Executive Summary As of 10 March 2026, the Australian cyber threat landscape remains highly volatile. Over the last 24 hours, our threat intelligence and incident response telemetry have identified a surge in targeted attacks against Australian infrastructure. Threat actors are increasingly leveraging automated exploitation of cloud environments, sophisticated API abuse, and novel attacks against integrated AI systems.

This briefing outlines the emerging threats, active adversary behaviour, and critical vulnerabilities impacting key Australian sectors.

Sector Threat Landscape

Government & IoT State-sponsored actors and advanced persistent threats (APTs) have intensified reconnaissance against Australian government agencies at both the state and federal levels. In the past 24 hours, we have observed targeted scanning for vulnerable IoT devices connected to government networks. Specifically, edge devices and smart sensors are being compromised to establish covert command-and-control (C2) channels. These botnets are subsequently used to mask the origins of traffic targeting critical public sector infrastructure.

FinTech & SaaS Providers The Australian FinTech sector, largely driven by the Consumer Data Right (CDR) ecosystem, is facing a wave of sophisticated API attacks. We have analysed a new campaign by a prominent financially motivated threat group targeting poorly configured SaaS providers that integrate with major financial institutions. Attackers are exploiting Broken Object Level Authorisation (BOLA) vulnerabilities in B2B APIs to access unauthorised user financial records and bypass traditional web application firewalls.

Healthcare & Education (EdTech) Ransomware syndicates continue to disproportionately target Australian healthcare providers and educational institutions. A newly identified Initial Access Broker (IAB) has been actively selling compromised VPN credentials belonging to staff at major Australian universities and regional hospitals. Furthermore, EdTech platforms migrating to cloud-native architectures are experiencing a high volume of credential stuffing attacks, aiming to hijack student and administrative portals to deploy ransomware payloads.

eCommerce The eCommerce sector is currently battling a resurgence of modernised Magecart-style attacks. However, rather than targeting checkout pages via basic cross-site scripting (XSS), attackers are exploiting vulnerabilities in third-party supply chain widgets and marketing plugins. These malicious scripts are designed to intercept payment data seamlessly, evading standard behavioural detection mechanisms.

Vulnerability Spotlight: Web, API, Cloud, and AI Systems

As penetration testers, we are seeing adversaries rapidly operationalise exploits across four primary technological domains:

• Web Applications: A high-severity unauthenticated Remote Code Execution (RCE) vulnerability in a popular web framework is currently being exploited in the wild. Attackers are using automated scanners to identify unpatched Australian eCommerce and SaaS web applications, allowing them to drop web shells and establish persistence within minutes of discovery.
• APIs: Beyond BOLA, we are tracking increased exploitation of Mass Assignment vulnerabilities in GraphQL and REST APIs. FinTech and Healthcare organisations must prioritise robust schema validation, as attackers are successfully modifying sensitive account parameters by injecting undocumented fields into standard API requests.
• Cloud Infrastructure: Misconfigurations in cloud access management remain a primary initial access vector. Threat actors are deploying automated scripts to scan public GitHub repositories for leaked AWS and Azure credentials. Over the last day, we have seen multiple incidents where overly permissive IAM roles allowed attackers to escalate privileges and exfiltrate sensitive data from cloud storage buckets.
• AI Systems: The rapid integration of Large Language Models (LLMs) and AI chatbots into Australian Government and eCommerce portals has introduced a new attack surface. We are actively tracking instances of "Prompt Injection" and "Data Poisoning." In these attacks, malicious users manipulate the input parameters of customer-facing AI assistants to bypass safety guardrails, resulting in the leakage of backend system prompts, sensitive customer data, and internal API routing information.

Defence Recommendations

To defend against these emerging threats, Australian organisations must adopt a proactive security posture:

1. Enforce API Security: Implement strict rate limiting, schema validation, and granular role-based access control (RBAC) across all internal and external APIs.
2. Harden Cloud Environments: Conduct regular audits of cloud IAM policies, ensuring the principle of least privilege is strictly enforced. Enable MFA for all cloud management consoles.
3. Secure AI Implementations: Treat all AI inputs as untrusted user data. Implement robust sanitisation layers and separate AI processing from core databases to prevent lateral data leakage.
4. Patch Management: Prioritise patching internet-facing web applications and perimeter edge devices, particularly those with known exploited vulnerabilities (KEVs).

Contact us for a quote for penetration testing service or adversary simulation.