top of page
The Security Brief
Cisco's Maximum-Severity SD-WAN Flaw Is Under Active Attack
Cisco has patched a flaw in its Catalyst SD-WAN Controller that carries the worst score the CVSS scale can give: a clean 10.0. Tracked as CVE-2026-20182, it lets an unauthenticated attacker bypass authentication entirely and take administrative control of the device. Cisco confirmed the flaw was already being exploited before the fix was available. What Happened The vulnerability sits in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller (formerly vSmart
14 minutes ago3 min read
The Instructure Breach: 275 Million Records and a Hard Look at Education's Supply Chain
ShinyHunters has claimed a breach of Instructure, the company behind the Canvas learning management system used by roughly 9,000 schools and universities worldwide. The group says it pulled personal records on 275 million students, teachers and staff, and gave Instructure until 12 May to pay or watch the data hit a public leak site. Australian institutions running Canvas are now part of that exposure picture. What Happened ShinyHunters publicly took credit for the Instructure
May 83 min read
Copy Fail (CVE-2026-31431): What the Latest Linux Privilege Escalation Means for Australian Defenders
A 732-byte Python script. That is all it takes to go from an unprivileged shell to root on almost every Linux distribution shipped since 2017. The flaw, dubbed Copy Fail and tracked as CVE-2026-31431, was disclosed on 29 April by researchers from Theori and Xint after sitting unnoticed in the Linux kernel for nine years. What Happened Copy Fail is a logic bug in the Linux kernel's authencesn AEAD cryptographic template, reachable through the AF_ALG socket interface. By chaini
May 13 min read
bottom of page