CosmicBytez Labs

CosmicBytez Labs https://labs.cosmicbytez.ca IT & Cybersecurity Intelligence - News, Security Alerts, HOWTOs, and Project Guides en-ca Sat, 27 Jun 2026 17:50:04 GMT https://labs.cosmicbytez.ca/images/icon.png CosmicBytez Labs https://labs.cosmicbytez.ca <![CDATA[Employee Offboarding: The Security Checklist Most Northern Alberta Businesses Skip]]> https://labs.cosmicbytez.ca/howtos/2027-05-01-employee-offboarding-the-security-side https://labs.cosmicbytez.ca/howtos/2027-05-01-employee-offboarding-the-security-side Sat, 01 May 2027 00:00:00 GMT howto offboarding identity management access management smb Operations Compliance <![CDATA[OT Security for Sawmills, Shops, and Ag Operations: The Part of Cyber That Breaks Production]]> https://labs.cosmicbytez.ca/howtos/2027-04-01-ot-security-for-sawmills-and-shop-floors https://labs.cosmicbytez.ca/howtos/2027-04-01-ot-security-for-sawmills-and-shop-floors Thu, 01 Apr 2027 00:00:00 GMT howto OT Security ICS sawmill agriculture oilpatch segmentation smb <![CDATA[What a vCISO Actually Does for a 30-Person Business (and When You Don't Need One Yet)]]> https://labs.cosmicbytez.ca/howtos/2027-03-01-vciso-when-smb-actually-needs-one https://labs.cosmicbytez.ca/howtos/2027-03-01-vciso-when-smb-actually-needs-one Mon, 01 Mar 2027 00:00:00 GMT howto vciso smb security leadership Governance Compliance <![CDATA[Your First Cyber-Insurance Renewal: What to Expect When the Questionnaire Arrives the Second Time]]> https://labs.cosmicbytez.ca/howtos/2027-02-01-first-year-cyber-insurance-renewal-review https://labs.cosmicbytez.ca/howtos/2027-02-01-first-year-cyber-insurance-renewal-review Mon, 01 Feb 2027 00:00:00 GMT howto cyber insurance renewal questionnaire smb underwriting canada <![CDATA[Northern Alberta SMB Cyber Threat Landscape: 2027 Outlook]]> https://labs.cosmicbytez.ca/howtos/2027-01-15-northern-alberta-smb-cyber-threat-landscape-2027 https://labs.cosmicbytez.ca/howtos/2027-01-15-northern-alberta-smb-cyber-threat-landscape-2027 Fri, 15 Jan 2027 00:00:00 GMT howto Threat Landscape 2027 smb northern alberta canada year ahead <![CDATA[5 Things Every 2026 Cyber-Insurance Policy Now Requires (And How to Check Yours)]]> https://labs.cosmicbytez.ca/howtos/2026-12-15-5-things-cyber-insurance-now-requires https://labs.cosmicbytez.ca/howtos/2026-12-15-5-things-cyber-insurance-now-requires Tue, 15 Dec 2026 00:00:00 GMT howto cyber insurance policy review smb canada underwriting claims <![CDATA[Peace Country Cyber is Open for Business]]> https://labs.cosmicbytez.ca/howtos/2026-12-01-peace-country-cyber-public-launch https://labs.cosmicbytez.ca/howtos/2026-12-01-peace-country-cyber-public-launch Tue, 01 Dec 2026 00:00:00 GMT howto announcement peace country cyber launch northern alberta <![CDATA[The Cyber-Insurance Compliance Checklist — Now Available]]> https://labs.cosmicbytez.ca/howtos/2026-11-15-compliance-checklist-released https://labs.cosmicbytez.ca/howtos/2026-11-15-compliance-checklist-released Sun, 15 Nov 2026 00:00:00 GMT howto cyber insurance checklist Compliance smb lead magnet canada <![CDATA[Introducing Peace Country Cyber]]> https://labs.cosmicbytez.ca/howtos/2026-11-01-peace-country-cyber-soft-launch https://labs.cosmicbytez.ca/howtos/2026-11-01-peace-country-cyber-soft-launch Sun, 01 Nov 2026 00:00:00 GMT howto announcement peace country cyber northern alberta MSP <![CDATA[29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests]]> https://labs.cosmicbytez.ca/news/2026-06-23-29-year-old-squid-proxy-bug-squidbleed-can-leak-cleartext-http-requests https://labs.cosmicbytez.ca/news/2026-06-23-29-year-old-squid-proxy-bug-squidbleed-can-leak-cleartext-http-requests Tue, 23 Jun 2026 00:00:00 GMT news vulnerability squid-proxy cve memory-disclosure enterprise-security