dozens of Australian universities and state school systems during exam period. Here's what happened and what affected Australians must do now.
Australia's ACSC has confirmed an active ClickFix campaign using compromised WordPress sites to deliver Vidar Stealer — an infostealer that harvests saved passwords, session cookies, and crypto wallet data. No exploit required: users are tricked into running the malware themselves.
A critical double-free in Apache HTTP Server 2.4.66's mod_http2 (CVSS 8.8) enables denial-of-service on all servers and remote code execution on Debian and Docker deployments. Australian site owners must patch to 2.4.67 or apply WAF mitigation now.
DragonForce ransomware struck gelato chain Gelatissimo and builder Champion Homes in April 2026, exposing staff and customer data. Here's what Australian SMBs must do before they're next.
Six national cybersecurity agencies — including Australia's ACSC — issued their first joint guidance on agentic AI. Here's what it means for Australian businesses using AI tools.
A nine-year-old Linux kernel bug grants root in seconds with no race condition required. CISA added it to KEV. What Australian businesses and website owners must do now.
ACSC and 15 allied agencies confirm Russia's GRU Unit 26165 is actively targeting logistics and tech companies. Here's what Australian organisations must do now.
A critical pre-auth SQL injection in LiteLLM's AI gateway proxy (CVSS 9.3) was exploited within 36 hours of disclosure, stealing OpenAI, Anthropic, and Bedrock credentials. Patch checklist and secrets hygiene for Australian developers.
A CVSS 9.8 authentication bypass in cPanel and WHM was exploited for two months as a zero-day before the patch dropped. The ACSC confirms active exploitation in Australia — here's what to do.
Qilin recorded 31 confirmed victims in a single week in late April 2026, making it the world's most prolific ransomware group. Multiple Australian organisations have already been hit — here's what you need to do.
A Roblox cheat download planted Lumma Stealer at a third-party vendor, bypassing MFA entirely and exposing environment variables from hundreds of Vercel customer projects.
A joint advisory from 16 agencies — including Australia's ACSC — warns China-linked groups are weaponising compromised home routers for espionage and pre-positioning attacks on critical infrastructure.
Australia's ACSC has warned of a CVSS 10.0 unauthenticated RCE vulnerability in n8n workflow automation. Over 26,000 servers remain exposed months after a patch was released.
An NSW Treasury staffer was arrested after allegedly transferring 5,600 sensitive government documents to an external server. Here's what every Australian organisation must know about insider threat detection and prevention.
The official Bitwarden CLI npm package was compromised for 93 minutes on 22 April 2026, deploying a self-propagating worm that stole developer credentials across npm, SSH, and cloud environments.
Microsoft's April 2026 Patch Tuesday patched a SharePoint zero-day already exploited in the wild. Over 1,370 servers remain exposed globally. Here's what Australian organisations must check and do now.
Attackers secretly inserted a PHP backdoor into 31 WordPress plugins in 2025, then activated it in April 2026 to inject SEO spam into 400,000 sites. A separate attack hit Smart Slider 3 Pro the same week. Here's what Australian site owners need to check and do now.
The Gentlemen RaaS exploded from 35 to 320+ victims in six months and now deploys a 1,570-host botnet via SystemBC. Australian firms are a priority target — here's how the attacks work and what to do.
CISA added four Cisco Catalyst SD-WAN Manager CVEs to its exploit watchlist in 48 hours. Threat actor UAT-8616 is chaining them to seize full network control — Australian organisations have days to act.
The world's largest-ever credential dump exposes 16 billion logins harvested by infostealer malware — including Australian government portals and banking accounts. Here's what it means and exactly what to do.
BlueHammer, RedSun, and UnDefend are all being actively exploited. Microsoft has patched only one. Here's what Australian organisations must do while two flaws remain open.
Space Bears ransomware published 213 GB of stolen client data — including bank details and signed tax forms — from a Melbourne financial firm after the ransom deadline passed this week.
Five Eyes agencies have confirmed INC Ransom is actively targeting Australian hospitals. Here's how the attacks work, what the ACSC advisory means, and how to protect your organisation.
CISA added six critical vulnerabilities to its KEV catalogue on 14 April 2026, including a near-perfect CVSS 9.8 Fortinet SQL injection that needs no credentials to exploit. Here's what to patch right now.
Booking.com confirmed a supply chain breach on 13 April exposing traveller data. Australian users are being hit by targeted WhatsApp phishing — here's what to do right now.
Researchers from ETH Zurich uncovered 25 attack vectors across Bitwarden, LastPass, and Dashlane affecting 60 million users. Here's what happened and how to protect yourself.
Everything you need to know about the largest coordinated vulnerability disclosure in history, powered by Claude Mythos.
We tested NordVPN, Surfshark, and PureVPN for Australian users. Here's which one you should choose based on your needs.
AI systems are discovering entire new classes of security flaws that human researchers missed for decades. Here's how it works.
A detailed head-to-head comparison of the two most popular VPNs on speed, security, price, and features.