Upgrade from annual pen tests to continuous penetration testing services in Australia. Discover 2026 red teaming trends, PTaaS, and expert security assessments.
Discover how threat actors exploit the critical CVE-2026-20127 Cisco SD-WAN vulnerability. Learn IoCs, remediation steps, and how penetration testing secures your network.
The Australian Cyber Security Centre has issued urgent warnings about actively exploited vulnerabilities in Microsoft SharePoint Server (CVE-2025-53770) that enable unauthenticated remote code execution. With Chinese state-aligned actors and ransomware groups already compromising Australian organisations, this threat represents an immediate and severe risk to business-critical data and infrastructure.
Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
As of 10 March 2026, the Australian cyber threat landscape remains highly volatile. Over the last 24 hours, our threat intelligence and incident response telemetry have identified a surge in targeted attacks against Australian infrastructure. Threat actors are increasingly leveraging automated exploitation of cloud environments, sophisticated API abuse, and novel attacks against integrated AI systems.
Welcome to our daily threat briefing for 9 March 2026. Over the past 24 hours, the Australian cyber threat landscape has demonstrated unprecedented volatility. As a senior penetration tester analysing recent adversary behaviour and telemetry, I am observing threat actors aggressively bypassing traditional perimeter defences. They are actively weaponising generative AI, exploiting misconfigured cloud environments, and capitalising on critical API vulnerabilities.
As we analyse the threat landscape over the past 24 hours, the Australian cyber environment is experiencing a highly aggressive pivot by sophisticated threat actors. From the weaponisation of generative AI and agentic browsers to targeted extortion campaigns across our critical sectors, adversaries are actively bypassing traditional perimeter defences. With Australia’s new mandatory ransomware reporting laws and the Cyber Security (Security Standards for Smart Devices) Rules 2025 now in full enforcement, organisations face both heightened regulatory scrutiny and an unforgiving threat environment.
Welcome to the daily threat briefing for 06 March 2026. As a senior penetration tester observing the frontlines of the Australian cyber landscape, the last 24 hours have demonstrated a highly aggressive pivot by threat actors. We are seeing adversaries rapidly transition from traditional network exploitation to abusing legitimate cloud identities, leveraging generative AI for exploit development, and targeting critical third-party supply chains.
Welcome to today's daily threat briefing. Over the last 24 hours, our threat intelligence operations have identified a surge in high-impact vulnerabilities and evolving adversary behaviours relevant to Australian organisations. We are observing a distinct operational pivot from traditional exploit-driven breaches to fast, AI-enabled credential abuse, alongside critical zero-day exploits actively deployed in the wild.
As a senior penetration tester, analysing the evolving threat landscape is a critical part of staying ahead of sophisticated adversaries. Over the last 24 hours leading up to 04 March 2026, we have observed a significant escalation in cyber threats targeting Australian organisations. Threat actors are aggressively pivoting from traditional network exploitation to abusing legitimate cloud identities, leveraging generative AI for exploit development, and targeting critical third-party supply chains.
As we analyse the threat landscape over the past 24 hours, the Australian cyber environment is experiencing a surge in sophisticated attacks driven by autonomous AI tools and the exploitation of critical zero-day vulnerabilities. As penetration testers, we are observing threat actors pivot from traditional ransomware to aggressive double-extortion campaigns, actively weaponising new technologies to compromise heavily defended perimeters.
The Australian cyber threat landscape has escalated sharply in the last 24 hours. The Australian Signals Directorate (ASD) and global Five Eyes partners have issued an emergency directive regarding a critical zero-day vulnerability in widespread network infrastructure, while the financial sector faces a reported surge in AI-driven fraud. Below is our deep dive into the threats impacting Australian organisations today.
The last 24 hours have seen a significant escalation in the Australian cyber threat landscape. We are witnessing a convergence of physical supply chain disruption and high-volume digital data theft. A major poultry processor has confirmed a cyber attack impacting national distribution, while the FinTech sector grapples with the massive ‘youX’ data breach. On the technical front, the weaponisation of AI workflows is no longer theoretical, with critical exploits targeting automation platforms used by Australian businesses.
