releases
Releases
Notes, articles and updates from the team. This is the home for our writing; some posts are also shared on Medium.
How AI Actually Works: A Plain English Guide
A plain-English explanation of how modern AI works, covering everything from what a language model is to what MCP is and why it matters, without the buzzwords.
- Artificial Intelligence
- LLM
- Security
Identity Is Now the Perimeter
As cloud services and remote work erode the network boundary, stolen credentials have become the main way attackers get in. This article explains how credential theft works, why MFA alone is not enough, and which identity controls actually help.
- Identity Security
- Credential Theft
- MFA
NPM's Security Problem Isn't Going Away
A look at the history of npm supply chain attacks, why they keep happening, and practical defences for teams that use or maintain npm packages.
- NPM
- Supply Chain
- Application Security
The Stryker Attack: No Malware Required
An analysis of the March 2026 attack on Stryker, where attackers abused the company's own Microsoft Intune device management platform to wipe devices at scale without deploying any malware.
- Incident Analysis
- Device Management
- Identity Security
Infostealers: The Silent Threat Behind New Zealand's Biggest Cyber Risks
Infostealers like Lumma Stealer quietly harvest passwords and session cookies, and they are a common first step in attacks against New Zealand businesses. This post explains how they work and what organisations can do.
- Infostealers
- Malware
- New Zealand
What Is a Zero-Day and Why It Matters for Everyone
A plain-English explanation of what zero-day vulnerabilities are, where they show up, and why keeping everything updated is the best defence for individuals and businesses alike.
- Zero-Day
- Vulnerabilities
- Patching
Cloud Misconfigurations: Little Mistakes Can Get You Breached
A look at how everyday AWS misconfigurations across EC2, IAM, S3, and Lambda lead to breaches, and the ongoing review habits that keep cloud environments secure.
- Cloud Security
- AWS
- Misconfiguration
How to Write an Executive Summary
The executive summary is the most important page of a penetration test report. This article explains how to write one that is clear, concise, and focused on business impact and next steps.
- Penetration Testing
- Reporting
- Executive Summary
Ransomware at the Airport
A September 2025 ransomware attack on Collins Aerospace disrupted major European airports, a reminder that when a supplier is breached, your own business operations may stop too.
- Ransomware
- Business Continuity
- Supply Chain
Security in CI/CD Pipelines
A practical guide to the security checks every small team should run in their CI/CD pipeline, covering SAST, DAST, dependency scanning, secrets detection, container and IaC scanning, and where to begin.
- CI/CD
- DevSecOps
- Application Security
Cloud Migration Security Risks for NZ SMEs
New Zealand SMEs moving to AWS, Azure, and other cloud platforms face real but manageable security risks, most of them caused by misconfiguration rather than platform flaws. This guide covers the shared responsibility model and practical best practices.
- Cloud Security
- SME Security
- AWS
Cyber insurance in New Zealand: what insurers expect you to do to stay covered
New Zealand cyber insurers expect controls like MFA, patching, tested backups, and regular security testing, and they hold you to your proposal answers. This post explains those expectations and how to stay covered at claims time.
- Cyber Insurance
- New Zealand
- Risk Management
Security Vulnerabilities in Fortinet Products: Causes and Comparative Analysis
An analysis of why Fortinet products appear so often in security advisories, covering root causes in their code and architecture, with a comparison of CVE track records against Palo Alto Networks and Cisco.
- Fortinet
- Vulnerabilities
- Network Security
The Difference Between a Vulnerability Scan, a Penetration Test, and a Red Team Exercise
An explanation of how vulnerability scans, penetration tests, and red team exercises differ, and guidance on which approach suits different organisations.
- Penetration Testing
- Vulnerability Scanning
- Red Team
Ransomware: A Critical Cyber Security Threat to New Zealand Businesses
An overview of how modern ransomware operations work and the practical steps New Zealand SMEs can take to protect themselves, with backups and MFA as the top priorities.
- Ransomware
- SME Security
- New Zealand
Pen Testing Your Mobile Application (and Its API)
Mobile apps and the APIs behind them both need proper penetration testing. This article explains what mobile app and API testing involves and why New Zealand development teams should invest in it.
- Mobile Security
- Penetration Testing
- API Security
MFA-Fatigue Attacks and MFA Guidance
MFA-fatigue attacks overwhelm users with authentication prompts until they approve one. This guide explains how the attacks work, why NZ businesses are exposed, and which MFA controls actually defend against them.
