Topic
Caribbean Cybersecurity
Cybersecurity policy, incidents, resilience, skills, and institutions across the Caribbean.
Latest stories
News and analysis
Reporting, release notes, research, and technical guidance from across the industry.
Regional reporting
From the Caribbean
News and developments from across the region.
Operational watch
Global advisories for Caribbean defenders
A wider view of threats and defensive guidance that matter to organisations across the region.
ClickLock stealer bypasses macOS protections
Attackers pair social engineering with process termination to get around safeguards that users normally rely on.
Read the article at SecurityWeek ↗Zoom fixes a critical account-takeover flaw
Administrators should confirm their tenants are protected and review the conditions that made the vulnerability exploitable.
Read the article at BleepingComputer ↗Why fake OAuth client IDs are gaining traction
Proofpoint explains how client-ID spoofing makes malicious authorisation requests look more trustworthy than they are.
Read the article at Proofpoint ↗CISA urges immediate SharePoint hardening
Defenders are being told to apply mitigations and hunt for compromise as exploitation activity increases.
Read the article at Computerworld ↗A GKE blueprint for securing AI at enterprise scale
Google Cloud lays out identity, isolation, policy, and observability controls for AI workloads on Kubernetes.
Read the article at Google Cloud ↗Defending SaaS applications from ShinyHunters OAuth abuse
Microsoft maps the attack path and gives defenders concrete controls for consent, tokens, applications, and logging.
Read the article at Microsoft Security ↗CrashStealer poses as an Apple crash-reporting tool
The malware borrows a familiar system prompt to trick macOS users into handing over access.
Read the article at BleepingComputer ↗GhostCommit hides prompt injection inside images
Researchers demonstrate how poisoned visual assets can manipulate coding agents and expose repository secrets.
Read the article at BleepingComputer ↗Passkeys become the default in Microsoft Entra ID
Microsoft details the rollout, policy implications, and migration work administrators should complete.
Read the article at Microsoft Security ↗OpenShell secures the agent that governs a fleet
Tigera looks at containment and network policy for agents with broad infrastructure privileges.
Read the article at Tigera ↗EU expands sanctions against a malicious cyber ecosystem
The package names operators and enablers, giving Caribbean defenders useful context on state-aligned infrastructure and tactics.
Read the article at European Union ↗