Upgrade from annual pen tests to continuous penetration testing services in Australia. Discover 2026 red teaming trends, PTaaS, and expert security assessments.
Discover how threat actors exploit the critical CVE-2026-20127 Cisco SD-WAN vulnerability. Learn IoCs, remediation steps, and how penetration testing secures your network.
The Australian Cyber Security Centre has issued urgent warnings about actively exploited vulnerabilities in Microsoft SharePoint Server (CVE-2025-53770) that enable unauthenticated remote code execution. With Chinese state-aligned actors and ransomware groups already compromising Australian organisations, this threat represents an immediate and severe risk to business-critical data and infrastructure.
Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
As the Australian digital landscape continues to expand, so does the sophistication and speed of modern threat actors. Over the last 24 hours, security teams across the country have faced an elevated operational tempo of cyber activity, ranging from browser-based zero-day exploitation to high-velocity ransomware deployments. In this daily briefing, we analyse the latest threat intelligence, prominent adversaries, and critical vulnerabilities impacting key Australian sectors.
As a senior penetration tester monitoring the Australian threat landscape, I routinely analyse the tactics, techniques, and procedures (TTPs) deployed against our domestic networks. Over the last 24 hours leading up to 04 April 2026, we have observed a significant escalation in targeted cyber campaigns. The environment has shifted definitively from opportunistic infrastructure attacks to highly orchestrated, identity-driven breaches.
Welcome to today's threat intelligence briefing. As organisations across Australia continue to digitise operations and adopt next-generation technologies, the local threat landscape is evolving at an unprecedented pace. Over the last 24 hours, our penetration testing and threat intelligence teams have observed significant adversarial behaviour targeting critical Australian infrastructure.
As a senior penetration tester actively analysing the adversarial landscape, I am seeing a dramatic escalation in sophisticated attacks against Australian organisations. Over the last 24 hours, the threat landscape has been dominated by supply chain compromises, AI-driven exploitation, and aggressive ransomware campaigns targeting critical infrastructure.
As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia. Over the past 24 hours and the preceding days, our telemetry reveals that the window between vulnerability disclosure and active exploitation has collapsed to mere hours. Threat actors are aggressively weaponising artificial intelligence, exploiting misconfigured cloud environments, and capitalising on critical web application and API vulnerabilities.
As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia today, 30 March 2026. The window between vulnerability disclosure and active exploitation has collapsed to mere hours. We are observing threat actors aggressively weaponising artificial intelligence, exploiting cloud misconfigurations, and capitalising on critical zero-day vulnerabilities in web applications and APIs. With the 2023–2030 Australian Cyber Security Strategy moving into its later horizons, regulatory scrutiny is intensifying, making proactive defence non-negotiable.
As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia. Over the past seven days, leading up to 29 March 2026, our telemetry and incident response engagements reveal that the window between vulnerability disclosure and active exploitation has collapsed to mere days. Threat actors are aggressively weaponising artificial intelligence, exploiting cloud misconfigurations, and capitalising on critical zero-day vulnerabilities to bypass traditional perimeter defences.
As a senior penetration tester operating on the frontlines of Australia's digital defence, I am observing an unprecedented convergence of sophisticated cyber attacks, aggressive regulatory shifts, and emerging technology risks. The last 24 hours have highlighted a volatile threat landscape for Australian organisations, with threat actors aggressively exploiting cloud misconfigurations, weaponising AI, and targeting critical supply chains.
As a senior penetration tester actively analysing adversary behaviour and responding to frontline incidents, I am tracking a highly volatile threat landscape across Australia today, 27 March 2026. The window between vulnerability disclosure and active exploitation has effectively collapsed. Over the last 24 hours, threat actors have aggressively weaponised artificial intelligence, exploited cloud misconfigurations, and capitalised on critical zero-day vulnerabilities to bypass traditional perimeter defences.
As a senior penetration tester analysing adversary behaviour on the frontlines, I am observing an unprecedented level of volatility in the Australian cyber threat landscape. Welcome to our daily threat briefing for 26 March 2026. Over the last 24 hours, the window between vulnerability disclosure and active exploitation has collapsed to mere hours. Driven by autonomous automation, threat actors are aggressively bypassing traditional perimeters, heavily exploiting cloud misconfigurations, and capitalising on critical zero-day vulnerabilities in web applications, APIs, and emerging AI systems.
