Discover how threat actors exploit the critical CVE-2026-20127 Cisco SD-WAN vulnerability. Learn IoCs, remediation steps, and how penetration testing secures your network.
The Australian Cyber Security Centre has issued urgent warnings about actively exploited vulnerabilities in Microsoft SharePoint Server (CVE-2025-53770) that enable unauthenticated remote code execution. With Chinese state-aligned actors and ransomware groups already compromising Australian organisations, this threat represents an immediate and severe risk to business-critical data and infrastructure.
Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
A new security flaw called React2Shell (CVE-2025-55182) puts Australian businesses at extreme risk. It has a severity score of CVSS 10.0, which is the highest possible rating. This flaw lets hackers take full control of your servers without needing a password. It affects the popular tools React and Next.js.
Welcome to the daily threat briefing for 06 March 2026. As a senior penetration tester observing the frontlines of the Australian cyber landscape, the last 24 hours have demonstrated a highly aggressive pivot by threat actors. We are seeing adversaries rapidly transition from traditional network exploitation to abusing legitimate cloud identities, leveraging generative AI for exploit development, and targeting critical third-party supply chains.
Welcome to today's daily threat briefing. Over the last 24 hours, our threat intelligence operations have identified a surge in high-impact vulnerabilities and evolving adversary behaviours relevant to Australian organisations. We are observing a distinct operational pivot from traditional exploit-driven breaches to fast, AI-enabled credential abuse, alongside critical zero-day exploits actively deployed in the wild.
As a senior penetration tester, analysing the evolving threat landscape is a critical part of staying ahead of sophisticated adversaries. Over the last 24 hours leading up to 04 March 2026, we have observed a significant escalation in cyber threats targeting Australian organisations. Threat actors are aggressively pivoting from traditional network exploitation to abusing legitimate cloud identities, leveraging generative AI for exploit development, and targeting critical third-party supply chains.
As we analyse the threat landscape over the past 24 hours, the Australian cyber environment is experiencing a surge in sophisticated attacks driven by autonomous AI tools and the exploitation of critical zero-day vulnerabilities. As penetration testers, we are observing threat actors pivot from traditional ransomware to aggressive double-extortion campaigns, actively weaponising new technologies to compromise heavily defended perimeters.
The Australian cyber threat landscape has escalated sharply in the last 24 hours. The Australian Signals Directorate (ASD) and global Five Eyes partners have issued an emergency directive regarding a critical zero-day vulnerability in widespread network infrastructure, while the financial sector faces a reported surge in AI-driven fraud. Below is our deep dive into the threats impacting Australian organisations today.
The last 24 hours have seen a significant escalation in the Australian cyber threat landscape. We are witnessing a convergence of physical supply chain disruption and high-volume digital data theft. A major poultry processor has confirmed a cyber attack impacting national distribution, while the FinTech sector grapples with the massive ‘youX’ data breach. On the technical front, the weaponisation of AI workflows is no longer theoretical, with critical exploits targeting automation platforms used by Australian businesses.
The Australian cyber threat landscape has seen significant escalation over the last 24 hours. A major poultry processor has confirmed a cyber attack disrupting supply chains, while the FinTech sector continues to reel from the massive youX data breach reported over the weekend. On the technical front, widely used webmail platforms are under active exploitation, and the Australian Signals Directorate (ASD) has released a new defence tool.
The Australian cyber threat landscape has remained volatile over the weekend, dominated by the active exploitation of critical zero-day vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM). Simultaneously, the healthcare and FinTech sectors are grappling with fresh ransomware claims and data breaches, highlighting a persistent failure in credential management and API security.
The Australian cyber threat landscape has escalated significantly in the last 24 hours. The headlines are dominated by a massive data breach affecting a Sydney-based FinTech lender, exposing the identity documents of hundreds of thousands of Australians. Simultaneously, critical vulnerabilities in widely used SaaS automation tools and AI frameworks are being actively exploited, prompting urgent warnings for organisations integrating AI agents into their workflows.
