As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia. Over the past seven days, up to 15 March 2026, the window between vulnerability disclosure and active exploitation has collapsed to mere days. We are observing threat actors aggressively weaponising artificial intelligence, exploiting cloud misconfigurations, and capitalising on critical zero-day vulnerabilities to bypass traditional perimeter defences.

As a senior penetration tester, I spend my days simulating the exact attack paths adversaries use to breach Australian organisations. Over the past seven days (01 March – 08 March 2026), the threat telemetry has highlighted a highly aggressive pivot in the tactics, techniques, and procedures (TTPs) targeting our critical sectors. We are witnessing a surge in identity-driven cloud attacks, the weaponisation of generative AI, and a disturbing rise in insider threats. In fact, Mimecast’s 2026 State of Human Risk Report, released on 05 March 2026, confirmed that malicious insider incidents are now rising faster than negligence-based threats across Australia. Defenders must move beyond baseline compliance and adopt a proactive, "assume breach" mentality.

As we close out the third week of February 2026, the Australian cyber landscape is being defined by a sophisticated pivot towards AI-enabled API exploitation and high-impact ransomware campaigns targeting the FinTech and Healthcare sectors. The "blast radius" of AI systems is widening, with the Model Context Protocol (MCP) emerging as a critical new attack surface.

This week in Australian cyber security, the threat landscape is dominated by critical zero-day exploitations affecting widely used infrastructure. Federal agencies and private sector organisations are on high alert following CISA’s inclusion of new vulnerabilities in the Known Exploited Vulnerabilities (KEV) catalogue. Locally, the healthcare sector remains under intense scrutiny following the release of a concerning audit of NSW Health’s cyber posture, while SaaS and AI-driven threats continue to evolve.

The first week of February 2026 has seen a distinct escalation in targeted campaigns against Australian critical infrastructure and services. This week’s intelligence highlights a sophisticated pivot by threat actors towards human-led attacks on identity systems (SSO) and a resurgence of high-impact ransomware claims in the healthcare sector. Furthermore, critical vulnerabilities in widely used SaaS and collaboration tools demand immediate attention from security teams across the region.

The last seven days (26 January – 02 February 2026) have been defined by a resurgence in high-criticality infrastructure vulnerabilities and evolving nation-state tradecraft. For Australian organisations, the immediate priority is addressing active exploitation of Ivanti Endpoint Manager Mobile (EPMM) zero-days and critical patches for Cisco network infrastructure. Simultaneously, the threat landscape is shifting with reports of North Korean APT groups restructuring their operations, while the healthcare sector faces renewed warnings regarding IT/OT convergence risks.

Welcome to this week's threat briefing. As we settle into 2026, the Australian cyber landscape is already heating up with critical exploits targeting the very automation tools that drive our efficiency. From unauthenticated remote code execution in popular workflow platforms to the industrialisation of AI jailbreaking, this week has highlighted that "set and forget" is no longer a viable security strategy.

As we settle into 2026, the Australian cyber threat landscape shows no signs of slowing down. The transition from December 2025 to January 2026 has been characterised by a volatile mix of critical infrastructure vulnerabilities and aggressive ransomware campaigns targeting the "edge" of corporate networks. This week, we have observed a sharp escalation in the exploitation of database and API vulnerabilities, alongside targeted attacks on the healthcare and education sectors.

As we approach the end of 2025, the Australian cyber threat landscape has experienced a volatile week, with significant incidents rocking the education and healthcare sectors. The last seven days have been defined by the active exploitation of critical vulnerabilities in modern web frameworks and a series of ransomware attacks targeting sensitive patient and staff data. This week’s briefing highlights a major data breach at the University of Sydney, a ransomware attack on fertility provider Genea, and the "React2Shell" vulnerability that is currently reshaping cloud security priorities.

The Australian cyber security landscape has experienced a turbulent week (7–14 December), dominated by a "Critical" alert from the Australian Cyber Security Centre (ACSC) regarding widespread vulnerabilities in edge devices and a worrying escalation in AI-assisted development flaws. As we approach the holiday shutdown period—a traditional window for heightened ransomware activity—organisations across Healthcare, Government, and FinTech must urgently prioritise patching and detection. Here is your deep dive into the threats impacting Australian organisations this week.