As we analyse the cyber threat landscape for the last 24 hours, Australian organisations are facing a convergence of sophisticated ransomware campaigns, rapid exploitation of AI vulnerabilities, and targeted scams against individuals. The Australian Signals Directorate (ASD) and industry leaders have flagged critical developments affecting the Healthcare, SaaS, and Government sectors.
Here is your daily deep dive into the threats shaping our digital environment.
Healthcare Sector: Ransomware Resurgence
The healthcare sector remains the prime target for financially motivated threat actors. In the last 24 hours, Epworth HealthCare has become the focus of a significant security incident. The newly emerged ransomware group, 0APT, has claimed responsibility for a breach, alleging the theft of 920GB of data, including sensitive patient databases.
While Epworth HealthCare has stated there is currently "no verified evidence" of the exfiltration, this incident highlights a disturbing trend. The ASD’s Annual Cyber Threat Report 2024-2025 revealed that ransomware incidents in healthcare have doubled year-on-year, with attackers achieving a 95% success rate in this sector—significantly higher than the national average.
Action Item: Healthcare providers must urgently review their data egress monitoring and validate backup immutability.
SaaS and Cloud: Critical Vulnerabilities Exploited
SaaS providers and organisations relying on workflow automation are under immediate threat from a critical Remote Code Execution (RCE) vulnerability.
- n8n Workflow Automation (CVE-2026-21858): A critical vulnerability (CVSS 10.0) is being actively exploited, allowing unauthenticated attackers to execute arbitrary code and access sensitive files. Given the widespread use of n8n for integrating APIs and services, this poses a severe supply chain risk.
- Fortinet Cloud SSO: Security teams should also be aware of active exploitation attempts targeting the FortiCloud Single Sign-On (SSO) mechanism (CVE-2025-59718). Attackers are bypassing authentication to access customer devices, emphasising the fragility of identity management systems in the cloud.
AI Systems: The 16-Minute Window
Artificial Intelligence is no longer just a tool for defenders; it is a vulnerable attack surface. A startling report released this week by Zscaler indicates that enterprise AI systems are being compromised at "machine speed."
Red team exercises revealed that 100% of tested enterprise AI systems contained critical flaws, with attackers able to compromise these systems in an average of just 16 minutes. The primary vectors include:
- Exposed Model Endpoints: Lack of authentication allowing unauthorised queries.
- Prompt Injection: Manipulating AI logic to bypass safety rails.
- Insecure API Integrations: AI agents with excessive permissions writing to production systems.
FinTech & eCommerce: "Digital Arrest" Scams
The financial sector is seeing a rise in sophisticated social engineering attacks. A "Digital Arrest" scam has surfaced prominently in Sydney, where victims are coerced by fraudsters posing as officials from the Indian High Commission or federal police. These attackers use high-pressure tactics, claiming involvement in money laundering, to siphon funds via cryptocurrency and bank transfers.
For eCommerce and FinTech platforms, the risk lies in identity fraud and account takeovers (ATO), as criminals leverage stolen data from other breaches to bypass verification checks.
Government & IoT: Infrastructure Risks
The Australian Government and critical infrastructure operators continue to mitigate legacy risks that remain active. The ASD has reiterated warnings regarding WatchGuard Firebox devices (CVE-2025-14733), which are seeing continued exploitation attempts.
Furthermore, the rise of "Shadow API" vulnerabilities—unmanaged and invisible API endpoints—is creating blind spots for government agencies. These endpoints are frequently targeted to bypass access controls (IDOR vulnerabilities), leading to unauthorised data exposure.
Summary of Critical Vulnerabilities
| CVE ID | Severity | Description | Target |
|---|---|---|---|
| CVE-2026-21858 | Critical (10.0) | Unauthenticated RCE in n8n workflow automation. | SaaS / Cloud |
| CVE-2025-59718 | Critical | Authentication Bypass in FortiCloud SSO. | Cloud / NetSec |
| CVE-2025-14733 | High | Exploitation of WatchGuard Firebox devices. | Network / IoT |
Conclusion
The events of the last 24 hours demonstrate that speed is the adversary's greatest weapon. From the 16-minute compromise time of AI systems to the rapid weaponisation of the n8n vulnerability, Australian organisations must move from reactive patching to proactive continuous exposure management.
Contact us for a quote for penetration testing service or adversary simulation.