The last 24 hours have seen a significant escalation in web application threats with the disclosure of a critical Remote Code Execution (RCE) vulnerability in the React framework, dubbed "React2Shell". Australian organisations—particularly in the eCommerce and SaaS sectors—are also facing a renewed wave of ransomware activity, with prominent fashion retailers and logistics providers targeted by the INC Ransom and Qilin groups. Simultaneously, mobile security remains a priority as Google patches actively exploited zero-days affecting Android devices. Here is your daily deep dive into the threat landscape affecting Australian businesses.

The last 24 hours have seen a significant escalation in cyber activity targeting Australian critical infrastructure and commercial sectors. The Australian Cyber Security Centre (ACSC) has issued a critical alert regarding a vulnerability in React Server Components, while ransomware groups have successfully breached targets across the Government, Defence, and FinTech sectors. Today's briefing analyses these active threats, highlighting a disturbing trend of supply chain compromises and API misconfigurations that are leaving organisations exposed.

As we settle into December, the Australian cyber threat landscape is already heating up. In the last 24 hours, we’ve seen a major breach in the Defence supply chain, significant regulatory action against a local telco for anti-scam failures, and the discovery of a critical vulnerability in a widely used AI inference engine. For security teams across Healthcare, FinTech, and Government, today’s briefing highlights the critical need for supply chain vigilance and rigorous identity verification.

The last 24 hours have seen a significant surge in ransomware activity and critical infrastructure targeting across Australia. The Australian Cyber Security Centre (ACSC) and industry watchdogs have issued multiple alerts regarding active exploitation of network edge devices. Prominent threat actors, including KillSec, Space Bears, and RipperSec, have claimed successful breaches against Australian targets in the Government, FinTech, and Education sectors. Organisations are urged to prioritise patching critical vulnerabilities in Cisco and Microsoft infrastructure immediately, as threat actors are weaponising these flaws for initial access.

As we enter December, the Australian cyber threat landscape has escalated sharply. In the last 24 hours, security teams across the nation have faced a convergence of sophisticated state-sponsored activity, record-breaking DDoS attacks, and targeted supply chain compromises. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and global intelligence feeds indicate a critical surge in threats targeting SaaS environments and healthcare infrastructure. This briefing covers the most significant threats, threat actors, and vulnerabilities identified over the weekend and into today, specifically tailored for Australian organisations.

As we wrap up the Black Friday weekend and move into the holiday season, the Australian cyber threat landscape has seen a significant escalation in activity over the last 24 hours. Our deep dive into the latest intelligence reveals a coordinated surge in campaigns targeting the government, healthcare, and retail sectors. Advanced Persistent Threats (APTs) and opportunistic criminal gangs are leveraging AI-driven automation to exploit new vulnerabilities in web applications and APIs. Click to get a more detailed breakdown of the critical threats, exploited vulnerabilities, and active threat actors impacting Australian organisations today.

In the last 24 hours, the Australian cyber threat landscape has been dominated by the rapid weaponisation of Generative AI and the escalation of "non-human" identity compromises. Following the patterns identified earlier this year in the ACSC's Annual Cyber Threat Report, we are seeing a shift from traditional credential stuffing to sophisticated, AI-enhanced social engineering and API-based attacks. Today's briefing highlights a coordinated campaign targeting the Healthcare and FinTech sectors, leveraging deepfake technology to bypass biometric verification. Additionally, new intelligence suggests state-sponsored actors are actively exploiting "shadow AI" implementations in Government supply chains.

The last 24 hours have underscored a critical reality for Australian CISOs and security teams: the separation between "sector-specific" threats is vanishing. From the 15.72 Tbps DDoS attack aimed at Australian infrastructure to the targeted ransomware campaigns crippling regional healthcare, the tempo of operations is accelerating as we approach the holiday season. As a penetration testing team, we are closely monitoring active exploitation in the wild. Below is your deep-dive briefing on the threats shaping the Australian landscape today.