Threat intelligence stories

Cambodia scam compounds are being tied to a mobile banking fraud network that hit users in 21 countries, researchers say.

OPSWAT adds millisecond AI file screening to MetaDefender, aiming to cut false positives and speed decisions in critical infrastructure networks.

UK SOC spots Monday-morning conditional access failure from Germany, helps reset compromised Microsoft 365 account before attackers can strike.

Lumen says attackers are increasingly exploiting routers, VPN gateways and other edge devices in Australia, with nation-state activity and proxy networks making detection harder.

Lumen says malware-backed proxy networks are helping attackers hide in plain sight across Asia Pacific, as AI speeds up infrastructure changes.

iProov warns iOS injection attacks surged 1,151% in late 2025 as generative AI fuels deepfake impersonation and identity fraud.

Microsoft warns that 10 to 15 EvilToken phishing runs are launched daily, compromising hundreds of organisations through OAuth token abuse.

Qualys says attackers are exploiting flaws before disclosure as remediation backlogs swell, with edge devices facing the highest risk.

TrendAI urges stronger AI governance as it shifts cybersecurity from fear-based selling to platformised risk reduction for Australian firms.

Microsoft says Storm-1175 is exploiting newly disclosed flaws within hours, hitting organisations in the UK and elsewhere with fast-moving Medusa ransomware.

Qualys study says attackers are exploiting flaws before patches exist, as manual remediation lags and edge systems emerge as the highest risk.

Permiso launches SandyClaw sandbox to detonate AI agent skills and expose hidden runtime risks before they reach enterprise systems.

China-linked TA416 returns to spying on European diplomats and later expands attacks to Middle Eastern government targets after Iran conflict.

Vulnetix expands AI coding defences as Australia's first Global CVE Numbering Authority, opening vulnerability tools to developers nationwide.

Attackers abuse trusted tools, remote support software and stolen SSO sessions to breach systems, ReliaQuest says.

Executives at Docusign, BeyondTrust and Saviynt say identity, data sovereignty and tighter access controls are now shaping cloud security priorities.

Cloud security specialists say organisations must rethink defences as control plane exposure, swelling telemetry and fragmented tools create fresh risks.

Zscaler says Xloader malware has added layered encryption, decoy servers and new obfuscation tricks to hinder analysts.

Google says the axios npm supply chain attack was linked to suspected North Korean actor UNC1069, raising fears for Australian and New Zealand firms.

ReliaQuest flags DeepLoad malware stealing live credentials in enterprise networks, with AI-style obfuscation, USB spread and hidden WMI persistence.