Lean Security Expert
The ToolShell Crisis: Why Your SharePoint ...

The Australian Cyber Security Centre has issued urgent warnings about actively exploited vulnerabilities in Microsoft SharePoint Server (CVE-2025-53770) that enable unauthenticated remote code execution. With Chinese state-aligned actors and ransomware groups already compromising Australian organisations, this threat represents an immediate and severe risk to business-critical data and infrastructure.

The ToolShell Crisis: Why Your SharePoint Server Is a Ticking Time Bomb
Lean Security Expert
Why Long-Lived Cloud Credentials Are Your ...

Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.

Why Long-Lived Cloud Credentials Are Your Biggest Identity Risk in 2025
Lean Security Expert
Fortinet "Ghost Logins": How Authentication ...

Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.

Fortinet "Ghost Logins": How Authentication Bypass Attacks Expose Gaps in Your Penetration Testing Strategy
Lean Security Expert
React2Shell: A CISO’s Guide to CVE-2025-55182

A new security flaw called React2Shell (CVE-2025-55182) puts Australian businesses at extreme risk. It has a severity score of CVSS 10.0, which is the highest possible rating. This flaw lets hackers take full control of your servers without needing a password. It affects the popular tools React and Next.js.

React2Shell: A CISO’s Guide to CVE-2025-55182
Lean Security Expert
SessionReaper & BFCM: Why Penetration ...

A critical vulnerability in Adobe Commerce and Magento (CVE-2025-54236), dubbed "SessionReaper," is being ruthlessly exploited by threat actors using AI-driven tools to automate attacks at machine speed. With the Australian holiday trading season in full swing, this unauthenticated remote code execution (RCE) flaw poses an immediate existential threat to retail and B2B organizations. This alert outlines the mechanics of the attack, the role of AI in its weaponization, and the urgent defensive actions required to prevent a catastrophic data breach.

SessionReaper & BFCM: Why Penetration Testing Services Are Critical (CVE-2025-54236)

Daily Threat Briefing: Russian Sanctions, Salesforce Supply Chain Risks & Critical WSUS Exploits

Daily Threat Briefing: Russian Sanctions, Salesforce Supply Chain Risks & Critical WSUS Exploits

The last 24 to 48 hours have seen significant shifts in the Australian cyber threat landscape, dominated by a major government crackdown on ransomware facilitators and a developing supply chain incident affecting the Salesforce ecosystem. In a coordinated move with the US and UK, the Australian Government has imposed sanctions on Russian individuals and entities providing "bulletproof hosting" to gangs like LockBit and Clop. Meanwhile, organisations relying on Salesforce are on high alert following confirmed unauthorized activity linked to third-party Gainsight applications, with threat actors claiming widespread access. On the vulnerability front, a critical Microsoft WSUS flaw (CVE-2025-59287) is seeing active exploitation, demanding immediate attention from system administrators.

Daily Threat Briefing: Supply Chain Attacks Hit Defence, AI-Driven Phishing Escalates

Daily Threat Briefing: Supply Chain Attacks Hit Defence, AI-Driven Phishing Escalates

In the last 24 hours, the Australian cyber threat landscape has been dominated by a significant supply chain compromise within the Defence sector and a surge in AI-enabled social engineering campaigns targeting the FinTech and Healthcare industries. Threat actors are increasingly leveraging third-party vulnerabilities to bypass hardened perimeters, necessitating an immediate review of vendor access privileges.

Daily Threat Briefing: Russian Sanctions, Defence Supply Chain Breaches & The Zero-Day Surge

Daily Threat Briefing: Russian Sanctions, Defence Supply Chain Breaches & The Zero-Day Surge

The last 24 hours have seen a significant escalation in the Australian cyber threat landscape. The Federal Government has moved from defence to offence with landmark sanctions against Russian cybercrime infrastructure, while the private sector grapples with active zero-day exploitation across major enterprise platforms. From defence contractors to healthcare providers, no sector has been left untouched this week.

Here is your deep dive into the threats shaping the Australian cyber environment today.

Daily Threat Briefing: Defence Supply Chain Sieged, Russian Hosts Sanctioned & Critical Fortinet Zero-Days

Daily Threat Briefing: Defence Supply Chain Sieged, Russian Hosts Sanctioned & Critical Fortinet Zero-Days

The Australian cyber threat landscape has intensified over the last 24 hours with significant geopolitical moves and critical infrastructure attacks. The Federal Government, in coordination with the US and UK, has officially sanctioned Russian "bulletproof" hosting providers facilitating ransomware campaigns against Australian targets. Meanwhile, the defence supply chain is under scrutiny following a confirmed breach at a major naval contractor, and network defenders are racing to patch actively exploited zero-days in Fortinet and Citrix appliances.

Here is your daily deep dive into the threats shaping our digital environment.

CISA Alert: LANDFALL Spyware Hits Australian BYOD Devices

CISA Alert: LANDFALL Spyware Hits Australian BYOD Devices

A zero-click vulnerability, CVE-2025-21042, in millions of Samsung devices is being actively exploited to install "LANDFALL," a commercial-grade spyware. This threat, now on CISA's KEV catalog , transforms an executive's personal device into a silent corporate surveillance tool, completely bypassing your MDM and EDR. For Australian organisations with BYOD policies, this is a critical, reportable data breach scenario under the NDB scheme.

Contact us for a quote