top of page
The Security Brief
The Instructure Breach: 275 Million Records and a Hard Look at Education's Supply Chain
ShinyHunters has claimed a breach of Instructure, the company behind the Canvas learning management system used by roughly 9,000 schools and universities worldwide. The group says it pulled personal records on 275 million students, teachers and staff, and gave Instructure until 12 May to pay or watch the data hit a public leak site. Australian institutions running Canvas are now part of that exposure picture. What Happened ShinyHunters publicly took credit for the Instructure
May 83 min read
Copy Fail (CVE-2026-31431): What the Latest Linux Privilege Escalation Means for Australian Defenders
A 732-byte Python script. That is all it takes to go from an unprivileged shell to root on almost every Linux distribution shipped since 2017. The flaw, dubbed Copy Fail and tracked as CVE-2026-31431, was disclosed on 29 April by researchers from Theori and Xint after sitting unnoticed in the Linux kernel for nine years. What Happened Copy Fail is a logic bug in the Linux kernel's authencesn AEAD cryptographic template, reachable through the AF_ALG socket interface. By chaini
May 13 min read
Critical Cisco IMC Vulnerability (CVE-2026-20093): What Australian Organisations Need to Do Now
A critical authentication bypass vulnerability in Cisco's Integrated Management Controller (IMC) has sent security teams scrambling this week, with a CVSS score of 9.8 out of 10.0 placing it firmly in the "patch immediately" category. For organisations running Cisco UCS servers — including many Australian enterprises and government agencies — the window between disclosure and exploitation is narrowing fast. What Happened Cisco disclosed CVE-2026-20093 on 3 April 2026, a criti
Apr 43 min read
Your MFA Won't Stop This: The OAuth Phishing Campaign Targeting Australian Microsoft 365 Users
A sophisticated phishing-as-a-service platform has compromised more than 340 Microsoft 365 organisations across five countries — including Australia — in under six weeks. What makes this campaign particularly alarming is not its scale, but its mechanism: multi-factor authentication (MFA), the control that many organisations treat as their identity security bedrock, offers no meaningful protection against it. The campaign, attributed to a platform called EvilTokens, exploits a
Mar 274 min read
AI Platform Under Fire: CVE-2026-33017 Exploited Within Hours of Disclosure
When a critical vulnerability in a widely-used open-source AI platform is actively exploited within twenty hours of public disclosure — with no public proof-of-concept code in circulation — it signals something more alarming than a single software flaw. It tells us that threat actors are operating with prepared, industrialised exploitation toolkits, ready to strike the moment a new target enters their crosshairs. CVE-2026-33017, a critical remote code execution (RCE) flaw in
Mar 254 min read
bottom of page