patch <![CDATA[Data Exposure Flaws in Dify AI Platform Put 1 Million+ App Tenants at Risk]]> https://labs.cosmicbytez.ca/news/2026-06-23-data-exposure-flaws-threaten-dify-ai-platform-used-by-1-million-apps https://labs.cosmicbytez.ca/news/2026-06-23-data-exposure-flaws-threaten-dify-ai-platform-used-by-1-million-apps Tue, 23 Jun 2026 00:00:00 GMT news AI Security Cloud Security Dify Data Exposure Multi-Tenant IDOR <![CDATA[Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks]]> https://labs.cosmicbytez.ca/news/2026-06-23-eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-at https://labs.cosmicbytez.ca/news/2026-06-23-eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-at Tue, 23 Jun 2026 00:00:00 GMT news Samsung KNOX Android Kernel Use-After-Free Vulnerability Mobile Security <![CDATA[FortiBleed Attackers Turn Firewalls Into Credential Stealers as Heists Persist]]> https://labs.cosmicbytez.ca/news/2026-06-23-fortibleed-attackers-turn-firewalls-into-credential-stealers-as-heists-persist https://labs.cosmicbytez.ca/news/2026-06-23-fortibleed-attackers-turn-firewalls-into-credential-stealers-as-heists-persist Tue, 23 Jun 2026 00:00:00 GMT news Threat Intelligence Fortinet FortiBleed Credential Theft Malware <![CDATA[FortiBleed: Russian IAB Harvested 110 Million Credentials from 430,000 FortiGate Firewalls]]> https://labs.cosmicbytez.ca/news/2026-06-23-fortibleed-targeted-fortigate-firewalls-in-110-million-credential-harvesting-ope https://labs.cosmicbytez.ca/news/2026-06-23-fortibleed-targeted-fortigate-firewalls-in-110-million-credential-harvesting-ope Tue, 23 Jun 2026 00:00:00 GMT news Fortinet FortiGate Russia Credential Theft Initial Access Broker Firewall <![CDATA[GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns]]> https://labs.cosmicbytez.ca/news/2026-06-23-github-updates-actionscheckout-to-block-common-pwn-request-attack-patterns https://labs.cosmicbytez.ca/news/2026-06-23-github-updates-actionscheckout-to-block-common-pwn-request-attack-patterns Tue, 23 Jun 2026 00:00:00 GMT news Supply Chain GitHub Actions CI/CD Security Updates <![CDATA[LastPass Confirms Data Breach in Klue Supply Chain Attack]]> https://labs.cosmicbytez.ca/news/2026-06-23-lastpass-confirms-data-breach-in-klue-supply-chain-attack https://labs.cosmicbytez.ca/news/2026-06-23-lastpass-confirms-data-breach-in-klue-supply-chain-attack Tue, 23 Jun 2026 00:00:00 GMT news Data Breach Supply Chain Salesforce Extortion <![CDATA[New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer]]> https://labs.cosmicbytez.ca/news/2026-06-23-new-oxloader-loader-uses-malicious-google-ads-to-deliver-castlestealer https://labs.cosmicbytez.ca/news/2026-06-23-new-oxloader-loader-uses-malicious-google-ads-to-deliver-castlestealer Tue, 23 Jun 2026 00:00:00 GMT news malware infostealer malvertising google-ads castlestealer oxloader elastic-security <![CDATA[OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws]]> https://labs.cosmicbytez.ca/news/2026-06-23-openai-expands-daybreak-with-gpt-55-cyber-to-help-defenders-patch-security-flaws https://labs.cosmicbytez.ca/news/2026-06-23-openai-expands-daybreak-with-gpt-55-cyber-to-help-defenders-patch-security-flaws Tue, 23 Jun 2026 00:00:00 GMT news ai openai vulnerability-research patch-management open-source-security daybreak <![CDATA[Russian Initial Access Broker Behind FortiBleed Campaign]]> https://labs.cosmicbytez.ca/news/2026-06-23-russian-initial-access-broker-behind-fortibleed-campaign https://labs.cosmicbytez.ca/news/2026-06-23-russian-initial-access-broker-behind-fortibleed-campaign Tue, 23 Jun 2026 00:00:00 GMT news APT Russia Nation-State Fortinet FortiBleed <![CDATA[Scope of Salesforce Attacks Expands as Icarus Leaks Stolen Data]]> https://labs.cosmicbytez.ca/news/2026-06-23-scope-of-salesforce-attacks-expands-as-icarus-leaks-data