Welcome to today's threat briefing. As we approach the end of January, the Australian cyber landscape is seeing significant shifts in government policy and active exploitation of education and financial sectors. Below is a deep dive into the critical threats, incidents, and vulnerabilities observed over the last 24 hours.

Top Story: NSW Government Launches 2026–2028 Cyber Strategy

Just announced today, the New South Wales Government has officially launched its Cyber Security Strategy 2026–2028. This new framework marks a pivotal shift in how the state manages digital risks, introducing a mandatory 24-hour reporting window for cyber incidents—a significantly tighter timeframe designed to improve visibility and rapid response.

Key Takeaways for Gov & Enterprise:

• Supply Chain Focus: The strategy explicitly targets third-party supply chain risks, a vector that has plagued Australian organisations over the last year.
• Critical Infrastructure (CI): Enhanced obligations for CI operators to ensure resilience against nation-state actors.
• Strategic Shift: Moving from a compliance-heavy model to a "resilience-first" approach, integrating identity support and faster intelligence sharing.

Sector Intelligence

1. Education & EdTech: Victorian Department of Education Breach

The Victorian Department of Education has confirmed a major data breach impacting over 1,700 government schools.

• The Incident: An unauthorised third party accessed a database containing student names, school details, and email addresses with encrypted passwords.
• Impact: While the department states no "sensitive" family details were accessed, the exposure of student identities creates a long-term risk of targeted phishing and identity fraud.
• SaaS Risk: This incident highlights the fragility of centralised databases in the EdTech sector. Administrators should enforce immediate password rotations and review third-party access logs.

2. FinTech & Insurance: Prosura Data Leak

In a severe blow to the financial services sector, Australian car rental insurer Prosura has suffered a breach exposing approximately 300,000 customers.

• Status: Threat actors have released 98 million lines of data on dark web forums.
• Data Exposed: Customer names, policy details, and travel destinations.
• Advisory: Financial institutions should be on high alert for social engineering attacks leveraging this fresh dataset to bypass identity verification checks.

3. Healthcare: Ransomware Success Rate at 95%

Recent reports from the Australian Signals Directorate (ASD) indicate a worrying trend for 2026: ransomware attacks on healthcare providers have doubled, with a 95% success rate for attackers once they gain initial access.

• Threat Actor: The BianLian group remains highly active, targeting Australian critical infrastructure and healthcare with exfiltration-based extortion (threatening data release rather than just encryption).

Vulnerability Watch: Web, Cloud & AI

The last 24 hours have highlighted critical vulnerabilities that penetration testers and SysAdmins must address immediately.

Web Application & APIs

• React Server Components (CVE-2026-23864): A High-Severity Denial of Service (DoS) vulnerability was disclosed on 26 January. This follows the critical RCE (CVE-2025-55182) from late last year.

  • Risk: Attackers can crash server-side rendering processes, taking down high-traffic React applications.
  • Action: Upgrade react-server-dom-webpack and related packages immediately.

• n8n Workflow Automation (CVE-2026-21858): A Critical Unauthenticated RCE exists in the popular workflow automation tool n8n.

  • Risk: This is a "game over" bug for SaaS providers using n8n for backend orchestration. It allows full server takeover without credentials.
  • Action: Patch or isolate instances behind a VPN immediately.

Cloud & AI Systems

• AI Cloud Misconfigurations: New research released yesterday details how "Agentic AI" deployments are introducing massive cloud risks. Specific incidents involving VyroAI and Chattee showed that misconfigured Cloud (Elasticsearch/Kafka) instances linked to AI models exposed millions of chat logs.
  • Attack Vector: Attackers are not attacking the AI model itself, but the infrastructure (Vector DBs, RAG pipelines) surrounding it.
  • Advisory: Ensure all AI-related data stores are not public-facing and enforce strict IAM roles.

Threat Actor Profile: The Rise of "Agentic AI" Attacks

We are observing a shift in 2026 where threat actors are utilising AI Agents to automate the exploitation of APIs. These autonomous agents can chain vulnerabilities (e.g., finding an exposed API endpoint, testing for BOLA/IDOR, and exfiltrating data) at a speed human teams cannot match.

Defensive Strategy: Traditional rate limiting is no longer sufficient. Organisations must implement behavioural analysis on API gateways to detect non-human traffic patterns that mimic legitimate user flows.

Contact us for a quote for penetration testing service or adversary simulation.