Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
A new security flaw called React2Shell (CVE-2025-55182) puts Australian businesses at extreme risk. It has a severity score of CVSS 10.0, which is the highest possible rating. This flaw lets hackers take full control of your servers without needing a password. It affects the popular tools React and Next.js.
A critical vulnerability in Adobe Commerce and Magento (CVE-2025-54236), dubbed "SessionReaper," is being ruthlessly exploited by threat actors using AI-driven tools to automate attacks at machine speed. With the Australian holiday trading season in full swing, this unauthenticated remote code execution (RCE) flaw poses an immediate existential threat to retail and B2B organizations. This alert outlines the mechanics of the attack, the role of AI in its weaponization, and the urgent defensive actions required to prevent a catastrophic data breach.
A zero-click vulnerability, CVE-2025-21042, in millions of Samsung devices is being actively exploited to install "LANDFALL," a commercial-grade spyware. This threat, now on CISA's KEV catalog , transforms an executive's personal device into a silent corporate surveillance tool, completely bypassing your MDM and EDR. For Australian organisations with BYOD policies, this is a critical, reportable data breach scenario under the NDB scheme.
The last 24 hours have been dominated by urgent warnings from the Australian Cyber Security Centre (ACSC) regarding a massive global exploitation campaign targeting database infrastructure. As we approach the New Year, threat actors are capitalising on skeleton staff schedules to launch high-impact attacks. Today's briefing highlights a critical MongoDB vulnerability, a significant data breach in the Australian education sector, and ongoing pressure on SaaS supply chains.
The last 24 hours have seen a surge in targeted activity against the Australian Education and IoT sectors, with critical infrastructure devices remaining a primary entry point for threat actors. The Australian Cyber Security Centre (ACSC) has flagged active exploitation of new vulnerabilities in network edge devices, while the 'KillSec' and 'Medusa' ransomware gangs have claimed significant breaches in local organisations.
As we close out 2025, the Australian cyber threat landscape remains volatile. This week (21–28 December 2025) has been defined by a significant ransomware attack on critical telematics infrastructure, continued fallout from defence supply chain compromises, and a "Perfect 10" severity vulnerability in a widely used web framework. Threat actors are aggressively targeting the convergence of IoT and critical infrastructure, while the Education and FinTech sectors face renewed pressure from data extortion groups. Below is your detailed briefing on the threats impacting Australian organisations this week.
The last 24 hours have closed a volatile week for Australian cybersecurity. As we approach the New Year, the threat landscape is dominated by the active exploitation of two critical Remote Code Execution (RCE) vulnerabilities—dubbed "React2Shell" and a severe flaw in WatchGuard Firebox appliances. Simultaneously, targeted ransomware campaigns by emerging groups like Black Shranac and Termite are heavily impacting the Healthcare and FinTech sectors.
The last 24 hours have highlighted significant volatility in Australia’s cyber threat landscape, with critical infrastructure, healthcare, and education sectors facing intensified pressure. Of particular concern today is the active exploitation of critical vulnerabilities in widely used network security devices and a surge in ransomware activity targeting Australian schools. This briefing breaks down the most urgent threats, exploited vulnerabilities, and strategic risks for Australian organisations observed over the past day.
As Australian organisations operate with skeleton staff over the Boxing Day public holiday, the cyber threat landscape has intensified significantly in the last 24 hours. Threat actors are actively capitalising on reduced monitoring capabilities and the surge in e-commerce traffic. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has escalated warnings regarding critical exploits in edge devices, while the retail and fintech sectors face a barrage of sophisticated API abuse campaigns.
As we wrap up the year, the Australian cyber threat landscape has intensified significantly over the last 24 hours. Critical vulnerabilities in widely used network appliances and targeted ransomware campaigns against key sectors—specifically Education, Healthcare, and SaaS providers—demand immediate attention from security teams.
As we head into the Christmas break, the Australian cyber threat landscape has escalated significantly over the last 24 hours. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has issued a critical alert regarding active exploitation of WatchGuard Firebox devices. This comes alongside a surge in ransomware activity targeting the education and government sectors, with threat actors looking to capitalise on reduced staffing levels during the holiday period.
The last 24 hours have been critical for Australian cyber defenders. A new maximum-severity vulnerability in the React framework, dubbed "React2Shell," is being actively exploited by state-sponsored actors, sending shockwaves through the SaaS and FinTech sectors. Simultaneously, the Australian healthcare and education sectors are grappling with fresh ransomware extortion attempts and significant data leaks.
As we kick off the week leading into the holiday season, Australian security teams face a heightened threat landscape. Over the weekend, active exploitation of maximum-severity vulnerabilities in Cisco infrastructure and modern web frameworks has been confirmed. Additionally, fresh reports highlight significant cyber risks within the NSW healthcare sector and a major data breach impacting the tertiary education sector.
