Before we set out to understand the risks uncovered by penetration testing service providers, let’s start by answering some basic questions.
A zero-click vulnerability, CVE-2025-21042, in millions of Samsung devices is being actively exploited to install "LANDFALL," a commercial-grade spyware. This threat, now on CISA's KEV catalog , transforms an executive's personal device into a silent corporate surveillance tool, completely bypassing your MDM and EDR. For Australian organisations with BYOD policies, this is a critical, reportable data breach scenario under the NDB scheme.
Actively exploited WSUS flaw CVE-2025-59287 (CVSS 9.8) threatens Australian businesses. Patching isn't enough. See why red teaming is essential to validate your security.
Critical Oracle EBS zero-day CVE-2025-61882 actively exploited. Australian firms face data theft. Move beyond patching to proactive red teaming & security.
The ACSC has issued a high alert on attacks against Australia's software supply chain. Adversaries are no longer just targeting your live systems; they are infiltrating the "factory" where your software is built. We simulate these advanced, multi-stage attacks to validate your defences against this critical threat.
