Skip to main content
OpasSecure Ltd

Advisories, written for African defenders

Between the flagship report, OpasLabs issues shorter threat advisories — each with a severity, the sectors it touches, and mitigation guidance you can act on. The latest are below.

Latest OpasLabs advisories

Bulletins from the OpasLabs research programme — each with its severity, the sectors it touches, and a plain-language summary of what to do.

  • High
    BankingTelcoSACCO

    Active SIM-swap campaign targeting Kenyan mobile banking users

    OpasLabs has identified an active campaign exploiting SIM-swap vulnerabilities across Kenyan MNOs. Targeting mobile banking and M-PESA-linked accounts. IOCs and mitigation guidance included.

  • Critical
    BankingFintechTelco

    Mobile Money Fraud Tactics: April 2026 Review

    Quarterly review of mobile-money fraud patterns observed across East African markets. Three new TTPs documented this quarter. STIX bundle available to OpasIntel subscribers.

  • High
    SACCOFinancial Services

    Ransomware campaigns targeting Kenyan SACCOs - Q1 2026 update

    Continued activity from three threat clusters documented in our 18-month SACCO ransomware research. New initial access vector observed. Patch priority list included.

  • Medium
    NGOEducation

    Business email compromise targeting CFOs at East African NGOs

    Spear-phishing campaign impersonating donor organizations targeting NGO finance staff. Wire transfer fraud via convincing domain lookalikes. Indicators and awareness guidance included.

  • Medium
    GovernmentPublic Sector

    Credential stuffing attacks on eCitizen and government portal accounts

    Automated credential stuffing using breach databases from prior Kenyan data incidents. Government portal accounts with weak passwords being compromised at scale.

  • Low
    FintechSoftware

    Supply chain risk: compromised open-source packages affecting Kenyan fintech developers

    Three npm packages popular with East African fintech developers found to contain malicious payloads. Package names, versions, and removal instructions included.

STAY AHEAD OF THE THREAT

Get advisories as they publish

Register to hear the moment new OpasLabs advisories go out — and when the State of African Cybersecurity report lands.