As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia. Over the past seven days, up to 22 March 2026, the window between vulnerability disclosure and active exploitation has collapsed. Threat actors are aggressively weaponising artificial intelligence, exploiting cloud misconfigurations, and capitalising on critical zero-day vulnerabilities to bypass traditional perimeter defences.

Here is your weekly threat briefing detailing the current exploits, active threat actors, and critical vulnerabilities impacting Australian organisations across key sectors.

Sector Threat Analysis

Healthcare The Australian healthcare sector remains under intense siege from double-extortion ransomware. The Australian Cyber Security Centre (ACSC) and Five Eyes partners recently issued an urgent joint advisory regarding the INC Ransom group. Operating a Ransomware-as-a-Service (RaaS) model, this group has breached at least 11 Australian organisations, heavily targeting healthcare. Affiliates are leveraging legitimate administrative tools like 7-Zip and rclone to blend into normal network traffic before exfiltrating sensitive medical records. Concurrently, the SafePay ransomware gang claimed a successful attack on Smile Team Orthodontics, publishing staff details and patient payment plans to the dark web.

SaaS Providers & Government Supply chain vulnerabilities and cloud misconfigurations took centre stage this week following a confirmed cloud breach at LexisNexis. A threat actor tracked as 'FulcrumSec' breached the SaaS provider's AWS environment by exploiting an unpatched web application vulnerability. This breach exposed highly sensitive data belonging to Australian law firms and federal government agencies. Furthermore, a recent audit of the WA Government exposed severe Microsoft 365 cloud misconfigurations, including a lack of robust Data Loss Prevention (DLP) controls, which facilitated Business Email Compromise (BEC) and the theft of $71,000.

eCommerce Consumer-facing commerce was disrupted as the Kairos ransomware group successfully breached the Seagrass Boutique Hospitality Group. Attackers have also leaked data stolen from major Australian processor Hazeldenes on the dark web. These incidents highlight the fragility of eCommerce and retail supply chains when faced with extortion-focused threat actors targeting interconnected Web APIs and payment gateways.

FinTech Regulatory scrutiny is intensifying in the financial sector. ASIC has just set a massive regulatory precedent, imposing a landmark AUD 2.5 million penalty on FIIG Securities for poor cybersecurity governance and failing to manage cyber risks. Meanwhile, FinTech provider Vroom by YouX suffered a breach exposing thousands of driver's licences and financial documents via a non-password-protected cloud database, underscoring the critical need for secure API and cloud storage configurations.

Education / EdTech Higher education institutions and EdTech providers are actively being targeted via critical pre-authentication Remote Code Execution (RCE) vulnerabilities in remote support software. Institutions must urgently ensure self-hosted learning management systems and support environments are patched to mitigate unauthorised command execution and protect student data.

IoT The ACSC issued an urgent directive regarding a maximum-severity authentication bypass vulnerability in Cisco SD-WAN products. Actively exploited by advanced threat actors, this flaw allows attackers to gain administrative privileges and establish persistent access across distributed IoT networks and critical infrastructure. Additionally, security flaws in WatchGuard Firebox appliances have prompted ACSC advisories, urging immediate patching to prevent unauthorised remote access. Notably, the new Cyber Security (Security Standards for Smart Device) Rules 2025 are taking effect in March 2026, mandating stricter baseline security for IoT manufacturers.

Emerging Tech Threats: AI, Web Apps, and Cloud Systems

We are observing a surge in AI-powered phishing and BEC attacks designed to bypass standard Multi-Factor Authentication (MFA) using real-time proxy frameworks. Threat actors are weaponising AI to craft highly convincing lures and automate vulnerability discovery in Web APIs and cloud perimeters. To defend against these sophisticated tactics, organisations must move towards phishing-resistant MFA, such as device binding, and continuously validate their external attack surface against web application and cloud API exploits.

The speed at which threat actors are operationalising vulnerabilities requires Australian organisations to adopt a proactive, rather than reactive, security posture. Regular security testing and continuous monitoring are no longer optional—they are essential to survive the current threat landscape.

Contact us for a quote for penetration testing service or adversary simulation.