Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
A new security flaw called React2Shell (CVE-2025-55182) puts Australian businesses at extreme risk. It has a severity score of CVSS 10.0, which is the highest possible rating. This flaw lets hackers take full control of your servers without needing a password. It affects the popular tools React and Next.js.
A critical vulnerability in Adobe Commerce and Magento (CVE-2025-54236), dubbed "SessionReaper," is being ruthlessly exploited by threat actors using AI-driven tools to automate attacks at machine speed. With the Australian holiday trading season in full swing, this unauthenticated remote code execution (RCE) flaw poses an immediate existential threat to retail and B2B organizations. This alert outlines the mechanics of the attack, the role of AI in its weaponization, and the urgent defensive actions required to prevent a catastrophic data breach.
A zero-click vulnerability, CVE-2025-21042, in millions of Samsung devices is being actively exploited to install "LANDFALL," a commercial-grade spyware. This threat, now on CISA's KEV catalog , transforms an executive's personal device into a silent corporate surveillance tool, completely bypassing your MDM and EDR. For Australian organisations with BYOD policies, this is a critical, reportable data breach scenario under the NDB scheme.
The last 24 hours have been critical for Australian cyber defenders. A new maximum-severity vulnerability in the React framework, dubbed "React2Shell," is being actively exploited by state-sponsored actors, sending shockwaves through the SaaS and FinTech sectors. Simultaneously, the Australian healthcare and education sectors are grappling with fresh ransomware extortion attempts and significant data leaks.
As we kick off the week leading into the holiday season, Australian security teams face a heightened threat landscape. Over the weekend, active exploitation of maximum-severity vulnerabilities in Cisco infrastructure and modern web frameworks has been confirmed. Additionally, fresh reports highlight significant cyber risks within the NSW healthcare sector and a major data breach impacting the tertiary education sector.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
As we approach the end of 2025, the Australian cyber threat landscape has experienced a volatile week, with significant incidents rocking the education and healthcare sectors. The last seven days have been defined by the active exploitation of critical vulnerabilities in modern web frameworks and a series of ransomware attacks targeting sensitive patient and staff data. This week’s briefing highlights a major data breach at the University of Sydney, a ransomware attack on fertility provider Genea, and the "React2Shell" vulnerability that is currently reshaping cloud security priorities.
The Australian cyber threat landscape has seen significant volatility in the last 24 hours. The primary focus for security teams today is the catastrophic "React2Shell" vulnerability (CVE-2025-55182), which is actively being exploited to deploy cryptocurrency miners and backdoors across Australian cloud environments. Simultaneously, the healthcare and education sectors are under heavy fire, with a major breach disclosed by the University of Sydney and a confirmed ransomware attack on fertility provider Genea.
The last 24 hours have exposed significant fragility in Australia’s Healthcare and Education sectors, with a major audit revealing systemic security bypasses in NSW Health and a fresh data breach hitting the University of Sydney. Globally, critical vulnerabilities in Fortinet’s cloud infrastructure and React server components are demanding immediate patching cycles. This briefing summarises the key threats, incidents, and vulnerabilities impacting Australian organisations today.
As we approach the holiday shutdown period, the Australian cyber threat landscape has intensified significantly over the last 24 hours. The standout threat is the rapid weaponisation of the React2Shell (CVE-2025-55182) vulnerability, which is currently being exploited in the wild by state-sponsored actors and botnets alike. Additionally, the University of Sydney has confirmed a data breach impacting historical records, reminding the Education sector that non-production environments remain a critical risk vector.
In the last 24 hours, the Australian cybersecurity landscape has been dominated by the rapid escalation of the "React2Shell" (CVE-2025-55182) campaign and critical alerts regarding Fortinet authentication bypasses. Threat actors, particularly those with a Chinese nexus, are actively exploiting these vulnerabilities across the SaaS and Government sectors. Additionally, high-profile supply chain incidents impacting major AI providers like OpenAI highlight the growing fragility of the artificial intelligence ecosystem.
In the last 24 hours, the Australian cyber landscape has been dominated by urgent warnings regarding a maximum-severity vulnerability in the React framework, fresh ransomware concerns targeting Queensland healthcare providers, and significant developments in AI security governance. The Australian Cyber Security Centre (ACSC) and global partners continue to highlight the aggressive targeting of critical infrastructure by state-sponsored and opportunistic threat actors.
The Australian cyber threat landscape has intensified significantly over the last 24 hours. The Australian Cyber Security Centre (ACSC) and global intelligence firms have issued urgent alerts regarding a perfect storm of critical vulnerabilities. Foremost among these is "React2Shell"—a CVSS 10.0 vulnerability in the React framework—and a severe authentication bypass in Fortinet appliances. Simultaneously, ransomware groups are aggressively targeting Australian organisations, with confirmed breaches in the FinTech and Healthcare sectors. The Chaos and Qilin ransomware gangs have claimed responsibility for major data exfiltration events, highlighting the persistent threat to sensitive personally identifiable information (PII) and financial records.
