CIL Security Advisory

Supply Chain Attacks: Compromise through Developer Tooling

Modern cyberattacks are increasingly targeting the software development ecosystem itself. Rather than attacking production servers directly, threat actors now compromise…

Defence Against Deepfake Social Engineering (BEC 2.0)

The days of relying on simple voice or video for identity verification are over. "Business Email Compromise" (BEC) has rapidly…

Mitigation of API Logic Abuse & Predatory Bots

Traditional security tools like Firewalls and WAFs are unable to stop "Logic Abuse" because they are designed to only block…

The Limits of AES & The Necessity of Post-Quantum Cryptography (PQC)

The common reliance on strong AES encryption is dangerously misplaced, as quantum computers will swiftly compromise the initial key exchange…

The Enemy in Your Pocket: Android OS Multiple Malware Variants

For most of us, our Android smartphone is our most trusted companion. It holds our bank accounts, private conversations, and…

ClickFix Social Engineering: When the User Becomes the Attack Vector

ClickFix is a fast-growing social engineering technique where threat actors trick users into copying and pasting malicious commands into the…

Browser-in-the-Browser (BitB): Fake Login Popups Stealing Real Credentials

In Browser-in-the-Browser (BitB) phishing, threat actors create a fake browser pop-up window inside a real webpage to trick users into…

PseudoManuscrypt Malware: High-Volume Espionage and Industrial Infiltration

While many malware campaigns focus on quick financial theft, PseudoManuscrypt represents a more harmful breed of threat: the professional spy.…

Continuous Penetration Testing: Closing the Vulnerability Gap with Autonomous AI

For years, organisations have relied on periodic, manual penetration testing to secure their most critical applications. However, due to time…