- MFA
- Identity Security
- Phishing
A Quick Guide to Password Managers
A plain-English guide to how password managers work, why they matter for New Zealand consumers and SMEs, and how to choose and use one securely.
- Password Managers
- Authentication
- SME Security
Critical Citrix NetScaler Flaw (CVE-2025-5777), What NZ Businesses Need to Know
CVE-2025-5777 is a critical unauthenticated memory read flaw in Citrix NetScaler ADC and Gateway that can expose session tokens. This post explains the risk and how NZ businesses should patch and respond.
- Citrix
- CVE
- Patching
Why Penetration Testing Matters for New Zealand Businesses in 2025
Penetration testing simulates a real cyberattack to find your vulnerabilities before an attacker does. Here is what it involves and why it matters for NZ businesses in 2025.
- Penetration Testing
- New Zealand
- SMB Security
SharePoint "ToolShell" Vulnerability (CVE-2025-53770)
A breakdown of the critical SharePoint on-premise ToolShell exploit chain that allows unauthenticated remote code execution, including how it works and the steps needed to patch, detect, and remediate it.
- SharePoint
- Vulnerabilities
- Incident Response
What NZ Businesses Need to Know Before Deploying AI Chatbots
A practical guide to the security, data handling, and risk mitigation considerations New Zealand businesses should address before deploying a generative AI chatbot.
- AI Security
- Chatbots
- Data Protection
Shorter SSL Certificate Lifespans Are Coming – What NZ Businesses Should Know
SSL/TLS certificate lifespans are being shortened to 47 days by March 2029. This explains the timeline, the reasons behind it, and practical steps NZ businesses can take to prepare through automation.
- SSL/TLS
- Certificates
- Automation
Penetration Testing, An Ally for Your IT Support and Development Teams
Penetration testing works alongside your IT provider and developers to uncover vulnerabilities that regular controls may miss. This article explains how pen testing supports MSPs, developers, and small businesses across New Zealand.
- Penetration Testing
- MSP
- Small Business
How Secure Is Your Business Wi-Fi?
Poorly configured wireless networks are a common source of internal security vulnerabilities. This guide explains how corporate, BYOD, and guest Wi-Fi networks should each be secured for NZ small and medium businesses.
- Wi-Fi Security
- Wireless
- SMB Security
Scattered Spider: What NZ Small Businesses Need to Know
Scattered Spider is a cybercrime group known for social engineering attacks on major companies. This article explains who they are, how they operate, and what New Zealand small businesses can do to protect themselves.
- Cybercrime
- Social Engineering
- Small Business
Why Printer Vulnerabilities Are a Serious Business Risk
Printers and multi-function devices are often overlooked in security plans, yet they regularly give attackers a foothold into otherwise well-protected networks. This article explains the risk and how to secure network-connected devices.
- Printer Security
- Network Security
- Vulnerabilities
Kiwi Businesses: Here's What the NCSC's 2023–24 Report Means for You (And What You Can Do About It)
A breakdown of the NCSC's 2023 to 24 cyber incident figures for New Zealand SMBs and the practical, low-cost steps businesses can take to reduce their risk.
- NCSC
- SMB Security
- Phishing
SecureStart – Business Essentials
A plain-language guide to the cyber security essentials for NZ businesses, covering assets, accounts, MFA, phishing, backups, updates, encryption, and incident response with practical step-by-step actions.
- Cyber Security
- Small Business
- Best Practices
Using Nmap in Security Testing
A practical overview of how Nmap is used during penetration tests, covering the common scan options and how to automate scanning of multiple subnets with bash for-loops.
- Nmap
- Penetration Testing
- Network Security
How to Use Nmap for Network Troubleshooting: A Guide for IT Support Consultants
Nmap is often associated with penetration testing, but it is also a powerful tool for everyday IT support. This guide shows how to use Nmap to check firewall rules, verify services, and diagnose connectivity issues.
- Nmap
- Network Troubleshooting
- IT Support
Proud to Be a Pae Hokohoko & GETS Approved Supplier
Cyberoptic Security has been appointed as an approved supplier on both the Department of Internal Affairs' Pae Hokohoko Marketplace and the Government Electronic Tenders Service (GETS), streamlining procurement for NZ government agencies and larger corporates.
- Company News
- Government
- Procurement
Customised Cyber Security Solutions for Small to Medium Enterprises
How Cyberoptic Security Limited provides tailored cyber security services for small to medium businesses, including penetration testing, secure configuration reviews, and vulnerability scanning.
- Cyber Security
- Penetration Testing
- Small Business