Daily Threat Briefing: Defence Supply Chain Breach, AI RCEs & Critical Telco Fines

As we settle into December, the Australian cyber threat landscape is already heating up. In the last 24 hours, we’ve seen a major breach in the Defence supply chain, significant regulatory action against a local telco for anti-scam failures, and the discovery of a critical vulnerability in a widely used AI inference engine.

For security teams across Healthcare, FinTech, and Government, today’s briefing highlights the critical need for supply chain vigilance and rigorous identity verification.

Top Story: Defence Supply Chain Compromise

Target: IKAD Engineering Sector: Government / Defence Industry Breaking news indicates a significant cyber incident involving IKAD Engineering, a key contractor in the Australian Defence supply chain. Reports suggest that threat actors have breached the organisation's network, exposing potential risks to Australia’s weapons programs and sensitive defence projects.

  • Impact: This incident underscores the "soft underbelly" of national security—third-party suppliers. While government agencies harden their own perimeters, adversaries are aggressively targeting smaller contractors with privileged access or sensitive technical data.
  • Action: Defence contractors and sub-contractors must immediately review their external attack surface and strictly enforce the Essential Eight maturity levels, particularly regarding remote access and patch management.

Regulatory & FinTech: Southern Phone Fined $2.5m

Sector: Telecommunications / FinTech The Australian Communications and Media Authority (ACMA) has handed down a massive $2.5 million penalty to Southern Phone Company.

  • The Issue: An investigation revealed that the telco failed to comply with anti-scam rules on over 160 occasions. Scammers successfully bypassed identity verification processes, allowing them to hijack customer mobile numbers (SIM swapping).
  • Why it Matters: For FinTech and banking sectors, this is a critical alert. SIM swapping is a primary vector for defeating SMS-based Two-Factor Authentication (2FA). The failure of a telco to verify identities directly threatens the integrity of financial accounts protected by mobile 2FA.
  • Action: FinTechs should accelerate the move away from SMS-based 2FA towards FIDO2 hardware keys or app-based authenticators to mitigate reliance on telco security.

Emerging Tech: Critical AI Remote Code Execution (RCE)

Target: AI Systems / SaaS Providers Vulnerability: vLLM Inference Engine (Versions 0.10.2+) A critical vulnerability has been disclosed in vLLM, a popular high-throughput and memory-efficient LLM serving engine used by many SaaS and AI providers.

  • The Threat: Security researchers discovered that attackers can trigger Remote Code Execution (RCE) or crash servers simply by sending malicious prompt embeddings to the Completions API.
  • Significance: As Australian organisations rush to deploy private AI models, the security of the underlying inference infrastructure is often overlooked. This flaw allows an attacker to break out of the model sandbox and compromise the host server.
  • Action: AI engineering teams must update vLLM immediately and isolate inference servers from critical internal networks.

Infrastructure & Cloud Security

Sector: SaaS / Cloud Two other notable technical threats have emerged in the last 24 hours:

  1. HashiCorp Vault Misconfiguration (CVE-2025-13357): A default setting in the Vault Terraform Provider could allow anonymous LDAP binds, potentially exposing secrets and encryption keys. DevOps teams using Terraform to manage Vault must verify their deny_null_bind configurations immediately.
  2. GitLab Credential Leaks: New research released yesterday identified over 17,000 exposed credentials (including Google Cloud and OpenAI keys) in public GitLab repositories. Developers are urged to rotate keys and implement automated secret scanning in their CI/CD pipelines.

Sector Watch: Healthcare & IoT

  • Healthcare: Following the Point Lonsdale Medical Group incident late last month, the sector remains on high alert. Ransomware groups are actively scanning for unpatched VPN concentrators and RDP endpoints in Australian medical centres.
  • IoT: A new Mirai-based botnet, ShadowV2, has been observed exploiting unpatched routers and NAS devices. A critical authentication bypass in ASUS routers (CVE-2025-59366) is currently being weaponised; organisations with remote workforce fleets should ensure home office devices are patched.

Conclusion

Today's events serve as a stark reminder that compliance and configuration management are just as critical as advanced threat detection. Whether it's a misconfigured Terraform provider, a lapse in identity checks at a telco, or an unpatched AI engine, basic hygiene failures continue to offer adversaries the easiest path to compromise.

Contact us for a quote for penetration testing service or adversary simulation.

Contact us for a quote