Lean Security Expert
The ToolShell Crisis: Why Your SharePoint ...

The Australian Cyber Security Centre has issued urgent warnings about actively exploited vulnerabilities in Microsoft SharePoint Server (CVE-2025-53770) that enable unauthenticated remote code execution. With Chinese state-aligned actors and ransomware groups already compromising Australian organisations, this threat represents an immediate and severe risk to business-critical data and infrastructure.

The ToolShell Crisis: Why Your SharePoint Server Is a Ticking Time Bomb
Lean Security Expert
Why Long-Lived Cloud Credentials Are Your ...

Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.

Why Long-Lived Cloud Credentials Are Your Biggest Identity Risk in 2025
Lean Security Expert
Fortinet "Ghost Logins": How Authentication ...

Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.

Fortinet "Ghost Logins": How Authentication Bypass Attacks Expose Gaps in Your Penetration Testing Strategy
Lean Security Expert
React2Shell: A CISO’s Guide to CVE-2025-55182

A new security flaw called React2Shell (CVE-2025-55182) puts Australian businesses at extreme risk. It has a severity score of CVSS 10.0, which is the highest possible rating. This flaw lets hackers take full control of your servers without needing a password. It affects the popular tools React and Next.js.

React2Shell: A CISO’s Guide to CVE-2025-55182
Lean Security Expert
SessionReaper & BFCM: Why Penetration ...

A critical vulnerability in Adobe Commerce and Magento (CVE-2025-54236), dubbed "SessionReaper," is being ruthlessly exploited by threat actors using AI-driven tools to automate attacks at machine speed. With the Australian holiday trading season in full swing, this unauthenticated remote code execution (RCE) flaw poses an immediate existential threat to retail and B2B organizations. This alert outlines the mechanics of the attack, the role of AI in its weaponization, and the urgent defensive actions required to prevent a catastrophic data breach.

SessionReaper & BFCM: Why Penetration Testing Services Are Critical (CVE-2025-54236)

Weekly Threat Briefing: Australia (14-21 December 2025)

Weekly Threat Briefing: Australia (14-21 December 2025)

As we approach the end of 2025, the Australian cyber threat landscape has experienced a volatile week, with significant incidents rocking the education and healthcare sectors. The last seven days have been defined by the active exploitation of critical vulnerabilities in modern web frameworks and a series of ransomware attacks targeting sensitive patient and staff data. This week’s briefing highlights a major data breach at the University of Sydney, a ransomware attack on fertility provider Genea, and the "React2Shell" vulnerability that is currently reshaping cloud security priorities.

Daily Threat Briefing: Australia - 20 December 2025

Daily Threat Briefing: Australia - 20 December 2025

The Australian cyber threat landscape has seen significant volatility in the last 24 hours. The primary focus for security teams today is the catastrophic "React2Shell" vulnerability (CVE-2025-55182), which is actively being exploited to deploy cryptocurrency miners and backdoors across Australian cloud environments. Simultaneously, the healthcare and education sectors are under heavy fire, with a major breach disclosed by the University of Sydney and a confirmed ransomware attack on fertility provider Genea.

Australian Cyber Threat Briefing: Healthcare Security Gaps & Critical SaaS Vulnerabilities

Australian Cyber Threat Briefing: Healthcare Security Gaps & Critical SaaS Vulnerabilities

The last 24 hours have exposed significant fragility in Australia’s Healthcare and Education sectors, with a major audit revealing systemic security bypasses in NSW Health and a fresh data breach hitting the University of Sydney. Globally, critical vulnerabilities in Fortinet’s cloud infrastructure and React server components are demanding immediate patching cycles. This briefing summarises the key threats, incidents, and vulnerabilities impacting Australian organisations today.

Daily Threat Briefing: React2Shell Exploits Surge & Uni Sydney Breach

Daily Threat Briefing: React2Shell Exploits Surge & Uni Sydney Breach

As we approach the holiday shutdown period, the Australian cyber threat landscape has intensified significantly over the last 24 hours. The standout threat is the rapid weaponisation of the React2Shell (CVE-2025-55182) vulnerability, which is currently being exploited in the wild by state-sponsored actors and botnets alike. Additionally, the University of Sydney has confirmed a data breach impacting historical records, reminding the Education sector that non-production environments remain a critical risk vector.

