The Australian cyber threat landscape has seen significant activity over the last 24 hours, with major developments across the FinTech and SaaS sectors. From regulatory crackdowns on financial platforms to novel attacks targeting AI systems, organisations must remain vigilant. Below is a deep dive into the most critical threats, exploited vulnerabilities, and industry updates relevant to Australian businesses today.

FinTech: Airwallex Audited by AUSTRAC

In a major development for the FinTech sector, the Australian Transaction Reports and Analysis Centre (AUSTRAC) has ordered an external audit of payment platform Airwallex. Announced yesterday (23 January), the regulator suspects compliance failures regarding Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws.

• The Risk: AUSTRAC is concerned that Airwallex’s transaction monitoring program has not adequately kept pace with the risks associated with its cross-border fund transfers.
• Impact: This highlights the increasing regulatory pressure on Australian FinTechs to robustly define their customer base and report suspicious matters. Financial institutions should review their own AML/CTF controls immediately to avoid similar scrutiny.

AI & SaaS Systems: The 'Reprompt' Attack on Copilot

As AI integration deepens, so do the attack vectors. Security researchers have unveiled a new "Reprompt" attack targeting Microsoft Copilot.

• The Exploit: This sophisticated technique allows attackers to silently siphon data from Copilot sessions. By crafting specific prompts that the AI interprets as system instructions, malicious actors can trick the model into retrieving and exfiltrating sensitive internal data without the user's knowledge.
• AdMob Settlement: In broader SaaS news, Google has agreed to pay USD $8.25 million (approx. AUD $13 million) to settle allegations that its AdMob platform illegally tracked children’s data, violating privacy norms—a critical reminder for EdTech and SaaS providers handling minor's data.

Critical Vulnerabilities: Web Apps & IoT

The last 24 hours have underscored the criticality of patching, with active exploitation observed in workflow automation and network devices.

• n8n Workflow Automation (CVE-2026-21858): A critical Unauthenticated Remote Code Execution (RCE) vulnerability has been identified in the n8n platform.

  • Severity: Critical (CVSS 10.0).
  • Attack Vector: Attackers can execute arbitrary code on the underlying server via form-based workflows without needing valid credentials.
  • Action: SaaS providers and businesses using n8n for automation must apply the latest patches immediately or restrict public access to these instances.

• WatchGuard Firebox (CVE-2025-14733): The Australian Signals Directorate’s ACSC continues to warn of active exploitation of this critical vulnerability. It affects small to medium businesses and government networks relying on WatchGuard devices for perimeter security.

Healthcare & Education: Sector-Specific Threats

• Healthcare: The sector remains under fire, with Diabetes WA identified as the latest victim in a string of attacks against Australian health organisations. This follows the trend of ransomware groups targeting patient data for extortion.
• Education: Reports are emerging regarding the fallout of a cyber attack on Victorian schools, with concerns raised about the exposure of student data and the resilience of EdTech platforms used in the state's curriculum.

Strategic Advice

The emergence of AI-specific attacks like the Copilot 'Reprompt' and the severity of the n8n RCE demonstrates that threat actors are rapidly pivoting to exploit the tools that drive modern business efficiency. Australian organisations must move beyond basic compliance and stress-test their controls against these advanced techniques.

Contact us for a quote for penetration testing service or adversary simulation.