https://labs.cosmicbytez.ca/news/2026-06-23-scope-of-salesforce-attacks-expands-as-icarus-leaks-data Tue, 23 Jun 2026 00:00:00 GMT news Data Breach Salesforce OAuth Supply Chain Klue Icarus Threat Intelligence <![CDATA[WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool]]> https://labs.cosmicbytez.ca/news/2026-06-23-whatsapp-vbscript-campaign-uses-fake-documents-to-install-manageengine-rmm-tool https://labs.cosmicbytez.ca/news/2026-06-23-whatsapp-vbscript-campaign-uses-fake-documents-to-install-manageengine-rmm-tool Tue, 23 Jun 2026 00:00:00 GMT news malware social-engineering whatsapp vbscript rmm living-off-the-land kaspersky <![CDATA[CVE-2025-67038: Lantronix EDS5000 OS Command Injection Vulnerability]]> https://labs.cosmicbytez.ca/security/cve-2025-67038-lantronix-eds5000-code-injection-vulnerability https://labs.cosmicbytez.ca/security/cve-2025-67038-lantronix-eds5000-code-injection-vulnerability Tue, 23 Jun 2026 00:00:00 GMT security CVE CISA KEV Command Injection Lantronix Industrial IoT <![CDATA[CVE-2026-11374: ManageEngine SSO Ticket Prediction Enables Unauthenticated Account Takeover]]> https://labs.cosmicbytez.ca/security/cve-2026-11374 https://labs.cosmicbytez.ca/security/cve-2026-11374 Tue, 23 Jun 2026 00:00:00 GMT security CVE-2026-11374 ManageEngine SSO Authentication Bypass Account Takeover Active Directory CWE-330 Windows <![CDATA[CVE-2026-12866: expr-eval npm Package Enables Arbitrary Code Execution via toJSFunction()]]> https://labs.cosmicbytez.ca/security/cve-2026-12866 https://labs.cosmicbytez.ca/security/cve-2026-12866 Tue, 23 Jun 2026 00:00:00 GMT security CVE-2026-12866 expr-eval npm JavaScript Node.js Code Injection RCE Sandbox Escape CWE-94 <![CDATA[CVE-2026-9733: Mojolicious OAuth2 Weak PRNG Enables CSRF Session Hijacking]]> https://labs.cosmicbytez.ca/security/cve-2026-9733 https://labs.cosmicbytez.ca/security/cve-2026-9733 Tue, 23 Jun 2026 00:00:00 GMT security CVE-2026-9733 OAuth2 CSRF Perl CPAN Session Hijacking CWE-338 Weak PRNG <![CDATA[AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network]]> https://labs.cosmicbytez.ca/news/2026-06-22-arystinger-malware-infects-4300-legacy-routers-proxy-network https://labs.cosmicbytez.ca/news/2026-06-22-arystinger-malware-infects-4300-legacy-routers-proxy-network Mon, 22 Jun 2026 00:00:00 GMT news Malware Botnet Router Security QNAP D-Link <![CDATA[FFmpeg Fixes PixelSmash Flaw in Widely Used Video Decoder]]> https://labs.cosmicbytez.ca/news/2026-06-22-ffmpeg-fixes-pixelsmash-flaw-in-widely-used-video-decoder https://labs.cosmicbytez.ca/news/2026-06-22-ffmpeg-fixes-pixelsmash-flaw-in-widely-used-video-decoder Mon, 22 Jun 2026 00:00:00 GMT news FFmpeg Vulnerability CVE Security Update Cloud Security <![CDATA[FortiBleed Campaign Used Custom FortiGate Sniffer to Steal Credentials]]> https://labs.cosmicbytez.ca/news/2026-06-22-fortibleed-campaign-used-custom-fortigate-sniffer-to-steal-credentials https://labs.cosmicbytez.ca/news/2026-06-22-fortibleed-campaign-used-custom-fortigate-sniffer-to-steal-credentials Mon, 22 Jun 2026 00:00:00 GMT news Fortinet FortiGate Credential Theft Threat Campaign <![CDATA[INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific]]> https://labs.cosmicbytez.ca/news/2026-06-22-interpol-warns-phishing-ransomware-ai-scams-asia-pacific https://labs.cosmicbytez.ca/news/2026-06-22-interpol-warns-phishing-ransomware-ai-scams-asia-pacific Mon, 22 Jun 2026 00:00:00 GMT news Ransomware Phishing AI Cybercrime INTERPOL <![CDATA[JaredFromSubway MEV Bot Hacked in $15 Million Crypto Theft]]> https://labs.cosmicbytez.ca/news/2026-06-22-jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft https://labs.cosmicbytez.ca/news/2026-06-22-jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft Mon, 22 Jun 2026 00:00:00 GMT news Cryptocurrency DeFi Security MEV Blockchain Exploit <![CDATA[Microsoft Fixes AutoGen Studio Flaw That Enabled Code Execution]]> https://labs.cosmicbytez.ca/news/2026-06-22-microsoft-fixes-autogen-studio-flaw-that-enabled-code-execution https://labs.cosmicbytez.ca/news/2026-06-22-microsoft-fixes-autogen-studio-flaw-that-enabled-code-execution Mon, 22 Jun 2026 00:00:00 GMT news Microsoft AI Security Vulnerability Code Execution Security Update <![CDATA[Microsoft Says Windows 11 26H2 Is Coming Soon, Details Upgrade Process]]> https://labs.cosmicbytez.ca/news/2026-06-22-microsoft-says-windows-11-26h2-is-coming-soon-details-upgrade-process https://labs.cosmicbytez.ca/news/2026-06-22-microsoft-says-windows-11-26h2-is-coming-soon-details-upgrade-process Mon, 22 Jun 2026 00:00:00 GMT news Microsoft Windows Security Updates Patch Management <![CDATA[New Exploit Bypasses Apple's Boot Defenses, Affects Millions of iPhones]]> https://labs.cosmicbytez.ca/news/2026-06-22-new-exploit-bypasses-apple-boot-defenses-millions-iphones https://labs.cosmicbytez.ca/news/2026-06-22-new-exploit-bypasses-apple-boot-defenses-millions-iphones Mon, 22 Jun 2026 00:00:00 GMT news Vulnerability Apple Security Updates <![CDATA[A Record-Breaking Patch Tuesday for June 2026]]> https://labs.cosmicbytez.ca/news/2026-06-22-record-breaking-patch-tuesday-june-2026 https://labs.cosmicbytez.ca/news/2026-06-22-record-breaking-patch-tuesday-june-2026 Mon, 22 Jun 2026 00:00:00 GMT news Microsoft Windows Patch Tuesday Security Updates CVE <![CDATA[Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants]]> https://labs.cosmicbytez.ca/news/2026-06-22-researchers-detail-difytap-flaws-in-dify-that-could-expose-ai-chats-across-tenan https://labs.cosmicbytez.ca/news/2026-06-22-researchers-detail-difytap-flaws-in-dify-that-could-expose-ai-chats-across-tenan Mon, 22 Jun 2026 00:00:00 GMT news AI Security Cloud Security Vulnerability Multi-Tenant <![CDATA[A Glimpse into the 'Search Your Target' Market for Stolen Credentials]]> https://labs.cosmicbytez.ca/news/2026-06-22-search-your-target-stolen-credentials-market https://labs.cosmicbytez.ca/news/2026-06-22-search-your-target-stolen-credentials-market Mon, 22 Jun 2026 00:00:00 GMT news BleepingComputer General <![CDATA[ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack]]> https://labs.cosmicbytez.ca/news/2026-06-22-shapedplugin-wordpress-pro-plugins-backdoored-in-supply-chain-attack https://labs.cosmicbytez.ca/news/2026-06-22-shapedplugin-wordpress-pro-plugins-backdoored-in-supply-chain-attack Mon, 22 Jun 2026 00:00:00 GMT news Supply Chain WordPress Malware Threat Intelligence <![CDATA[Texas Parks & Wildlife Data Breach Affects 3 Million Individuals]]> https://labs.cosmicbytez.ca/news/2026-06-22-texas-parks-wildlife-data-breach-3-million https://labs.cosmicbytez.ca/news/2026-06-22-texas-parks-wildlife-data-breach-3-million Mon, 22 Jun 2026 00:00:00 GMT news Data Breach Supply Chain PII Texas <![CDATA[Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More]]> https://labs.cosmicbytez.ca/news/2026-06-22-weekly-recap-browser-bugs-edr-killers-tv-botnet-openbsd-flaw-android-trojan https://labs.cosmicbytez.ca/news/2026-06-22-weekly-recap-browser-bugs-edr-killers-tv-botnet-openbsd-flaw-android-trojan Mon, 22 Jun 2026 00:00:00 GMT news Ransomware Malware Android The Hacker News Cybercrime <![CDATA[What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks]]> https://labs.cosmicbytez.ca/news/2026-06-22-what-the-latest-shinyhunters-breaches-reveal-about-modern-cyberattacks https://labs.cosmicbytez.ca/news/2026-06-22-what-the-latest-shinyhunters-breaches-reveal-about-modern-cyberattacks Mon, 22 Jun 2026 00:00:00 GMT news Malware Zero-Day Data Breach <![CDATA[WhatsApp Phishing Attack Uses