The Security Brief

A newly disclosed vulnerability in Docker Engine has once again shown how a single overlooked edge case can unravel an entire security control. CVE-2026-34040, rated 8.8 on the CVSS scale, allows attackers to bypass authorisation plugins with nothing more than a padded HTTP request. For any organisation running containers in production — which today means most of them — the implications are serious and immediate. What Happened Researchers at Cyera discovered that Docker's mid

A critical authentication bypass vulnerability in Cisco's Integrated Management Controller (IMC) has sent security teams scrambling this week, with a CVSS score of 9.8 out of 10.0 placing it firmly in the "patch immediately" category. For organisations running Cisco UCS servers — including many Australian enterprises and government agencies — the window between disclosure and exploitation is narrowing fast. What Happened Cisco disclosed CVE-2026-20093 on 3 April 2026, a criti

A sophisticated phishing-as-a-service platform has compromised more than 340 Microsoft 365 organisations across five countries — including Australia — in under six weeks. What makes this campaign particularly alarming is not its scale, but its mechanism: multi-factor authentication (MFA), the control that many organisations treat as their identity security bedrock, offers no meaningful protection against it. The campaign, attributed to a platform called EvilTokens, exploits a