RSS Feeds
A few days ago, I wrote that there was no need to panic about AI and cybersecurity.
I still believe that.
But "do not panic" does not mean "do nothing". It certainly does not mean that organisations can keep doing exactly the same thing, at exactly the same speed, with exactly the same assumptions.
And one of those assumptions may be quietly dying in front of us: the idea that organisations have weeks to fix serious vulnerabilities before attackers can realistically exploit them at scale.
The Old Patching Rhythm
For many organisations, vulnerability management has historically been built around a fairly comfortable rhythm: scan, prioritise, assign, test, patch, report, chase, escalate, and eventually close.
That process was never perfect, but it was familiar. Critical vulnerabilities often had remediation SLAs measured in weeks. High vulnerabilities were sometimes given months. Only the truly urgent cases, the ones...
>>[READ MORE]
{elysiumsecurity} 
Cyber Protection & Response
-
News Links
Security News (124 Posts)
Patching Faster Than Your Shadow? AI and the New Vulnerability Race
Maybe AI won't kill us after all: a more balanced take on AI and CyberSecurity
The doom headlines write themselves.
AI creates infinite zero days. AI will automate hacking at scale. AI will make every developer's code a security liability. Your organisation is exposed. You should be scared.
And sure, some of that is true. We've covered it here before.
But lately, there's been a quieter conversation happening, a growing number of credible voices suggesting that AI might actually move the needle in the right direction for cybersecurity, over the medium to long term. Not instead of the risks, but alongside them. And that's worth talking about.
The Infinite Bug Problem, and the Math
Let's start with Firefox.
Last week, Mozilla released Firefox 150, which patched 271 vulnerabilities, many of them identified with the help of Anthropic's Claude Mythos. That's a remarkable number. Industry coverage predictably focused on the headline figure.
But here's the thing worth sitting with: how many vulnerabilities existed in Fir...
>>[READ MORE]
Infinite Zero Day Machine, so what?
Anthropic just released MYTHOS, a model trained to find zero day exploits.
The security world is buzzing.
But before you panic and rewrite your entire incident response playbook, let's ask the obvious question: does this actually change how you defend your organization?
The answer is yes, but maybe not in the way you think.
Yes, a model that can systematically discover zero days is genuinely significant.
But no, it doesn't render your existing security controls obsolete.
In fact, the fundamentals that have protected you against zero day threats for decades are still your best bet.
So what's really different? And what stays the same?
The Hype Problem
Zero days have always been the boogeyman of cybersecurity.
They're unknown, they're weaponized before patches exist, and up to know, often difficult to find.
But here's the thing, you've never actually been able to prevent them directly.
Your defense stra...
>>[READ MORE]
Racing to AI: Don’t Forget the Rules of the Road
Artificial Intelligence is moving faster than almost any technology in history.
Organizations are racing to adopt AI, seeing it as a tool that can accelerate decision-making, improve productivity, and unlock new capabilities.
Yet, while AI is a tremendous enabler, diving in headfirst without fully understanding it carries cybersecurity and data privacy risks, and mistakes are just waiting to happen.
To understand the potential pitfalls, consider a historical analogy: when cars were first invented, society still relied on horses and carriages.
Roads, regulations, and safety systems didn't exist overnight.
Imagine if, one day, everyone suddenly switched to cars, with no driving experience, no rules of the road, and no safety measures like seat belts or airbags.
The result would have been chaos (and it was in some part of the world with cars early adopters)
That's essentially what's happening with AI today.
Organizations...
>>[READ MORE]
When Microsoft Turns Against You: Hackers Wipe Thousands of Devices
Microsoft Intune is used by many organisation as a security/admin tool to manage endpoints, ensure they have the correct security controls, the right level of patches, only certain authorised applications, etc.
And, as well, when an endpoint/device may get lost, it allows the company/an admin, to remotely wipe the device for security reason.
So what could go wrong?
In March 2026, Stryker Corporation learned a hard lesson: attackers don't always need malware.
By compromising admin credentials, the threat actors leveraged Microsoft Intune to remotely wipe tens of thousands of devices across the organization: laptops, servers, and mobile endpoints.
The attack caused widespread disruption to operations, from order processing to shipping.
Who would ever need to mass wipe out all endpoints in an organisation besides a hacker?
It looks like Microsoft never asked themselves that question...
