Upgrade from annual pen tests to continuous penetration testing services in Australia. Discover 2026 red teaming trends, PTaaS, and expert security assessments.
Discover how threat actors exploit the critical CVE-2026-20127 Cisco SD-WAN vulnerability. Learn IoCs, remediation steps, and how penetration testing secures your network.
The Australian Cyber Security Centre has issued urgent warnings about actively exploited vulnerabilities in Microsoft SharePoint Server (CVE-2025-53770) that enable unauthenticated remote code execution. With Chinese state-aligned actors and ransomware groups already compromising Australian organisations, this threat represents an immediate and severe risk to business-critical data and infrastructure.
Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
As we analyse the cyber threat landscape for the last 24 hours, Australian organisations are facing a convergence of sophisticated ransomware campaigns, rapid exploitation of AI vulnerabilities, and targeted scams against individuals. The Australian Signals Directorate (ASD) and industry leaders have flagged critical developments affecting the Healthcare, SaaS, and Government sectors.
Good morning, Australia. As we analyse the threat landscape for the last 24 hours, it is clear that 2026 is shaping up to be the year where "Agentic AI" risks move from theoretical to catastrophic. Today's briefing highlights a massive exposure in the AI ecosystem, critical zero-days continuously exploited by state-sponsored actors, and a glaring privacy failure in the Australian property sector.
Good morning. Here is your daily deep dive into the Australian cyber threat landscape for the last 24 hours. Today’s briefing highlights a critical security failure in the emerging "AI Agent" economy, a major shift in NSW government compliance, and new vulnerabilities targeting widely used developer tools.
The last seven days (26 January – 02 February 2026) have been defined by a resurgence in high-criticality infrastructure vulnerabilities and evolving nation-state tradecraft. For Australian organisations, the immediate priority is addressing active exploitation of Ivanti Endpoint Manager Mobile (EPMM) zero-days and critical patches for Cisco network infrastructure. Simultaneously, the threat landscape is shifting with reports of North Korean APT groups restructuring their operations, while the healthcare sector faces renewed warnings regarding IT/OT convergence risks.
In the last 24 hours, the Australian cyber threat landscape has been dominated by sophisticated abuse of AI infrastructure and targeted identity attacks. A new report released today highlights how threat actors are weaponising legitimate AI hosting platforms to distribute malware, bypassing traditional perimeter defences. Simultaneously, the FinTech and SaaS sectors are facing a resurgence of human-led phishing campaigns targeting Single Sign-On (SSO) credentials.
The Australian cyber threat landscape has undergone a distinct shift in the last 24 hours. New intelligence released yesterday indicates that threat actors are moving away from traditional malware infections, favouring direct network-based attacks to exploit exposed edge infrastructure. As Australian organisations race to integrate AI, privacy governance is struggling to keep pace, creating new blind spots in real-time data protection.
Welcome to today's threat briefing. As we approach the end of January, the Australian cyber landscape is seeing significant shifts in government policy and active exploitation of education and financial sectors. Below is a deep dive into the critical threats, incidents, and vulnerabilities observed over the last 24 hours.
The Australian cyber threat landscape over the last 24 hours has been dominated by a significant data breach within the Victorian education sector and the emergency disclosure of critical vulnerabilities affecting widespread enterprise tools. Threat actors are actively exploiting zero-day vulnerabilities in Microsoft Office and Zoom, while a new supply chain attack targeting developers using AI tools has been uncovered. Australian organisations, particularly in Government, Education, and FinTech, must prioritise patching and threat hunting immediately.
The Australian cyber threat landscape has intensified significantly over the last 24 hours, with critical developments impacting the healthcare, retail, and SaaS sectors. Today’s briefing highlights a new zero-day exploit in Microsoft Office, a confirmed breach at a major fertility provider, and the emergence of "World Leaks" targeting global brands with Australian operations.
As the nation observes Australia Day, the cyber threat landscape over the last 24 hours has been anything but quiet. While many organisations are operating with skeleton staff due to the public holiday, threat actors are actively leveraging this window to exploit critical vulnerabilities in widely used infrastructure. Our analysts have observed a convergence of physical and digital threats, with heightened hacktivist chatter targeting government entities and continued fallout from the massive Victorian education sector breach.
