Upgrade from annual pen tests to continuous penetration testing services in Australia. Discover 2026 red teaming trends, PTaaS, and expert security assessments.
Discover how threat actors exploit the critical CVE-2026-20127 Cisco SD-WAN vulnerability. Learn IoCs, remediation steps, and how penetration testing secures your network.
The Australian Cyber Security Centre has issued urgent warnings about actively exploited vulnerabilities in Microsoft SharePoint Server (CVE-2025-53770) that enable unauthenticated remote code execution. With Chinese state-aligned actors and ransomware groups already compromising Australian organisations, this threat represents an immediate and severe risk to business-critical data and infrastructure.
Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
Welcome to today's threat intelligence briefing. As organisations across Australia continue to digitise operations and adopt next-generation technologies, the local threat landscape is evolving at an unprecedented pace. Over the last 24 hours, our penetration testing and threat intelligence teams have observed significant adversarial behaviour targeting critical Australian infrastructure.
As a senior penetration tester actively analysing the adversarial landscape, I am seeing a dramatic escalation in sophisticated attacks against Australian organisations. Over the last 24 hours, the threat landscape has been dominated by supply chain compromises, AI-driven exploitation, and aggressive ransomware campaigns targeting critical infrastructure.
As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia. Over the past 24 hours and the preceding days, our telemetry reveals that the window between vulnerability disclosure and active exploitation has collapsed to mere hours. Threat actors are aggressively weaponising artificial intelligence, exploiting misconfigured cloud environments, and capitalising on critical web application and API vulnerabilities.
As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia today, 30 March 2026. The window between vulnerability disclosure and active exploitation has collapsed to mere hours. We are observing threat actors aggressively weaponising artificial intelligence, exploiting cloud misconfigurations, and capitalising on critical zero-day vulnerabilities in web applications and APIs. With the 2023–2030 Australian Cyber Security Strategy moving into its later horizons, regulatory scrutiny is intensifying, making proactive defence non-negotiable.
As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia. Over the past seven days, leading up to 29 March 2026, our telemetry and incident response engagements reveal that the window between vulnerability disclosure and active exploitation has collapsed to mere days. Threat actors are aggressively weaponising artificial intelligence, exploiting cloud misconfigurations, and capitalising on critical zero-day vulnerabilities to bypass traditional perimeter defences.
As a senior penetration tester operating on the frontlines of Australia's digital defence, I am observing an unprecedented convergence of sophisticated cyber attacks, aggressive regulatory shifts, and emerging technology risks. The last 24 hours have highlighted a volatile threat landscape for Australian organisations, with threat actors aggressively exploiting cloud misconfigurations, weaponising AI, and targeting critical supply chains.
As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia today, 27 March 2026. The window between vulnerability disclosure and active exploitation has effectively collapsed. Over the last 24 hours, threat actors have aggressively weaponised artificial intelligence, exploited cloud misconfigurations, and capitalised on critical zero-day vulnerabilities to bypass traditional perimeter defences.
As a senior penetration tester analysing adversary behaviour on the frontlines, I am observing an unprecedented level of volatility in the Australian cyber threat landscape. Welcome to our daily threat briefing for 26 March 2026. Over the last 24 hours, the window between vulnerability disclosure and active exploitation has collapsed to mere hours. Driven by autonomous automation, threat actors are aggressively bypassing traditional perimeters, heavily exploiting cloud misconfigurations, and capitalising on critical zero-day vulnerabilities in web applications, APIs, and emerging AI systems.
Welcome to today's threat briefing for 25 March 2026. As a senior penetration tester actively engaged in defending Australian networks, I am observing an unprecedented level of volatility in our local threat landscape. Over the last 24 hours, adversary behaviour has demonstrated a rapid shift towards exploiting misconfigured cloud environments, weaponising artificial intelligence, and aggressively targeting critical supply chains.
As a senior penetration tester, I continually analyse the tactics, techniques, and procedures (TTPs) deployed against Australian organisations. Over the last 24 hours, our threat intelligence and incident response telemetry have highlighted a highly volatile landscape. We are witnessing aggressive automated exploitation of cloud environments, rampant API abuse, and novel attacks against integrated AI systems. The 2026 Armis Cyberwarfare Report recently noted that Australia is experiencing a surging volume of cyberwarfare attacks, underscoring the urgent need for a proactive, "assume breach" mentality.