Australian Threat Briefing: React2Shell Escalation, Critical Fortinet Flaws & AI Supply Chain Risks

Australian Threat Briefing: React2Shell Escalation, Critical Fortinet Flaws & AI Supply Chain Risks

In the last 24 hours, the Australian cybersecurity landscape has been dominated by the rapid escalation of the "React2Shell" (CVE-2025-55182) campaign and critical alerts regarding Fortinet authentication bypasses. Threat actors, particularly those with a Chinese nexus, are actively exploiting these vulnerabilities across the SaaS and Government sectors. Additionally, high-profile supply chain incidents impacting major AI providers like OpenAI highlight the growing fragility of the artificial intelligence ecosystem.

Daily Threat Briefing: React Critical RCE, Healthcare Under Fire, and New AI Risks

Daily Threat Briefing: React Critical RCE, Healthcare Under Fire, and New AI Risks

In the last 24 hours, the Australian cyber landscape has been dominated by urgent warnings regarding a maximum-severity vulnerability in the React framework, fresh ransomware concerns targeting Queensland healthcare providers, and significant developments in AI security governance. The Australian Cyber Security Centre (ACSC) and global partners continue to highlight the aggressive targeting of critical infrastructure by state-sponsored and opportunistic threat actors.

Urgent: Critical React & Fortinet Flaws Exploit Australian Networks

Urgent: Critical React & Fortinet Flaws Exploit Australian Networks

The Australian cyber threat landscape has intensified significantly over the last 24 hours. The Australian Cyber Security Centre (ACSC) and global intelligence firms have issued urgent alerts regarding a perfect storm of critical vulnerabilities. Foremost among these is "React2Shell"—a CVSS 10.0 vulnerability in the React framework—and a severe authentication bypass in Fortinet appliances. Simultaneously, ransomware groups are aggressively targeting Australian organisations, with confirmed breaches in the FinTech and Healthcare sectors. The Chaos and Qilin ransomware gangs have claimed responsibility for major data exfiltration events, highlighting the persistent threat to sensitive personally identifiable information (PII) and financial records.

Weekly Threat Briefing: Critical Fortinet Flaws, AI Vulnerabilities & Nation-State Shifts

Weekly Threat Briefing: Critical Fortinet Flaws, AI Vulnerabilities & Nation-State Shifts

The Australian cyber security landscape has experienced a turbulent week (7–14 December), dominated by a "Critical" alert from the Australian Cyber Security Centre (ACSC) regarding widespread vulnerabilities in edge devices and a worrying escalation in AI-assisted development flaws. As we approach the holiday shutdown period—a traditional window for heightened ransomware activity—organisations across Healthcare, Government, and FinTech must urgently prioritise patching and detection. Here is your deep dive into the threats impacting Australian organisations this week.

Urgent: 'React2Shell' RCE Exploited by State Actors & New Healthcare Supply Chain Risks

Urgent: 'React2Shell' RCE Exploited by State Actors & New Healthcare Supply Chain Risks

The Australian cyber threat landscape has reached a critical juncture in the last 24 hours. The primary focus for all security teams today is the rapid weaponisation of the ‘React2Shell’ vulnerability (CVE-2025-55182), which is actively being exploited by Chinese state-sponsored actors and cybercriminal syndicates to compromise web applications across the SaaS, FinTech, and Government sectors. Simultaneously, the healthcare sector faces a renewed supply chain crisis following a breach at a major IT services provider.

Daily Threat Briefing: Australia – 12 December 2025

Daily Threat Briefing: Australia – 12 December 2025

The Australian cyber threat landscape for the last 24 hours has been dominated by the critical "React2Shell" vulnerability and the fallout from December’s "Patch Tuesday". State-sponsored actors and ransomware groups are moving with speed to exploit these new vectors. Additionally, a new report highlights a disturbing rise in data leakage through enterprise AI tools, impacting Australian SaaS and FinTech sectors heavily.

Contact us for a quote