Australian Cyber Threat Landscape¶
At a Glance¶
-
130
Active Advisories (ACSC, Five Eyes CERTs, CISA)
-
1555
CISA Known Exploited Vulnerabilities
-
200
Recent ThreatFox IOCs (7 days)
-
50
OTX Threat Intelligence Pulses
Latest Advisories¶
| Advisory | Source | Date |
|---|---|---|
| CISA Adds One Known Exploited Vulnerability to Catalog | CISA | Wed, 25 Mar 26 1 |
| The near-term impact of AI on the cyber threat | NCSC UK | Wed, 24 Jan 2024 |
| Technical report: Responsible use of the Border Gateway Protocol (BGP) for ISP... | NCSC UK | Wed, 20 Jan 2021 |
| The threat from commercial cyber proliferation | NCSC UK | Wed, 19 Apr 2023 |
| CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization | CISA | Wed, 18 Mar 26 1 |
Critical Vulnerabilities (Last 14 Days)¶
| CVE ID | CVSS | Description |
|---|---|---|
| CVE-2026-27459 | 9.8 | pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior... |
| CVE-2026-30884 | 9.6 | mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated... |
| CVE-2026-31938 | 9.6 | jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the... |
| CVE-2026-25449 | 9.8 | Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object... |
Key APAC Threat Actors¶
| Actor | Attribution | Primary Targets | Active |
|---|---|---|---|
| Kimsuky | Russia | Government, Education | |
| Lazarus Group | North Korea / RGB | Financial | |
| APT28 | Russia / GRU | Military | |
| Mustang Panda | China | Government, Diplomatic | |
| APT41 | China | Financial, Telecommunications, Healthcare, Technology, Education |
Australian Data Breach Trends (OAIC NDB)¶
| Period | Total | Malicious Attacks | Human Error |
|---|---|---|---|
| Jul-Dec 2023 | 483 | 310 | 144 |
| Jan-Jun 2023 | 409 | 264 | 123 |
| Jul-Dec 2022 | 497 | 350 | 123 |
| Jan-Jun 2022 | 396 | 250 | 123 |
Geopolitical & Strategic News¶
- AI adoption should protect human communication and judgement (ASPI, Wed, 25 Mar 2026)
- Back to the old ways: China tries to persuade Taiwanese they’re Chinese (ASPI, Wed, 25 Mar 2026)
- Capturing the data centre gold rush is a strategic imperative for Australia (ASPI, Wed, 25 Mar 2026)
- Google Drive ransomware detection now on by default for paying users (BleepingComputer, Wed, 01 Apr 2026)
- Australia’s defence industry must look beyond the ADF (ASPI, Tue, 31 Mar 2026)
- Cisco source code stolen in Trivy-linked dev environment breach (BleepingComputer, Tue, 31 Mar 2026)
- ASPI’s Critical Technology Tracker: in ever more technologies, China is moving towards monopoly (ASPI, Tue, 31 Mar 2026)
- China and Vietnam are engineering closer relations (ASPI, Tue, 31 Mar 2026)