Because not only is that option there by defau...
>>[READ MORE]
MAURITIUS SECURITY CLUB IS BACK - MU.SCL Season 3!
After many years, we are finally back!
We are happy to confirm our new meeting for the Mauritius Cyber Security Club: MU.SCL.
This FREE to attend meeting will take place at the Flying Dodo Brewing Company in Bagatelle. In there conference room upstairs.
In this new event, the following two talks will be presented:
- Talk1 - 2025 LESSONS FOR 2026 (Sylvain Martinez - ELYSIUMSECURITY): The first talk will provide an overview of the main security stories (horrors) or 2025 and what we can learn about them to make 2026 more secured.
- Talk2 - AI, ENABLER OR THREAT? (Sylvain Martinez - ELYSIUMSECURITY): The second talk will look at the latest news related to Artificial Intelligence, how it is used to enhance security protections but also used to facilitate more sofisticated attacks. We will also touch on what it may means for our future security jobs/roles!
>>[READ MORE]
Notepad++ and the joy of shadow IT application procurement
Last month the maintainer of Notepad++ published a disclosure that will make any developer or sysadmin uncomfortable.
For about six months, from June through December 2025, the software's update mechanism had been hijacked by a Chinese state-sponsored threat actor.
Every time a targeted user hit "Check for Updates", they were potentially downloading malware instead of a legitimate new version, and the installer looked and behaved exactly like the real thing.
Notepad++ is not a niche tool. It is one of the most widely installed text editors in the world, used daily by developers, system administrators, network engineers, and security professionals.
That demographic is precisely why it was targeted. In enterprise environments, these are often the most privileged users on the network. Compromise their workstation through a trusted update and you have bypassed the perimeter entirely.
The attackers did not touch a single line of Notepad++ source code. They...
>>[READ MORE]
Apple's Spyware Alerts and 2025 closing thoughts!
On 2 December 2025, Apple sent threat notifications to users in 84 countries - one of the largest single waves since the programme launched.
Not a security tip.
A direct, personal warning: your device may have been targeted by state-sponsored attackers. Apple reserves these alerts for situations where it believes a user is being hunted by well-resourced, sophisticated operators. Custom operations. Expensive. Almost always government-connected.
The alerts landed in the middle of a coordinated disclosure by Google, Amnesty International, and a consortium of investigative journalists focused on Intellexa - the company behind the Predator spyware platform. Already sanctioned twice by the US government, Intellexa had simply adapted: setting up shell companies to infiltrate advertising networks, and deploying a new infection method called "Aladdin" that silently compromises a device through a targeted banner ad.
There was no link to click, no file to open. Just an...
>>[READ MORE]
Cyber Security Governance resources from the UK Government
Last month, the UK government addressed a letter to all CEOs and Chairs or leading UK companies emphasising that hostile cyber activity is increasing in frequency, sophistication, and impact. It also stated that cyber resilience is a critical enabler of economic growth and that organisations recover better when they have planned and rehearsed for worst-case disruption.
Although it references services and bills that are UK centric, there are some interesting points and information that could be considered and/or used in any country.
The letter asks companies to take three specific actions:
- Make cyber risk a Board-level priority by using the Cyber Governance Code of Practice.
- Sign up to the Early Warning service of the National Cyber Security Centre (NCSC) – a free service giving early alerts of potential attacks on your network. Your country may offer a national CERT service that is similar and if not but it could also be replaced with a ...
>>[READ MORE]
What the Salesfoce breach can teach us on Cloud/SaaS Security?
What Happened?
The attack ran on two front simultaneously.
- On the first, attackers quietly compromised Salesloft's GitHub repositories between March and June 2025, stealing Drift OAuth refresh tokens. Those tokens gave them persistent, legitimate-looking API access to the Salesforce environments of every company using their integration. Thousands of database queries were run in the background, pulling contact records, case data, and critically embedded credentials like AWS keys and tokens that had been pasted into support tickets.
- On the second, attackers impersonated Salesforce support staff in targeted phone calls, tricking employees into installing a malicious app that granted OAuth access and bypassed MFA entirely. This campaign hit consumer brands directly.
Once they had accumulated enough data, the group went public. On 3 October 2025, they launched a dark web site called: Trinity of Chaos, published samples of...
>>[READ MORE]