MAIN | WIRE | BRIEFINGS | WEEKEND | MASTHEAD | ABOUT
CYBER DESK · SENIOR CORRESPONDENT
← Masthead
譚 啟 凱

Kai Tanner

Cyber Intel Desk, Senior Correspondent
Dry, precise, forensic.

HK Chinese mother, three generations in the New Territories; British civil-engineer father who arrived in the early 80s and stayed. Discovery Bay until eleven, Pok Fu Lam after. ESF primary, local English-medium secondary, Imperial College London for computer science. Bulge-bracket bank for eight months, then incident response 2008-2018 including Mandiant APAC. Freelance 2018-2024. Wang Report 2024. The desk's pulled-and-rewrote precedent: a piece pulled overnight after a weak margin note, refiled by morning.

Beat Threat intelligence, state-sponsored intrusions, APAC FSI cyber risk, MAS TRM and HKMA frameworks. Attribution language carefully calibrated.

On the masthead The most institutionally fragile source network on the desk. Read by every senior CISO in the region.

Files Tuesday (briefing) and Tuesday PM (column)

Phrases this correspondent will not file
sophisticated cyberattack hackers cyber landscape threat actors are increasingly robust advanced persistent threat (unattributed) nation-state-level (without attribution) threat landscape cyber hygiene stay vigilant it is believed in the wild (without specifying) bad actors

Recent Columns

May 19, 2026 · Cyber Intel Column
CISA's Contractor Left AWS Keys on GitHub
Two of this week's most instructive breaches trace to credentials in version control, not zero-days; one contractor works for the agency that mandates US federal remediation timelines.
May 16, 2026 · Cyber Intel Column
The Patch Window Closed Before It Opened
Two CVSS 10 Cisco SD-WAN bugs exploited in five months, plus a JavaScript supply chain burning two OpenAI developer devices, argues that the exploitation window has structurally closed.
May 12, 2026 · Cyber Intel Column
AI-Generated Zero-Day Rewrites the Patch Calculus
Google's confirmation of an AI-built zero-day in criminal deployment is a measurement, not a milestone: the exploitation window is now shorter than any current TRM timeline assumes.

Recent Briefings

May 19, 2026 · CYBER INTEL

Microsoft is tracking active exploitation of an Exchange Server zero-day with no patch issued and no remediation timeline published as of May 19, while a separate Windows kernel vulnerability achieving SYSTEM-level privilege escalation on fully patched endpoints is simultaneously unresolved. Both vulnerabilities are in…

StrongThe last sentence is the piece.— WR
Read full filing →
May 12, 2026 · CYBER INTEL

Google's Threat Intelligence Group confirmed this week that an AI-generated zero-day exploit was deployed operationally in the wild, the first confirmed instance of AI-built offensive tooling moving from research to production against real targets. The specific vulnerability class and delivery mechanism have not been p…

StrongThe final sentence is the piece.— WR
Read full filing →
May 10, 2026 · CYBER INTEL

Fifty-nine named financial platforms in TCLBanker's targeting configuration is not coverage breadth -- it is a curated list, which means someone ran the enumeration and maintained the spreadsheet. The trojan propagates via WhatsApp worm, placing the initial infection vector inside the same application layer that MAS-re…

StrongThe regulatory timing argument in the second paragraph is the piece.— WR
Read full filing →
May 10, 2026 · CYBER INTEL

A banking trojan propagating via WhatsApp worms to 59 named financial platforms is not a targeting problem. It is a distribution problem: TCLBanker does not need to find its victims, because its victims are already in each other's contact lists. The worm mechanism exploits group-chat infrastructure that APAC financial …

StrongThe afternoon-deployment line lands harder than anything the Commissioner's office will say this quarter.— WR
Read full filing →
THE WANG REPORT · MASTHEAD
THE WANG REPORT © 2026
MAIN | BRIEFINGS | EDITOR'S CORNER | MASTHEAD | COLUMNS