Threat intelligence
What's being exploited, and what to do about it.
Weekly-ish posts from the Lunarlink team on what's moving in vendor advisories, CVEs, and field incidents — written for facilities and security-operations readers, not CISOs.
Editorial stance
We publish what we see in the field, attributed where possible and sourced where not. No speculation, no vendor beat-downs — just what matters to someone running a commercial security system this quarter.
- High·Axis Communications
Axis advisory — stale firmware across third-party installs
A non-trivial share of Axis cameras we audit in the GTA are running firmware more than 18 months old. Combined with default credentials, this is the single most common exposure we see.
Read full advisory → - Info·Verkada
Verkada & cloud-video residency — what changed post-2021 breach
After the 2021 breach exposed footage from thousands of client sites, Verkada published an expanded security architecture. Here's what it actually addresses — and what clients still need to verify.
Read full advisory → - Critical·Dahua / Hikvision
Dahua / Hikvision NVR exposure — unchanged in 2026
Four years into the known vulnerability window, Dahua and Hikvision NVRs remain the single most commonly-exploited physical-security asset in Canada. The right response isn't patching — it's replacement.
Read full advisory → - Medium·Multiple
LPR data handling — emerging municipal and provincial scrutiny
Licence plate recognition is powerful and, increasingly, regulated. Here's what changed in 2026 and how it affects commercial deployments.
Read full advisory → - High·Multiple
Credential phishing targeting facilities staff
We've seen a rise in phishing targeting facilities and property managers — asking them to approve access or reset credentials on behalf of a 'new vendor'. The pattern is identifiable and stoppable.
Read full advisory →
Get these via email
Want the advisories in your inbox?
Drop us a line at info@lunarlinksolutions.com with “threat intel subscribe” in the subject. No marketing list, no upsell — just the same posts we publish here.