As we enter December, the Australian cyber threat landscape has escalated sharply. In the last 24 hours, security teams across the nation have faced a convergence of sophisticated state-sponsored activity, record-breaking DDoS attacks, and targeted supply chain compromises. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and global intelligence feeds indicate a critical surge in threats targeting SaaS environments and healthcare infrastructure. This briefing covers the most significant threats, threat actors, and vulnerabilities identified over the weekend and into today, specifically tailored for Australian organisations.

As we wrap up the Black Friday weekend and move into the holiday season, the Australian cyber threat landscape has seen a significant escalation in activity over the last 24 hours. Our deep dive into the latest intelligence reveals a coordinated surge in campaigns targeting the government, healthcare, and retail sectors. Advanced Persistent Threats (APTs) and opportunistic criminal gangs are leveraging AI-driven automation to exploit new vulnerabilities in web applications and APIs. Click to get a more detailed breakdown of the critical threats, exploited vulnerabilities, and active threat actors impacting Australian organisations today.

In the last 24 hours, the Australian cyber threat landscape has been dominated by the rapid weaponisation of Generative AI and the escalation of "non-human" identity compromises. Following the patterns identified earlier this year in the ACSC's Annual Cyber Threat Report, we are seeing a shift from traditional credential stuffing to sophisticated, AI-enhanced social engineering and API-based attacks. Today's briefing highlights a coordinated campaign targeting the Healthcare and FinTech sectors, leveraging deepfake technology to bypass biometric verification. Additionally, new intelligence suggests state-sponsored actors are actively exploiting "shadow AI" implementations in Government supply chains.

The last 24 hours have underscored a critical reality for Australian CISOs and security teams: the separation between "sector-specific" threats is vanishing. From the 15.72 Tbps DDoS attack aimed at Australian infrastructure to the targeted ransomware campaigns crippling regional healthcare, the tempo of operations is accelerating as we approach the holiday season. As a penetration testing team, we are closely monitoring active exploitation in the wild. Below is your deep-dive briefing on the threats shaping the Australian landscape today.

The last 24 hours have seen a significant escalation in the Australian cyber threat landscape, characterised by a convergence of AI-driven offensive operations and high-impact data breaches. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and private sector intelligence indicate a sharp rise in automated attacks targeting the Healthcare, FinTech, and Government sectors. Of particular concern is the emergence of AI agents capable of automating complex attack chains, reducing the time from vulnerability discovery to exploitation to near zero.

In the last 24 hours, the Australian cyber threat landscape has been dominated by a record-breaking Distributed Denial of Service (DDoS) attack targeting local cloud infrastructure, alongside critical alerts for widely used enterprise edge devices. The Australian Securities and Investments Commission (ASIC) has also signalled a major shift in regulatory enforcement regarding cyber resilience in the financial sector.

The last 24 to 48 hours have seen significant shifts in the Australian cyber threat landscape, dominated by a major government crackdown on ransomware facilitators and a developing supply chain incident affecting the Salesforce ecosystem. In a coordinated move with the US and UK, the Australian Government has imposed sanctions on Russian individuals and entities providing "bulletproof hosting" to gangs like LockBit and Clop. Meanwhile, organisations relying on Salesforce are on high alert following confirmed unauthorized activity linked to third-party Gainsight applications, with threat actors claiming widespread access. On the vulnerability front, a critical Microsoft WSUS flaw (CVE-2025-59287) is seeing active exploitation, demanding immediate attention from system administrators.