Upgrade from annual pen tests to continuous penetration testing services in Australia. Discover 2026 red teaming trends, PTaaS, and expert security assessments.
Discover how threat actors exploit the critical CVE-2026-20127 Cisco SD-WAN vulnerability. Learn IoCs, remediation steps, and how penetration testing secures your network.
The Australian Cyber Security Centre has issued urgent warnings about actively exploited vulnerabilities in Microsoft SharePoint Server (CVE-2025-53770) that enable unauthenticated remote code execution. With Chinese state-aligned actors and ransomware groups already compromising Australian organisations, this threat represents an immediate and severe risk to business-critical data and infrastructure.
Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
As a senior penetration tester, part of my daily routine involves analysing the rapidly shifting attack surface to understand how adversaries are operating in the wild. The last 24 hours in the Australian cyber security landscape have been exceptionally volatile. We are seeing a distinct industrialisation of cybercrime, heavily amplified by artificial intelligence, persistent ransomware campaigns, and highly fragile software supply chains.
As of 16 April 2026, the Australian cyber threat landscape continues to rapidly escalate, shifting from isolated endpoint compromises to systemic supply chain and identity-based attacks. From the perspective of our adversary simulation and penetration testing operations, the last 24 hours have highlighted critical vulnerabilities across several key sectors. Threat actors are aggressively capitalising on complex API integrations, unpatched cloud infrastructure, and the hasty deployment of emerging AI technologies.
Welcome to today’s threat intelligence update. Over the past 24 hours, our penetration testing and threat intelligence teams have analysed a surge in sophisticated cyber attacks targeting Australian organisations. Threat actors are increasingly shifting their focus towards exploiting misconfigurations in cloud environments, insecure APIs, and emerging AI technologies.
Welcome to the daily threat briefing for 14 April 2026. Over the last 24 hours, the Australian cybersecurity landscape has experienced significant volatility. A convergence of rapid AI adoption, persistent cloud vulnerabilities, and aggressive ransomware syndicates has exposed critical resiliency gaps across multiple industries. Recent industry data reveals that 73 per cent of local security leaders remain unprepared for a major cyber incident, despite threat detection and monitoring being top priorities. Today's brief analyses the latest breaches, prominent threat actors, and emerging vulnerabilities impacting Australian organisations.
Welcome to today's threat briefing. Over the last 24 hours, the Australian cyber security landscape has witnessed a rapid escalation in targeted ransomware operations, third-party cloud compromises, and the active exploitation of new zero-day vulnerabilities. As threat actors continually analyse corporate digital footprints and adapt their behaviour, it is critical for Australian organisations to maintain a proactive defensive posture.
Welcome to today's threat intelligence briefing for 11 April 2026. As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia. Over the last 24 hours, the window between vulnerability disclosure and active exploitation has collapsed to mere hours. Threat actors are aggressively weaponising artificial intelligence, exploiting cloud misconfigurations, and capitalising on critical zero-day vulnerabilities in web applications and APIs.
As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile cyber threat landscape across Australia. Over the past 24 hours, the window between vulnerability disclosure and active exploitation has collapsed to mere days—and in some cases, hours. Adversaries are aggressively weaponising artificial intelligence, exploiting cloud misconfigurations, and capitalising on critical zero-day vulnerabilities in web applications and APIs.
As a senior penetration tester monitoring the evolving tactics of threat actors, it is clear that the attack surface for Australian organisations is expanding at an unprecedented rate. Over the last 24 hours up to 09 April 2026, the Australian threat landscape has seen aggressive moves by ransomware operators, the active exploitation of artificial intelligence workflows, and critical high-priority alerts from the Australian Cyber Security Centre (ACSC).
As the Australian digital landscape continues to expand, so does the sophistication and speed of modern threat actors. Over the last 24 hours, security teams across the country have faced an elevated operational tempo of cyber activity, ranging from browser-based zero-day exploitation to high-velocity ransomware deployments. In this daily briefing, we analyse the latest threat intelligence, prominent adversaries, and critical vulnerabilities impacting key Australian sectors.
As a senior penetration tester monitoring the Australian threat landscape, I routinely analyse the tactics, techniques, and procedures (TTPs) deployed against our domestic networks. Over the last 24 hours leading up to 04 April 2026, we have observed a significant escalation in targeted cyber campaigns. The environment has shifted definitively from opportunistic infrastructure attacks to highly orchestrated, identity-driven breaches.
