In the last 24 hours, the Australian cyber threat landscape has been dominated by the rapid weaponisation of Generative AI and the escalation of "non-human" identity compromises. Following the patterns identified earlier this year in the ACSC's Annual Cyber Threat Report, we are seeing a shift from traditional credential stuffing to sophisticated, AI-enhanced social engineering and API-based attacks. Today's briefing highlights a coordinated campaign targeting the Healthcare and FinTech sectors, leveraging deepfake technology to bypass biometric verification. Additionally, new intelligence suggests state-sponsored actors are actively exploiting "shadow AI" implementations in Government supply chains.

The last 24 hours have underscored a critical reality for Australian CISOs and security teams: the separation between "sector-specific" threats is vanishing. From the 15.72 Tbps DDoS attack aimed at Australian infrastructure to the targeted ransomware campaigns crippling regional healthcare, the tempo of operations is accelerating as we approach the holiday season. As a penetration testing team, we are closely monitoring active exploitation in the wild. Below is your deep-dive briefing on the threats shaping the Australian landscape today.

The last 24 hours have seen a significant escalation in the Australian cyber threat landscape, characterised by a convergence of AI-driven offensive operations and high-impact data breaches. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and private sector intelligence indicate a sharp rise in automated attacks targeting the Healthcare, FinTech, and Government sectors. Of particular concern is the emergence of AI agents capable of automating complex attack chains, reducing the time from vulnerability discovery to exploitation to near zero.

In the last 24 hours, the Australian cyber threat landscape has been dominated by a record-breaking Distributed Denial of Service (DDoS) attack targeting local cloud infrastructure, alongside critical alerts for widely used enterprise edge devices. The Australian Securities and Investments Commission (ASIC) has also signalled a major shift in regulatory enforcement regarding cyber resilience in the financial sector.

The last 24 to 48 hours have seen significant shifts in the Australian cyber threat landscape, dominated by a major government crackdown on ransomware facilitators and a developing supply chain incident affecting the Salesforce ecosystem. In a coordinated move with the US and UK, the Australian Government has imposed sanctions on Russian individuals and entities providing "bulletproof hosting" to gangs like LockBit and Clop. Meanwhile, organisations relying on Salesforce are on high alert following confirmed unauthorized activity linked to third-party Gainsight applications, with threat actors claiming widespread access. On the vulnerability front, a critical Microsoft WSUS flaw (CVE-2025-59287) is seeing active exploitation, demanding immediate attention from system administrators.

In the last 24 hours, the Australian cyber threat landscape has been dominated by a significant supply chain compromise within the Defence sector and a surge in AI-enabled social engineering campaigns targeting the FinTech and Healthcare industries. Threat actors are increasingly leveraging third-party vulnerabilities to bypass hardened perimeters, necessitating an immediate review of vendor access privileges.

The last 24 hours have seen a significant escalation in the Australian cyber threat landscape. The Federal Government has moved from defence to offence with landmark sanctions against Russian cybercrime infrastructure, while the private sector grapples with active zero-day exploitation across major enterprise platforms. From defence contractors to healthcare providers, no sector has been left untouched this week.

Here is your deep dive into the threats shaping the Australian cyber environment today.

The Australian cyber threat landscape has intensified over the last 24 hours with significant geopolitical moves and critical infrastructure attacks. The Federal Government, in coordination with the US and UK, has officially sanctioned Russian "bulletproof" hosting providers facilitating ransomware campaigns against Australian targets. Meanwhile, the defence supply chain is under scrutiny following a confirmed breach at a major naval contractor, and network defenders are racing to patch actively exploited zero-days in Fortinet and Citrix appliances.

Here is your daily deep dive into the threats shaping our digital environment.

Australia faces a crackdown on bulletproof hosting and active exploitation of critical Fortinet & Cisco vulnerabilities. Learn to protect your organization from these urgent cyber threats.