RSS Feeds
NOTE: In this series of posts, we revisit recent presentations delivered at MU.SCL and provide additional context around the slide decks shared here. While a written post cannot fully reproduce the depth, examples, and discussion of a live session, it should help readers better understand the topic, the key messages, and the practical points behind the slides.
Most organisations still think of a cyber attack as something that starts when an attacker touches their systems. A phishing email arrives, a VPN login fails, a scanner appears in the firewall logs, or an endpoint alert is triggered. At that point, security teams start investigating and everyone agrees that something has begun.
But in many cases, the attack started earlier.
Not in a way that generated logs or triggered an alert, but in the attacker's preparation. Before the first malicious packet reaches the perimeter, the attacker may already know...
>>[READ MORE]
{elysiumsecurity} 
Cyber Protection & Response
-
News Links
Security News (126 Posts)
Risk Averse Vs Risk Aware: a difference that matters!
There is a conversation happening right now in boardrooms, leadership teams, and strategy sessions across almost every industry.
A conversation that has been recurring each time a new technology makes news head lines and is transformative: : "We need to adopt (insert technology name here). We need to move fast. Security, please stop being a blocker."
Of course, at the moment that technology is AI.
A few weeks ago I wrote about why organisations are rushing into AI and the risks that come with it. That post dealt with the pace of adoption and the absence of governance frameworks. This one is about something different: the internal cultural dynamic that the rush creates, and one specific damaging idea that keeps surfacing inside organisations under pressure.
The idea that being risk averse is the enemy of innovation (possibly) and that being security-aware (or conscious) is the same as being risk averse.
It is not. And t...
>>[READ MORE]
A conversation that has been recurring each time a new technology makes news head lines and is transformative: : "We need to adopt (insert technology name here). We need to move fast. Security, please stop being a blocker."
Of course, at the moment that technology is AI.
A few weeks ago I wrote about why organisations are rushing into AI and the risks that come with it. That post dealt with the pace of adoption and the absence of governance frameworks. This one is about something different: the internal cultural dynamic that the rush creates, and one specific damaging idea that keeps surfacing inside organisations under pressure.
The idea that being risk averse is the enemy of innovation (possibly) and that being security-aware (or conscious) is the same as being risk averse.
It is not. And t...
>>[READ MORE]
Patching Faster Than Your Shadow? AI and the New Vulnerability Race
A few days ago, I wrote that there was no need to panic about AI and cybersecurity.
I still believe that.
But "do not panic" does not mean "do nothing". It certainly does not mean that organisations can keep doing exactly the same thing, at exactly the same speed, with exactly the same assumptions.
And one of those assumptions may be quietly dying in front of us: the idea that organisations have weeks to fix serious vulnerabilities before attackers can realistically exploit them at scale.
The Old Patching Rhythm
For many organisations, vulnerability management has historically been built around a fairly comfortable rhythm: scan, prioritise, assign, test, patch, report, chase, escalate, and eventually close.
That process was never perfect, but it was familiar. Critical vulnerabilities often had remediation SLAs measured in weeks. High vulnerabilities were sometimes given months. Only the truly urgent cases, the ones...
>>[READ MORE]
Maybe AI won't kill us after all: a more balanced take on AI and CyberSecurity
The doom headlines write themselves.
AI creates infinite zero days. AI will automate hacking at scale. AI will make every developer's code a security liability. Your organisation is exposed. You should be scared.
And sure, some of that is true. We've covered it here before.
But lately, there's been a quieter conversation happening, a growing number of credible voices suggesting that AI might actually move the needle in the right direction for cybersecurity, over the medium to long term. Not instead of the risks, but alongside them. And that's worth talking about.
The Infinite Bug Problem, and the Math
Let's start with Firefox.
Last week, Mozilla released Firefox 150, which patched 271 vulnerabilities, many of them identified with the help of Anthropic's Claude Mythos. That's a remarkable number. Industry coverage predictably focused on the headline figure.
But here's the thing worth sitting with: how many vulnerabilities existed in Fir...
>>[READ MORE]
Infinite Zero Day Machine, so what?
Anthropic just released MYTHOS, a model trained to find zero day exploits.
The security world is buzzing.
But before you panic and rewrite your entire incident response playbook, let's ask the obvious question: does this actually change how you defend your organization?
The answer is yes, but maybe not in the way you think.
Yes, a model that can systematically discover zero days is genuinely significant.
But no, it doesn't render your existing security controls obsolete.
In fact, the fundamentals that have protected you against zero day threats for decades are still your best bet.
So what's really different? And what stays the same?
