CIL Security Advisory

PseudoManuscrypt Malware: High-Volume Espionage and Industrial Infiltration

While many malware campaigns focus on quick financial theft, PseudoManuscrypt represents a more harmful breed of threat: the professional spy.…

Continuous Penetration Testing: Closing the Vulnerability Gap with Autonomous AI

For years, organisations have relied on periodic, manual penetration testing to secure their most critical applications. However, due to time…

Hardening OT/IT Convergence Against State-Sponsored Threats

The historical "air gap" between Operational Technology (OT) and Information Technology (IT) has effectively vanished. In the drive for "Industry…

Mitigation of Supply Chain “Poisoning” & Open Source Software (OSS) Risk

Modern software development relies heavily on open-source components; roughly 80-90% of a modern application's code is not written by its…

Defence Against Ransomware 3.0 (Multi-Extortion)

Ransomware has evolved into "Ransomware 3.0", shifting from file encryption to "Triple Extortion". Attackers now prioritise data exfiltration, threatening to…

Defending Against Autonomous AI Agents and Machine-Speed Intrusion Chains

In February 2024, a joint Microsoft and OpenAI investigation found state-sponsored groups, including Forest Blizzard (Russia) and Charcoal Typhoon (China),…

Identity Crisis – The Rise of PhaaS & MFA Bypass

In March 2024, cybersecurity researchers at Sekoia.io discovered a massive surge in the Tycoon2FA PhaaS platform. This kit was used…

Critical Remote Code Execution (RCE) in React Server Components: CVE-2025-55182

While React Server Components (RSC) improves user experience, it creates a powerful bridge between the client and the server's core.…

pac4j-jwt Vulnerability: Could Allow Authentication Bypass

In modern web applications, JSON Web Tokens (JWTs) act like digital passports. They tell the server who you are and…