A zero-click vulnerability, CVE-2025-21042, in millions of Samsung devices is being actively exploited to install "LANDFALL," a commercial-grade spyware. This threat, now on CISA's KEV catalog , transforms an executive's personal device into a silent corporate surveillance tool, completely bypassing your MDM and EDR. For Australian organisations with BYOD policies, this is a critical, reportable data breach scenario under the NDB scheme.
Actively exploited WSUS flaw CVE-2025-59287 (CVSS 9.8) threatens Australian businesses. Patching isn't enough. See why red teaming is essential to validate your security.
Critical Oracle EBS zero-day CVE-2025-61882 actively exploited. Australian firms face data theft. Move beyond patching to proactive red teaming & security.
The ACSC has issued a high alert on attacks against Australia's software supply chain. Adversaries are no longer just targeting your live systems; they are infiltrating the "factory" where your software is built. We simulate these advanced, multi-stage attacks to validate your defences against this critical threat.
The ACSC confirms the Akira ransomware group is actively exploiting SonicWall VPNs to breach Australian businesses. Patching is not enough—attackers are bypassing the fix. With Australia's new mandatory reporting laws, this technical vulnerability can quickly become a regulatory and legal disaster.
Security development lifecycle (SDL) requires crafting a carefully constructed security plan, as well as code analysis—of both static and dynamic code. What do those terms mean and how are they both important? Let’s take a look.
