Security Blog
Practical cybersecurity guides for NZ businesses
TrendAI and TM Opus 4.8: What New Zealand Businesses Need to Know About the Next Wave of AI-Powered Cybersecurity
Trend Micro has unveiled TrendAI with TM Opus 4.8, ushering in a new era of agentic AI-powered cybersecurity. Here's what the announcement means for New Zealand businesses defending against increasingly sophisticated threats.
From Blocking to Removing: How TrendAI and CleanDNS Are Taking Attacker Infrastructure Offline
Trend Micro and CleanDNS have partnered to shift cyber defence from simply blocking malicious infrastructure to removing it from the internet altogether. Here's what this means for New Zealand businesses and how to strengthen your own domain defences.
The Instructure Canvas Breach Explained: What NZ Businesses and Schools Need to Know
A recent breach involving Instructure's Canvas learning platform has raised serious concerns about education sector cybersecurity. Here's what happened, why it matters for New Zealand institutions, and the practical steps you can take to defend against the phishing and impersonation attacks that typically follow.
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
Many New Zealand businesses rely on open-source Python and JavaScript packages for AI, analytics, and SaaS integrations — often pulled directly into CI/CD pipelines. The compromise of PyTorch Lightning and intercom-client shows how a single poisoned dependency can harvest credentials, propagate worm
More PayPal emails hijacked to deliver tech support scams
Tech support scammers are once again abusing PayPal's legitimate email infrastructure to deliver convincing scam messages that bypass standard email authentication checks. For NZ businesses — particularly those with finance staff handling payment notifications — these emails will pass DKIM, SPF and
Fast16 Malware
Researchers have reverse-engineered Fast16, a state-sponsored malware (likely US in origin) deployed against Iran years before Stuxnet. While the targets were industrial and research systems abroad, the techniques pioneered by Fast16 represent a class of subtle sabotage that any organisation relying
ABB AWIN Gateways
CISA has issued an advisory covering three vulnerabilities in ABB AWIN Gateways (GW100 and GW120) used in critical manufacturing environments worldwide, including New Zealand sites. The flaws allow unauthenticated attackers on an adjacent network to reveal sensitive system configuration or remotely
AI threats in the wild: The current state of prompt injections on the web
As New Zealand businesses rapidly adopt AI assistants, copilots, and agentic workflows, prompt injection has emerged as one of the most significant new attack surfaces. Google's latest research into real-world prompt injection activity confirms what defenders have suspected: attackers are now active
ZDI-26-299: Docker Desktop Enhanced Container Isolation Exposed Dangerous Function Local Privilege Escalation Vulnerability
Docker Desktop is widely used across NZ development teams for local container work, CI pipelines, and dev/test environments. A newly disclosed privilege escalation flaw (CVE-2026-6406, CVSS 8.8) breaks the Enhanced Container Isolation boundary that many teams rely on as a safety net — meaning a comp