Fake Business Docs to Hack PCs]]> https://labs.cosmicbytez.ca/news/2026-06-22-whatsapp-phishing-attack-uses-fake-business-docs-to-hack-pcs https://labs.cosmicbytez.ca/news/2026-06-22-whatsapp-phishing-attack-uses-fake-business-docs-to-hack-pcs Mon, 22 Jun 2026 00:00:00 GMT news Phishing Malware WhatsApp Social Engineering VBScript <![CDATA[Deploy OpenCanary to Catch Attackers Inside Your Network]]> https://labs.cosmicbytez.ca/howtos/2026-06-22-opencanary-honeypot-deployment https://labs.cosmicbytez.ca/howtos/2026-06-22-opencanary-honeypot-deployment Mon, 22 Jun 2026 00:00:00 GMT howto honeypot deception intrusion-detection opencanary blue-team network-security threat-detection <![CDATA[Accenture to Acquire Majority Stake in Dragos, runZero, and NetRise in $4.1 Billion OT Cybersecurity Push]]> https://labs.cosmicbytez.ca/news/2026-06-21-accenture-acquires-dragos-runzero-netrise-41-billion https://labs.cosmicbytez.ca/news/2026-06-21-accenture-acquires-dragos-runzero-netrise-41-billion Sun, 21 Jun 2026 00:00:00 GMT news OT Security M&A Dragos Accenture Industrial Security Critical Infrastructure ICS <![CDATA[Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way]]> https://labs.cosmicbytez.ca/news/2026-06-21-ai-agents-identity-governance-challenge https://labs.cosmicbytez.ca/news/2026-06-21-ai-agents-identity-governance-challenge Sun, 21 Jun 2026 00:00:00 GMT news AI Security Identity Governance Zero Trust Shadow AI Agentic AI DevSecOps <![CDATA[AryStinger Botnet Infected Thousands of D-Link Routers Worldwide]]> https://labs.cosmicbytez.ca/news/2026-06-21-arystinger-botnet-infected-thousands-of-d-link-routers-worldwide https://labs.cosmicbytez.ca/news/2026-06-21-arystinger-botnet-infected-thousands-of-d-link-routers-worldwide Sun, 21 Jun 2026 00:00:00 GMT news Malware Botnet D-Link Routers BleepingComputer <![CDATA[China-Nexus Actor Spies on US Researchers Undetected for a Year]]> https://labs.cosmicbytez.ca/news/2026-06-21-china-nexus-actor-spies-on-us-researchers-undetected-for-a-year https://labs.cosmicbytez.ca/news/2026-06-21-china-nexus-actor-spies-on-us-researchers-undetected-for-a-year Sun, 21 Jun 2026 00:00:00 GMT news Data Breach Espionage China Google Threat Intelligence Nation-State <![CDATA[French President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation]]> https://labs.cosmicbytez.ca/news/2026-06-21-french-president-urges-us-to-share-cutting-edge-ai-and-democracies-to-cooperate https://labs.cosmicbytez.ca/news/2026-06-21-french-president-urges-us-to-share-cutting-edge-ai-and-democracies-to-cooperate Sun, 21 Jun 2026 00:00:00 GMT news AI Policy Geopolitics Regulation AI Governance G7 <![CDATA[Google Exposes China Espionage Group UNC6508 Lurking in Networks Since 2023]]> https://labs.cosmicbytez.ca/news/2026-06-21-google-exposes-unc6508-china-espionage-group https://labs.cosmicbytez.ca/news/2026-06-21-google-exposes-unc6508-china-espionage-group Sun, 21 Jun 2026 00:00:00 GMT news China Espionage UNC6508 APT Critical Infrastructure Google Threat Intelligence Nation-State <![CDATA[Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys]]> https://labs.cosmicbytez.ca/news/2026-06-21-hackers-exploit-gravity-smtp-wordpress-plugin-bug-to-expose-api-keys https://labs.cosmicbytez.ca/news/2026-06-21-hackers-exploit-gravity-smtp-wordpress-plugin-bug-to-expose-api-keys Sun, 21 Jun 2026 00:00:00 GMT news WordPress CVE Vulnerability API Keys Web Security <![CDATA[In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum]]> https://labs.cosmicbytez.ca/news/2026-06-21-in-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrik https://labs.cosmicbytez.ca/news/2026-06-21-in-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrik Sun, 21 Jun 2026 00:00:00 GMT news Apple Android AWS Security Updates SecurityWeek Roundup