Security Blog
Practical cybersecurity guides for NZ businesses
More PayPal emails hijacked to deliver tech support scams
Tech support scammers are once again abusing PayPal's legitimate email infrastructure to deliver convincing scam messages that bypass standard email authentication checks. For NZ businesses — particularly those with finance staff handling payment notifications — these emails will pass DKIM, SPF and
Fast16 Malware
Researchers have reverse-engineered Fast16, a state-sponsored malware (likely US in origin) deployed against Iran years before Stuxnet. While the targets were industrial and research systems abroad, the techniques pioneered by Fast16 represent a class of subtle sabotage that any organisation relying
AI threats in the wild: The current state of prompt injections on the web
As New Zealand businesses rapidly adopt AI assistants, copilots, and agentic workflows, prompt injection has emerged as one of the most significant new attack surfaces. Google's latest research into real-world prompt injection activity confirms what defenders have suspected: attackers are now active
ZDI-26-299: Docker Desktop Enhanced Container Isolation Exposed Dangerous Function Local Privilege Escalation Vulnerability
Docker Desktop is widely used across NZ development teams for local container work, CI pipelines, and dev/test environments. A newly disclosed privilege escalation flaw (CVE-2026-6406, CVSS 8.8) breaks the Enhanced Container Isolation boundary that many teams rely on as a safety net — meaning a comp