UPDATE: Kaseya has released a tool that users can run to check their VSA server for signs of compromise. For details in our updated advisory here cert.govt.nz/it-specialists…

#CyberSmartWeek starts today – it’s time to Cyber UP NZ! Help us share the word this week to help kiwis UP their online defences! #CyberUPnz with CERT NZ cert.govt.nz/cybersmart

We’re pleased to partner with the GCSB on the new Malware Free Networks initiative, to enhance our ability to detect and disrupt malicious activity on our customers’ networks

New on Aura's research blog - Hacking the Hive: Discovering Vulnerabilities in Aerohive Devices research.aurainfosec.io/hacking-the-hi…

Our EMPEROR TAMARIN sponsors help us pay for the big things - like the venue, our lighting and sound rig, and most importantly our sparkle pyro. Thanks HEAPS to: Spark NZ Aura Information Security CyberCX Google ✨🐵🧔

New on our research blog - from Aura Security Consultant Jordan Smith research.aurainfosec.io/pentest/rssh/

New on the research blog. USB-C docks are commonplace in offices but may not be as innocuous as they appear... Aura's Lachlan Davidson demonstrates how these docks can be weaponised. Link to article below - research.aurainfosec.io/pentest/threat…

Our annual NZ cyber security business research report is out - 55% of businesses surveyed were subject to a cyber-attack, and 44% say they would consider paying a ransom to a cybercriminal. kordia.co.nz/news-and-views…

Published a write-up on successfully phishing a target using AD FS with MFA. Covers some of the challenges and how I finally got it working 🎣 research.aurainfosec.io/pentest/hook-l…

Excellent research on exploiting (RCE) Extreme Networks/Aerohive Wireless APs Credits Lachlan Davidson (Aura Information Security) research.aurainfosec.io/pentest/bee-yo… #embedded #iot #cybersecurity

Hotels are an excellent target for cybercriminals, says Aura Principal Consultant Alastair Miller in Hotel Magazine. Read the article here - hotelmagazine.co.nz/2023/09/28/ala…

New on the Aura research blog from Horatiu Petrescu - perfecting phishing simulations. research.aurainfosec.io/advisory/perfe…

Stoked to be a sponsor of WITCon 2023!

New on the Aura research blog from Principal Chris McCurley - Directory Traversal, SQL Injection and Server-Side Request Forgery in SageCRM. research.aurainfosec.io/disclosure/sag…

There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it. A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately. react.dev/blog/2025/12/0…

Today we are disclosing the details of CVE-2025-64155, an unauth argument injection leading to root remote code execution affecting the Fortinet FortiSIEM. Find the technical details, indicators of compromise, and proof-of-concept exploit in the blog. horizon3.ai/attack-researc…

🚨Malicious cyber actors are actively exploiting Fortinet authentication bypass vulnerability CVE-2026-24858, impacting FortiOS, FortiManager, FortiWeb, FortiProxy, & FortiAnalyzer. Review our Alert, check for IOCs, & apply vendor updates. More info: go.dhs.gov/iRT

⚠️ Hackers Hijacked Notepad++ Update Servers to Redirect Users to Malicious Servers Source: cybersecuritynews.com/notepad-hijack… The developer of Notepad++ has confirmed that a targeted attack by a likely Chinese state-sponsored threat actor compromised the project's former shared hosting

If you're at BSides Ballarat this Saturday at 4:30pm, new to the Industry and looking for an understanding on the different types of roles in InfoSec, stop by and have a listen to our very own Lyal Collins, as he gives a quick overview of skills and career paths in IT Security.

🚨 Google told devs: API keys aren't secrets. Gemini changed that. 😱 We found ~3,000 public keys silently authenticating to Gemini - exposing private files, cached data & charging for LLM usage 💥Even Google's own keys were vulnerable. 🔗 trufflesecurity.com/blog/google-ap…