The Australian cyber threat landscape has intensified significantly over the last 24 hours. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued a joint advisory regarding pro-Russia hacktivist groups targeting critical infrastructure. Simultaneously, a critical vulnerability in a widely used web development framework has put SaaS and eCommerce platforms on high alert. Our analysis today highlights a major breach in the Defence supply chain, a fresh ransomware attack on the retail sector, and emerging risks involving AI agents in identity infrastructure.

The Australian cyber threat landscape has faced a critical escalation over the last 24 hours. The dominant threat is the rapid weaponisation of the React2Shell vulnerability (CVE-2025-55182), which has triggered "Act Now" alerts from the Australian Cyber Security Centre (ACSC). Simultaneously, a disturbing new trend of AI-driven espionage has emerged, alongside confirmed ransomware incidents targeting the Australian retail and eCommerce sectors. Here is your deep dive into the threats impacting Australian organisations today.

The Australian cyber threat landscape for Monday, 08 December 2025, is critically impacted by the rapid exploitation of the newly disclosed React Server Components vulnerability (CVE-2025-55182). Dubbed "React2Shell," this campaign is currently being leveraged by state-sponsored actors and cybercriminal syndicates alike to compromise web applications across the SaaS, FinTech, and Government sectors. Simultaneously, ransomware groups are shifting tactics towards "extortion-only" attacks, bypassing encryption to focus solely on data exfiltration and leverage.

The Australian cyber threat landscape has seen a critical escalation over the last 24 hours. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued urgent alerts regarding a maximum-severity vulnerability in widely used web frameworks, while ransomware groups continue to aggressively target the nation’s supply chains. Today's briefing analyses the immediate risks to Healthcare, FinTech, and Government sectors, alongside critical vulnerabilities in AI and cloud infrastructure.

The last 24 hours have seen a significant escalation in web application threats with the disclosure of a critical Remote Code Execution (RCE) vulnerability in the React framework, dubbed "React2Shell". Australian organisations—particularly in the eCommerce and SaaS sectors—are also facing a renewed wave of ransomware activity, with prominent fashion retailers and logistics providers targeted by the INC Ransom and Qilin groups. Simultaneously, mobile security remains a priority as Google patches actively exploited zero-days affecting Android devices. Here is your daily deep dive into the threat landscape affecting Australian businesses.

The last 24 hours have seen a significant escalation in cyber activity targeting Australian critical infrastructure and commercial sectors. The Australian Cyber Security Centre (ACSC) has issued a critical alert regarding a vulnerability in React Server Components, while ransomware groups have successfully breached targets across the Government, Defence, and FinTech sectors. Today's briefing analyses these active threats, highlighting a disturbing trend of supply chain compromises and API misconfigurations that are leaving organisations exposed.

As we settle into December, the Australian cyber threat landscape is already heating up. In the last 24 hours, we’ve seen a major breach in the Defence supply chain, significant regulatory action against a local telco for anti-scam failures, and the discovery of a critical vulnerability in a widely used AI inference engine. For security teams across Healthcare, FinTech, and Government, today’s briefing highlights the critical need for supply chain vigilance and rigorous identity verification.

The last 24 hours have seen a significant surge in ransomware activity and critical infrastructure targeting across Australia. The Australian Cyber Security Centre (ACSC) and industry watchdogs have issued multiple alerts regarding active exploitation of network edge devices. Prominent threat actors, including KillSec, Space Bears, and RipperSec, have claimed successful breaches against Australian targets in the Government, FinTech, and Education sectors. Organisations are urged to prioritise patching critical vulnerabilities in Cisco and Microsoft infrastructure immediately, as threat actors are weaponising these flaws for initial access.