Discover how threat actors exploit the critical CVE-2026-20127 Cisco SD-WAN vulnerability. Learn IoCs, remediation steps, and how penetration testing secures your network.
The Australian Cyber Security Centre has issued urgent warnings about actively exploited vulnerabilities in Microsoft SharePoint Server (CVE-2025-53770) that enable unauthenticated remote code execution. With Chinese state-aligned actors and ransomware groups already compromising Australian organisations, this threat represents an immediate and severe risk to business-critical data and infrastructure.
Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
A new security flaw called React2Shell (CVE-2025-55182) puts Australian businesses at extreme risk. It has a severity score of CVSS 10.0, which is the highest possible rating. This flaw lets hackers take full control of your servers without needing a password. It affects the popular tools React and Next.js.
As we close out the third week of February 2026, the Australian cyber landscape is being defined by a sophisticated pivot towards AI-enabled API exploitation and high-impact ransomware campaigns targeting the FinTech and Healthcare sectors. The "blast radius" of AI systems is widening, with the Model Context Protocol (MCP) emerging as a critical new attack surface.
The Australian cyber threat landscape has escalated significantly in the last 24 hours. The headlines are dominated by a massive data breach affecting a Sydney-based FinTech lender, exposing the identity documents of hundreds of thousands of Australians. Simultaneously, critical vulnerabilities in widely used SaaS automation tools and AI frameworks are being actively exploited, prompting urgent warnings for organisations integrating AI agents into their workflows.
The last 24 hours have seen a surge in high-impact activity targeting Australian organisations, particularly in the FinTech and Healthcare sectors. Of critical concern is the active exploitation of new zero-day vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM), which poses a severe risk to government and enterprise mobile fleets. Simultaneously, the Australian lending platform youX has confirmed a significant data breach, and the Aeromedical Society of Australasia has become the latest victim of the resurrected LockBit 5.0 ransomware group.
The last 24 hours have exposed critical fractures in Australia’s national cyber resilience, ranging from federal compliance failures to the active weaponisation of autonomous AI systems. For security teams across the country, the immediate priority is a critical zero-day patching cycle for web/SaaS access, while C-level executives must urgently review third-party governance and incident reporting protocols.
In the last 24 hours, the Australian cyber threat landscape has been dominated by the discovery of an actively exploited Zero-Day in Google Chrome and the release of concerning data regarding government incident reporting. Critical vulnerabilities in SaaS platforms and the escalating weaponisation of AI agents continue to pose significant risks to local organisations.
The Australian cybersecurity landscape has shifted dramatically in the last 24 hours. Security teams across the country must urgently prioritise the remediation of a critical remote code execution (RCE) vulnerability in BeyondTrust appliances, which is currently seeing active exploitation. Simultaneously, the healthcare sector faces a fresh wave of extortion attempts from the '0APT' group, and the Federal Court has handed down a landmark $2.5 million penalty to a financial services firm, setting a new precedent for board-level accountability.
This week in Australian cyber security, the threat landscape is dominated by critical zero-day exploitations affecting widely used infrastructure. Federal agencies and private sector organisations are on high alert following CISA’s inclusion of new vulnerabilities in the Known Exploited Vulnerabilities (KEV) catalogue. Locally, the healthcare sector remains under intense scrutiny following the release of a concerning audit of NSW Health’s cyber posture, while SaaS and AI-driven threats continue to evolve.
In the last 24 hours, the Australian cybersecurity landscape has been dominated by urgent warnings regarding remote access tools and a fresh wave of attacks targeting the healthcare sector. Of particular concern is the active exploitation of a critical vulnerability in BeyondTrust Remote Support, a tool widely used by Australian enterprises and managed service providers (MSPs). Additionally, new reports from the Australian Signals Directorate (ASD) and global bodies highlight the weaponisation of AI agents, reshaping the threat horizon for 2026.
The last 24 hours in the Australian cyber threat landscape have been dominated by the escalating weaponisation of Generative AI, significant regulatory enforcement in the financial sector, and critical vulnerabilities in widely used SaaS automation tools. Nation-state actors, particularly the group identified as Salt Typhoon, continue to persistently target critical infrastructure, while the healthcare and education sectors face a fresh wave of data extortion campaigns.
The Australian cyber threat landscape for the last 24 hours has been dominated by a concerning breach of the national Early Warning Network (EWN) and a historic regulatory penalty in the FinTech sector. These events signal a shift from pure data theft to systemic disruption and regulatory accountability. Simultaneously, technical teams must urgently address critical vulnerabilities in AI agents and workflow automation tools that are being actively exploited in the wild.
