LEMON BLOG

Microsoft’s New Defender Update for Windows Install Media Is a Small Change That Solves a Real Security Problem

Cybersecurity | 09 March 2026

Microsoft has rolled out a fresh Microsoft Defender update package for Windows installation media, and while this may sound like a niche maintenance task for IT admins, it actually addresses a very practical security issue.

MACC’s Role in Shutting Down LeakBase Shows Malaysia’s Growing Cybercrime Enforcement Reach

Cybersecurity | 08 March 2026

Malaysia has been pulled into a major international cybercrime enforcement effort after the Malaysian Anti-Corruption Commission, better known as MACC or SPRM, confirmed that it helped disrupt infrastructure linked to the LeakBase cybercrime forum. T...

Malaysia’s Under-16 Social Media Plan Isn’t a Total Ban, But It Changes Who Holds the Keys

Cybersecurity | 05 March 2026

Malaysia's plan to restrict social media access for children aged 16 and below is starting to look a lot more specific than the early headlines suggested. Communications Minister Fahmi Fadzil recently clarified that the intention isn't to block young...

CIMB Says the “Data Breach” Talk Isn’t True

Cybersecurity | 05 March 2026

If you spend any time on social media, you've probably noticed how fast cybersecurity rumours can spread. One dramatic post turns into a thread, then screenshots start flying around, and suddenly people are convinced a major company has been hacked.

Weekly Cybersecurity Recap: One Week, Many Small Cracks

Cybersecurity | 04 March 2026

Some weeks are dominated by one headline breach. This one wasn't. Instead, it showed something more useful (and more uncomfortable): how modern attacks are increasingly built from "small" weaknesses. An exposed key here, a misconfigured access rule t...

CryptoPro Secure Disk For BitLocker: Two Vulnerabilities That Matter If Someone Gets Physical Access

Cybersecurity | 03 March 2026

Disk encryption is supposed to be your "last line of defence." If your laptop goes missing, the idea is simple: the data stays locked, even if the device is in the wrong hands. But that protection can get messy when encryption is paired with third-pa...

Multiple VS Code Extension Vulnerabilities: Why This Matters More Than A Typical “Plugin Bug”

Cybersecurity | 03 March 2026

If you use Visual Studio Code daily (or you manage developer machines in an organisation), this isn't the kind of advisory to brush off as "just another extension issue." Security researchers have flagged multiple vulnerabilities across widely used V...

A More Down-to-Earth Internet Safety Push in 2026

Cybersecurity | 02 March 2026

For 2026, the Malaysian Communications and Multimedia Commission (MCMC) is taking a noticeably more "meet people where they are" approach with its Internet Safety Campaign (KIS). Instead of relying mainly on formal talks and broad messaging, the focu...

SolarWinds Serv-U 15.5: Four Critical Bugs, One Clear Message — Patch Now

Cybersecurity | 27 February 2026

If you run SolarWinds Serv-U in your environment, this is one of those updates you don't "schedule for later." SolarWinds just shipped fixes for four critical flaws in Serv-U 15.5 that could lead to remote code execution (RCE) with root-level privile...

The OpenClaw Hype: What People Are Saying, and What’s Actually Happening

Cybersecurity | 27 February 2026

OpenClaw began the way a lot of open-source tools begin: a developer scratching a personal itch. The original idea was pretty relatable. Let an AI helper do the boring stuff like sorting email, managing schedules, and keeping notes organized, while y...

MOSTI Pushes Back on MyDigital ID “Leakage” Claims After Auditor-General’s Report

Cybersecurity | 26 February 2026

The MyDigital ID project is back in the spotlight, this time because of concerns raised in the Auditor-General's Report 1/2026. The report highlighted RM28.13 million in spending that didn't match what was approved by the relevant committee, and that...

Viral “RM500 Ramadan Aid” Posts Are Fake, MOF Says

Cybersecurity | 24 February 2026

Every year around Ramadan, the internet suddenly becomes "generous." A poster pops up, a link appears, and before you know it, people are forwarding it in family WhatsApp groups like it is official news. This time, the claim making the rounds is a su...

SMS Scams Are Getting Trickier, Thanks to “Fake BTS” Devices

Cybersecurity | 24 February 2026

If you feel like scam SMS messages are getting harder to avoid lately, you are not imagining it. Malaysia has been tightening rules, improving filtering, and running enforcement operations for years, but scammers keep adapting. One of the biggest hea...

React2Shell Isn’t “Old News” Yet. Attackers Are Still Mapping the Internet for It

Cybersecurity | 23 February 2026

If you've been treating React2Shell as a December problem that everyone patched and moved on from, the last couple of months are a reminder that the internet doesn't work that way.

A New Microsoft Word Zero-Day is Being Exploited, and it Can Slip Past the Usual Safety Prompts

Cybersecurity | 20 February 2026

If your day involves opening Word files from emails, shared drives, or chat apps, this is the kind of security warning that shouldn't sit around waiting for "when we have time." Security teams are tracking a new Microsoft Word zero-day that's already...

Chrome has Another Actively Exploited Zero-Day, and The Fix is “Update Right Now”

Cybersecurity | 20 February 2026

If you use Google Chrome on desktop, this is one of those security stories where the boring advice is also the correct advice: update immediately. Google has released urgent security updates for a zero-day vulnerability that's already being actively...

Grok AI Misuse Leaves Victims in Indonesia and Malaysia Feeling Humiliated, But is a Ban Enough?

Cybersecurity | 19 February 2026

It starts the way a lot of online harm starts these days: fast, public, and completely out of the victim's control. An Indonesian singer and public figure, Fransisca Saraswati (also known professionally as Sisca Saras), discovered an AI-generated ima...

OpenClaw Adds VirusTotal Scanning After Malicious Skills Were Found on ClawHub

Cybersecurity | 10 February 2026

If you've been watching the rise of "agentic AI" tools, you'll know the pitch is simple: give an AI assistant the ability to actually do things, not just talk about them. Trigger workflows. Read files. Connect to services. Run tasks across your devic...

Django just patched a cluster of high-risk bugs

Cybersecurity | 09 February 2026

A new security advisory flags multiple vulnerabilities in the Django web framework, and the overall message is pretty clear: if you run Django in production, this is an update you should treat as urgent. The advisory describes a mix of SQL injection...

A quick security heads-up for Chrome users

Cybersecurity | 09 February 2026

If you use Google Chrome on Windows, macOS, or Linux, this is one of those updates you don't want to "get around to later." A security advisory from Akati Sekurity highlights two high-severity Chrome vulnerabilities that could expose users to arbitra...