The Hype Problem
Zero days have always been the boogeyman of cybersecurity.
They're unknown, they're weaponized before patches exist, and up to know, often difficult to find.
But here's the thing, you've never actually been able to prevent them directly.
Your defense stra...
>>[READ MORE]
Racing to AI: Don’t Forget the Rules of the Road
Artificial Intelligence is moving faster than almost any technology in history.
Organizations are racing to adopt AI, seeing it as a tool that can accelerate decision-making, improve productivity, and unlock new capabilities.
Yet, while AI is a tremendous enabler, diving in headfirst without fully understanding it carries cybersecurity and data privacy risks, and mistakes are just waiting to happen.
To understand the potential pitfalls, consider a historical analogy: when cars were first invented, society still relied on horses and carriages.
Roads, regulations, and safety systems didn't exist overnight.
Imagine if, one day, everyone suddenly switched to cars, with no driving experience, no rules of the road, and no safety measures like seat belts or airbags.
The result would have been chaos (and it was in some part of the world with cars early adopters)
That's essentially what's happening with AI today.
Organizations...
>>[READ MORE]
When Microsoft Turns Against You: Hackers Wipe Thousands of Devices
Microsoft Intune is used by many organisation as a security/admin tool to manage endpoints, ensure they have the correct security controls, the right level of patches, only certain authorised applications, etc.
And, as well, when an endpoint/device may get lost, it allows the company/an admin, to remotely wipe the device for security reason.
So what could go wrong?
In March 2026, Stryker Corporation learned a hard lesson: attackers don't always need malware.
By compromising admin credentials, the threat actors leveraged Microsoft Intune to remotely wipe tens of thousands of devices across the organization: laptops, servers, and mobile endpoints.
The attack caused widespread disruption to operations, from order processing to shipping.
Who would ever need to mass wipe out all endpoints in an organisation besides a hacker?
It looks like Microsoft never asked themselves that question...
Because not only is that option there by defau...
>>[READ MORE]
MAURITIUS SECURITY CLUB IS BACK - MU.SCL Season 3!
After many years, we are finally back!
We are happy to confirm our new meeting for the Mauritius Cyber Security Club: MU.SCL.
This FREE to attend meeting will take place at the Flying Dodo Brewing Company in Bagatelle. In there conference room upstairs.
In this new event, the following two talks will be presented:
- Talk1 - 2025 LESSONS FOR 2026 (Sylvain Martinez - ELYSIUMSECURITY): The first talk will provide an overview of the main security stories (horrors) or 2025 and what we can learn about them to make 2026 more secured.
- Talk2 - AI, ENABLER OR THREAT? (Sylvain Martinez - ELYSIUMSECURITY): The second talk will look at the latest news related to Artificial Intelligence, how it is used to enhance security protections but also used to facilitate more sofisticated attacks. We will also touch on what it may means for our future security jobs/roles!
>>[READ MORE]
Notepad++ and the joy of shadow IT application procurement
Last month the maintainer of Notepad++ published a disclosure that will make any developer or sysadmin uncomfortable.
For about six months, from June through December 2025, the software's update mechanism had been hijacked by a Chinese state-sponsored threat actor.
Every time a targeted user hit "Check for Updates", they were potentially downloading malware instead of a legitimate new version, and the installer looked and behaved exactly like the real thing.
Notepad++ is not a niche tool. It is one of the most widely installed text editors in the world, used daily by developers, system administrators, network engineers, and security professionals.
That demographic is precisely why it was targeted. In enterprise environments, these are often the most privileged users on the network. Compromise their workstation through a trusted update and you have bypassed the perimeter entirely.
The attackers did not touch a single line of Notepad++ source code. They...
>>[READ MORE]
Apple's Spyware Alerts and 2025 closing thoughts!
On 2 December 2025, Apple sent threat notifications to users in 84 countries - one of the largest single waves since the programme launched.
Not a security tip.
A direct, personal warning: your device may have been targeted by state-sponsored attackers. Apple reserves these alerts for situations where it believes a user is being hunted by well-resourced, sophisticated operators. Custom operations. Expensive. Almost always government-connected.
The alerts landed in the middle of a coordinated disclosure by Google, Amnesty International, and a consortium of investigative journalists focused on Intellexa - the company behind the Predator spyware platform. Already sanctioned twice by the US government, Intellexa had simply adapted: setting up shell companies to infiltrate advertising networks, and deploying a new infection method called "Aladdin" that silently compromises a device through a targeted banner ad.
There was no link to click, no file to open. Just an...
>>[READ MORE]