Executive Summary As Australian organisations operate with skeleton staff over the Boxing Day public holiday, the cyber threat landscape has intensified significantly in the last 24 hours. Threat actors are actively capitalising on reduced monitoring capabilities and the surge in e-commerce traffic. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has escalated warnings regarding critical exploits in edge devices, while the retail and fintech sectors face a barrage of sophisticated API abuse campaigns.

Critical Alert: WatchGuard Firebox Exploitation (CVE-2025-14733) The most pressing threat identified in the last 24 hours is the active, widespread exploitation of a critical authentication bypass vulnerability in WatchGuard Firebox devices (CVE-2025-14733).

• The Threat: Unauthenticated remote attackers are gaining administrative access to edge firewalls, allowing them to disable security controls and pivot into internal networks.
• Impact: This serves as a primary entry point for ransomware groups targeting the Education and Government sectors, which are currently vulnerable due to holiday shutdowns.
• Action: Immediate patching or isolation of management interfaces is mandatory.

Sector-Specific Threat Intelligence

• eCommerce & FinTech: The Boxing Day Siege With the Boxing Day sales in full swing, our analysis detects a sharp rise in Broken Object Level Authorisation (BOLA) attacks targeting retail APIs. Cybercriminals are manipulating API endpoints to access customer PII and loyalty points. Furthermore, FinTech payment gateways are seeing an uptick in "Deepfake" social engineering, where AI-generated voice vectors are used to authorise fraudulent high-value transactions, bypassing traditional voice biometric security.

• Healthcare: Persistent Targeting by Funksec Following the recent trend of targeting peripheral health organisations, the threat group 'Funksec' has been observed scanning for unpatched web applications in the Healthcare sector over the last 24 hours. Their focus has shifted to third-party API integrations used for patient booking systems, exploiting trusted connections to move laterally into core hospital networks.

• SaaS & Cloud: The React2Shell Fallout Exploitation of the 'React2Shell' vulnerability (CVE-2025-55182) in React Server Components continues to plague SaaS providers. Despite patches being available, threat actors are leveraging automated scanners to identify and compromise updated instances that failed to rotate compromised session keys. We are observing 'extortion-only' attacks where data is exfiltrated from cloud environments without encryption, aimed at forcing rapid payouts.

• Government & Critical Infrastructure State-sponsored actor Salt Typhoon remains active, with new indicators of compromise (IoCs) suggesting a focus on telecommunications infrastructure used by government agencies. This aligns with the recent ACT Audit Office findings on severe access control weaknesses, making identity management a critical vector.

• IoT & Smart Systems A new wave of attacks targeting IoT building management systems (BMS) has been detected, specifically exploiting legacy protocols in smart HVAC systems to gain a foothold in corporate networks. This 'shadow IoT' risk is critical as facilities are largely unmanned during the break.

Emerging Technologies: AI & API Threats

• Agentic AI: We are witnessing the deployment of "Agentic AI" malware that autonomously adapts its behaviour to evade detection. These AI-driven agents are currently being used to speed up privilege escalation in compromised cloud environments.
• API Security: The volume of API traffic during the sales period has masked low-and-slow data scraping attacks. Security teams must analyse traffic for anomalous data egress patterns, not just volumetric spikes.

Recommendations

1. Patch WatchGuard Devices Immediately: Prioritise CVE-2025-14733 remediation.
2. Monitor API Traffic: Implement strict rate limiting and behaviour analysis on checkout and payment APIs.
3. Verify High-Value Transactions: profound scepticism should be applied to urgent payment requests; verify via secondary channels to counter AI deepfakes.
4. Enhance On-Call Readiness: Ensure escalation paths are clear for the remainder of the holiday period.

Contact us for a quote for penetration testing service or adversary simulation.