The Australian Cyber Security Centre has issued urgent warnings about actively exploited vulnerabilities in Microsoft SharePoint Server (CVE-2025-53770) that enable unauthenticated remote code execution. With Chinese state-aligned actors and ransomware groups already compromising Australian organisations, this threat represents an immediate and severe risk to business-critical data and infrastructure.
Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
A new security flaw called React2Shell (CVE-2025-55182) puts Australian businesses at extreme risk. It has a severity score of CVSS 10.0, which is the highest possible rating. This flaw lets hackers take full control of your servers without needing a password. It affects the popular tools React and Next.js.
A critical vulnerability in Adobe Commerce and Magento (CVE-2025-54236), dubbed "SessionReaper," is being ruthlessly exploited by threat actors using AI-driven tools to automate attacks at machine speed. With the Australian holiday trading season in full swing, this unauthenticated remote code execution (RCE) flaw poses an immediate existential threat to retail and B2B organizations. This alert outlines the mechanics of the attack, the role of AI in its weaponization, and the urgent defensive actions required to prevent a catastrophic data breach.
The last 24 hours have seen a critical escalation in attacks targeting Australian infrastructure, with a particular focus on database integrity and network perimeter devices. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) and AusCERT have issued urgent alerts regarding active exploitation of MongoDB and WatchGuard vulnerabilities.
The first week of 2026 has delivered a sharp wake-up call to Australian organisations, with critical vulnerabilities exposing the fragility of our digital supply chains. Over the last 24 hours, the threat landscape has been dominated by a high-profile disclosure involving the Department of Foreign Affairs and Trade (DFAT), alongside urgent alerts for widely used database and API management systems.
As we commence the first working week of 2026, the Australian cyber threat landscape is dominated by the fallout from the 'MongoBleed' vulnerability and a surge in attacks targeting critical edge infrastructure. Over the last 24 hours, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed intensified scanning activity targeting unpatched database and firewall systems. Threat actors are actively weaponising these flaws to infiltrate sectors ranging from FinTech to Education.
As we settle into 2026, the Australian cyber threat landscape shows no signs of slowing down. The transition from December 2025 to January 2026 has been characterised by a volatile mix of critical infrastructure vulnerabilities and aggressive ransomware campaigns targeting the "edge" of corporate networks. This week, we have observed a sharp escalation in the exploitation of database and API vulnerabilities, alongside targeted attacks on the healthcare and education sectors.
The first few days of 2026 have delivered a sharp reminder of the fragility of our digital ecosystems. Over the last 24 hours, the Australian cybersecurity landscape has been dominated by a high-profile vulnerability disclosure affecting the Department of Foreign Affairs and Trade (DFAT), alongside critical alerts for widely used API management and database systems. For Australian organisations in FinTech, SaaS, and Government, the message is clear: authentication mechanisms and data storage protocols are under siege.
Welcome to today's threat briefing. As we settle into the new year, the Australian cyber landscape is already volatile. Over the last 24 hours, we have observed a significant escalation in attacks targeting database infrastructure and modern web frameworks. For Australian organisations, particularly in SaaS, FinTech, and Government, the "holiday lull" is officially over.
As we close out 2025, the Australian cyber threat landscape has witnessed a volatile December, characterised by a sharp escalation in sector-specific ransomware campaigns and the weaponisation of critical vulnerabilities in cloud and AI infrastructure. Threat actors have aggressively targeted the "edge" of Australian networks—exploiting SaaS platforms, unpatched IoT devices, and third-party supply chains.
As we close out 2025, the Australian cyber threat landscape remains volatile. The last 24 hours have been dominated by the rapid exploitation of the "MongoBleed" vulnerability, with the Australian Cyber Security Centre (ACSC) and global agencies issuing urgent warnings. Simultaneously, the education sector is grappling with fresh data breaches, and critical infrastructure supply chains remain under siege from ransomware syndicates.
The last 24 hours have been dominated by urgent warnings from the Australian Cyber Security Centre (ACSC) regarding a massive global exploitation campaign targeting database infrastructure. As we approach the New Year, threat actors are capitalising on skeleton staff schedules to launch high-impact attacks. Today's briefing highlights a critical MongoDB vulnerability, a significant data breach in the Australian education sector, and ongoing pressure on SaaS supply chains.
The last 24 hours have seen a surge in targeted activity against the Australian Education and IoT sectors, with critical infrastructure devices remaining a primary entry point for threat actors. The Australian Cyber Security Centre (ACSC) has flagged active exploitation of new vulnerabilities in network edge devices, while the 'KillSec' and 'Medusa' ransomware gangs have claimed significant breaches in local organisations.
