CIL Security Advisory

Hardening OT/IT Convergence Against State-Sponsored Threats

The historical "air gap" between Operational Technology (OT) and Information Technology (IT) has effectively vanished. In the drive for "Industry…

Mitigation of Supply Chain “Poisoning” & Open Source Software (OSS) Risk

Modern software development relies heavily on open-source components; roughly 80-90% of a modern application's code is not written by its…

Defence Against Ransomware 3.0 (Multi-Extortion)

Ransomware has evolved into "Ransomware 3.0", shifting from file encryption to "Triple Extortion". Attackers now prioritise data exfiltration, threatening to…

Defending Against Autonomous AI Agents and Machine-Speed Intrusion Chains

In February 2024, a joint Microsoft and OpenAI investigation found state-sponsored groups, including Forest Blizzard (Russia) and Charcoal Typhoon (China),…

Identity Crisis – The Rise of PhaaS & MFA Bypass

In March 2024, cybersecurity researchers at Sekoia.io discovered a massive surge in the Tycoon2FA PhaaS platform. This kit was used…

Critical Remote Code Execution (RCE) in React Server Components: CVE-2025-55182

While React Server Components (RSC) improves user experience, it creates a powerful bridge between the client and the server's core.…

pac4j-jwt Vulnerability: Could Allow Authentication Bypass

In modern web applications, JSON Web Tokens (JWTs) act like digital passports. They tell the server who you are and…

Critical Patch Management: Closing the Door on Exploits

Unpatched software remains one of the leading causes of enterprise breaches in 2026. Attackers no longer rely solely on zero-day…

Device Code Phishing: Abusing Legitimate Microsoft 365 Authentication

In device code phishing, threat actors exploit the device code authentication flow to capture authentication tokens, which they then use…