The last 24 hours have highlighted significant volatility in Australia’s cyber threat landscape, with critical infrastructure, healthcare, and education sectors facing intensified pressure. Of particular concern today is the active exploitation of critical vulnerabilities in widely used network security devices and a surge in ransomware activity targeting Australian schools. This briefing breaks down the most urgent threats, exploited vulnerabilities, and strategic risks for Australian organisations observed over the past day.

As Australian organisations operate with skeleton staff over the Boxing Day public holiday, the cyber threat landscape has intensified significantly in the last 24 hours. Threat actors are actively capitalising on reduced monitoring capabilities and the surge in e-commerce traffic. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has escalated warnings regarding critical exploits in edge devices, while the retail and fintech sectors face a barrage of sophisticated API abuse campaigns.

As we wrap up the year, the Australian cyber threat landscape has intensified significantly over the last 24 hours. Critical vulnerabilities in widely used network appliances and targeted ransomware campaigns against key sectors—specifically Education, Healthcare, and SaaS providers—demand immediate attention from security teams.

As we head into the Christmas break, the Australian cyber threat landscape has escalated significantly over the last 24 hours. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has issued a critical alert regarding active exploitation of WatchGuard Firebox devices. This comes alongside a surge in ransomware activity targeting the education and government sectors, with threat actors looking to capitalise on reduced staffing levels during the holiday period.

The last 24 hours have been critical for Australian cyber defenders. A new maximum-severity vulnerability in the React framework, dubbed "React2Shell," is being actively exploited by state-sponsored actors, sending shockwaves through the SaaS and FinTech sectors. Simultaneously, the Australian healthcare and education sectors are grappling with fresh ransomware extortion attempts and significant data leaks.

As we kick off the week leading into the holiday season, Australian security teams face a heightened threat landscape. Over the weekend, active exploitation of maximum-severity vulnerabilities in Cisco infrastructure and modern web frameworks has been confirmed. Additionally, fresh reports highlight significant cyber risks within the NSW healthcare sector and a major data breach impacting the tertiary education sector.

The Australian cyber threat landscape has seen significant volatility in the last 24 hours. The primary focus for security teams today is the catastrophic "React2Shell" vulnerability (CVE-2025-55182), which is actively being exploited to deploy cryptocurrency miners and backdoors across Australian cloud environments. Simultaneously, the healthcare and education sectors are under heavy fire, with a major breach disclosed by the University of Sydney and a confirmed ransomware attack on fertility provider Genea.

The last 24 hours have exposed significant fragility in Australia’s Healthcare and Education sectors, with a major audit revealing systemic security bypasses in NSW Health and a fresh data breach hitting the University of Sydney. Globally, critical vulnerabilities in Fortinet’s cloud infrastructure and React server components are demanding immediate patching cycles. This briefing summarises the key threats, incidents, and vulnerabilities impacting Australian organisations today.