Lean Security Expert
Fortinet "Ghost Logins": How Authentication ...

Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.

Fortinet "Ghost Logins": How Authentication Bypass Attacks Expose Gaps in Your Penetration Testing Strategy
Lean Security Expert
React2Shell: A CISO’s Guide to CVE-2025-55182

A new security flaw called React2Shell (CVE-2025-55182) puts Australian businesses at extreme risk. It has a severity score of CVSS 10.0, which is the highest possible rating. This flaw lets hackers take full control of your servers without needing a password. It affects the popular tools React and Next.js.

React2Shell: A CISO’s Guide to CVE-2025-55182
Lean Security Expert
SessionReaper & BFCM: Why Penetration ...

A critical vulnerability in Adobe Commerce and Magento (CVE-2025-54236), dubbed "SessionReaper," is being ruthlessly exploited by threat actors using AI-driven tools to automate attacks at machine speed. With the Australian holiday trading season in full swing, this unauthenticated remote code execution (RCE) flaw poses an immediate existential threat to retail and B2B organizations. This alert outlines the mechanics of the attack, the role of AI in its weaponization, and the urgent defensive actions required to prevent a catastrophic data breach.

SessionReaper & BFCM: Why Penetration Testing Services Are Critical (CVE-2025-54236)
Lean Security Expert
CISA Alert: LANDFALL Spyware Hits Australian ...

A zero-click vulnerability, CVE-2025-21042, in millions of Samsung devices is being actively exploited to install "LANDFALL," a commercial-grade spyware. This threat, now on CISA's KEV catalog , transforms an executive's personal device into a silent corporate surveillance tool, completely bypassing your MDM and EDR. For Australian organisations with BYOD policies, this is a critical, reportable data breach scenario under the NDB scheme.

CISA Alert: LANDFALL Spyware Hits Australian BYOD Devices
Lean Security Expert
Beyond the Patch: Why the Actively Exploited ...

Actively exploited WSUS flaw CVE-2025-59287 (CVSS 9.8) threatens Australian businesses. Patching isn't enough. See why red teaming is essential to validate your security.

Beyond the Patch: Why the Actively Exploited WSUS Vulnerability (CVE-2025-59287) Demands a Red Team Response in Australia

Weekly Threat Briefing

Weekly Threat Briefing: Australia (14-21 December 2025)

Weekly Threat Briefing: Australia (14-21 December 2025)

As we approach the end of 2025, the Australian cyber threat landscape has experienced a volatile week, with significant incidents rocking the education and healthcare sectors. The last seven days have been defined by the active exploitation of critical vulnerabilities in modern web frameworks and a series of ransomware attacks targeting sensitive patient and staff data. This week’s briefing highlights a major data breach at the University of Sydney, a ransomware attack on fertility provider Genea, and the "React2Shell" vulnerability that is currently reshaping cloud security priorities.

Weekly Threat Briefing: Critical Fortinet Flaws, AI Vulnerabilities & Nation-State Shifts

Weekly Threat Briefing: Critical Fortinet Flaws, AI Vulnerabilities & Nation-State Shifts

The Australian cyber security landscape has experienced a turbulent week (7–14 December), dominated by a "Critical" alert from the Australian Cyber Security Centre (ACSC) regarding widespread vulnerabilities in edge devices and a worrying escalation in AI-assisted development flaws. As we approach the holiday shutdown period—a traditional window for heightened ransomware activity—organisations across Healthcare, Government, and FinTech must urgently prioritise patching and detection. Here is your deep dive into the threats impacting Australian organisations this week.

Australia Cyber Threat Briefing: React2Shell Crisis & Defence Supply Chain Breach (01–07 Dec 2025)

Australia Cyber Threat Briefing: React2Shell Crisis & Defence Supply Chain Breach (01–07 Dec 2025)

This week has seen a critical escalation in the Australian cyber threat landscape, dominated by a maximum-severity vulnerability in a widely used web framework and significant breaches in the Defence and Education sectors. The Australian Cyber Security Centre (ACSC) has issued urgent alerts, and organisations across all sectors—particularly those using React-based web applications—must take immediate action. Here is your deep dive into the threats, incidents, and vulnerabilities shaping the last 7 days (01–07 December 2025).

Australian Weekly Threat Briefing: Defence Supply Chain Breached & SaaS Under Siege

Australian Weekly Threat Briefing: Defence Supply Chain Breached & SaaS Under Siege

This week has seen a significant escalation in cyber activity targeting Australian critical infrastructure and supply chains. The most alarming development is a confirmed breach of a major Defence contractor, potentially exposing sensitive naval data. Simultaneously, a sophisticated campaign by the "Scattered Lapsus$ Hunters" group is aggressively targeting SaaS platforms, with Qantas and Zendesk users in the crosshairs. As we approach the holiday season, a new report warns that ransomware operators are leveraging Generative AI to time attacks for weekends and public holidays, specifically targeting periods of reduced staffing in Security Operations Centres (SOCs).

Contact us for a quote