The Australian cyber threat landscape has intensified significantly over the last 24 hours, with critical developments impacting the healthcare, retail, and SaaS sectors. Today’s briefing highlights a new zero-day exploit in Microsoft Office, a confirmed breach at a major fertility provider, and the emergence of "World Leaks" targeting global brands with Australian operations.

Top Priority: Critical Vulnerability Alerts

Microsoft Office Zero-Day (CVE-2026-21509) In the last 24 hours, Microsoft has issued emergency guidance for a high-severity zero-day vulnerability (CVE-2026-21509) currently being exploited in the wild. This flaw allows attackers to bypass security features locally by leveraging untrusted inputs in Office files.

• Impact: User interaction is required (opening a malicious file), but successful exploitation can lead to code execution.
• Action: Organisations must apply the out-of-band patch immediately, particularly for Office 2021 and Microsoft 365. Temporary registry mitigations are available for older versions.

ServiceNow AI "BodySnatcher" Vulnerability A severe privilege escalation flaw has been discovered in ServiceNow’s Now Assist AI agents. Dubbed "BodySnatcher", this vulnerability allows unauthenticated attackers to hijack AI workflows and create administrative backdoors. As Australian enterprises race to adopt AI-driven SaaS tools, this serves as a stark warning to audit AI permissions rigorously.

Sector Intelligence & Incidents

Healthcare: Genea Data Breach Confirmed

Australia’s healthcare sector continues to be a primary target. Genea, a leading fertility and IVF provider, has confirmed a cyber attack resulting in the exfiltration of sensitive patient data.

• Status: Stolen records have reportedly appeared on the dark web.
• Analysis: This incident follows a disturbing trend of extortion-based attacks on specialist medical clinics in Australia (e.g., the Point Lonsdale and O&G incidents late last year). The sensitivity of the data makes extortion attempts highly likely.

Retail & eCommerce: Nike Investigating "World Leaks" Claims

Global sportswear giant Nike is investigating claims by the "World Leaks" ransomware gang, who allege they have stolen 1.4TB of internal data. While the full impact on Australian customers is being assessed, this group is known for shifting from encryption to pure data-theft extortion.

• Risk: Potential exposure of customer PII and partner supply chain data.

Education: Fallout from Victorian Schools Attack

The education sector remains on high alert following the Victorian Department of Education breach earlier this month, which impacted over 1,700 government schools.

• Update: Forensic analysis suggests the initial vector involved compromised staff credentials. Educational institutions are urged to accelerate the rollout of phishing-resistant Multi-Factor Authentication (MFA) to prevent lateral movement.

FinTech: Regulatory Heat & Data Leaks

• Airwallex Audit: The Australian Transaction Reports and Analysis Centre (AUSTRAC) has ordered an external audit of FinTech unicorn Airwallex over suspected AML/CTF compliance failures. This signals a tougher regulatory stance on the FinTech sector’s risk management practices.
• Prosura Breach: Fallout continues from the Prosura (car rental insurance) breach, where 300,000 customer records were exposed. Attackers are actively selling this data, increasing the risk of targeted phishing campaigns against policyholders.

IoT & Edge Security

• WatchGuard Firebox Exploitation: Active exploitation of a critical vulnerability (CVE-2025-14733) in WatchGuard Firebox devices continues. Attackers are using this to gain initial access to small-to-medium business networks.
• Konni Threat Actor: New intelligence indicates the North Korean-linked threat actor Konni is targeting blockchain developers in Australia. The group is using malicious project documentation and AI-generated PowerShell backdoors to compromise development environments.

Summary & Recommendations

The last 24 hours have demonstrated that no sector is immune. From AI-driven SaaS vulnerabilities to zero-day exploits in ubiquitous office software, the attack surface is expanding.

Immediate Actions:

1. Patch Microsoft Office across all endpoints immediately.
2. Audit AI Integrations (specifically ServiceNow) for privilege escalation risks.
3. Monitor Vendor Risk, particularly if your organisation interacts with Genea or Nike.
4. Reinforce DevSecOps, especially for blockchain and FinTech teams targeted by state-sponsored actors like Konni.

Contact us for a quote for penetration testing service or adversary simulation.