Section
Cybersecurity
Starlette flaw exposes AI agent services to auth bypass
A Starlette flaw tied to malformed Host headers can bypass path-based checks, pushing FastAPI and AI-agent teams to patch to version 1.0.1.
myGov passkey explained: how it works and when to use one
myGov passkeys let Australians sign in with a fingerprint, face scan or device PIN instead of a password. Here's how setup works.
VeroGuard rescue after $55m collapse raises questions for buyers
VeroGuard's rescue from liquidation after a $55 million collapse keeps the cyber supplier alive but leaves open questions over ownership, support and public backing.
Steggall says WhatsApp account hit in suspected foreign-state phishing attack
Zali Steggall said her WhatsApp account was compromised in a March phishing attack that parliamentary officials linked to a suspected foreign state actor.
Anthropic Mythos flaws put patch speed at the centre
Anthropic Mythos found more than 10,000 serious flaws in a month, putting patch cycles, triage and change control at the centre of software security.
ASX 200 infostealer infections are now a board risk
ASX 200 infostealer infections are exposing how stolen credentials and shared suppliers can turn a solid cyber score into real board risk.
Device code phishing surges as ASD warns Microsoft 365 users
Device code phishing is targeting Australian Microsoft 365 users, the ASD has warned, as Proofpoint tracks a surge in criminal toolkits and phishing-as-a-service platforms.
Google publishes Chromium exploit code before patch lands
Chromium exploit code was published before a fix was broadly available, raising short-term risk for Chrome and other browsers built on Google's engine.
Claude Code sandbox bypass patched after 130 releases
Anthropic patched a Claude Code sandbox bypass affecting about 130 releases, showing how AI coding tools can expose developer workstations.
GitHub breach exposes 3,800 repos in VS Code attack
GitHub breach exposed about 3,800 internal repositories after a poisoned VS Code extension hit one employee device, widening supply-chain concerns.
OpenAI Daybreak: CBA, Westpac test cyber defences
OpenAI Daybreak is being tested by Commonwealth Bank and Westpac, bringing agentic cyber defence tools into Australian banking workflows.
EY cyber report retracted after AI citation errors
EY pulled a cybersecurity report after GPTZero found more than 70 per cent of its 27 citations were AI-generated, invented or misattributed.
Developer workstations are the new supply-chain weak link
Developer workstations are emerging as the new supply-chain weak link as attackers pivot from package registries to laptops, tokens and CI access.
Baidam and AUSCERT sign 12-month cyber pact on threat sharing
Baidam and AUSCERT have signed a 12-month pact covering threat intelligence, incident response, phishing takedowns and training for Australian organisations.
Windows MiniPlasma exploit gives SYSTEM access as PoC goes public
A Windows proof of concept dubbed MiniPlasma has put enterprise defenders on alert after researchers said the privilege-escalation bug could still reach SYSTEM on patched machines.
Grafana says GitHub token breach led to code download, extortion attempt
Grafana says a stolen GitHub token let an attacker download its codebase and demand a ransom, with no evidence of customer-data exposure or system impact.
Infosys opens North Sydney security operations centre for ANZ clients
Infosys has opened a dedicated Global Security Operations Center in North Sydney, expanding 24/7 monitoring and incident response for ANZ customers.
BitLocker explained: when Windows users should turn on drive encryption in 2026
BitLocker is still worth enabling for many Windows users, but the real 2026 decision sits around recovery keys, device encryption and how much control each Windows edition gives you.
Researchers say Mythos sped Apple M5 Mac exploit development
Calif says Anthropic's Mythos Preview helped build a working exploit against Apple's M5 memory protections in five days, sharpening the Mac fleet security debate.
Apple, Google and Microsoft push passkeys, but recovery still matters
Passkeys are becoming the default sign-in option across major platforms, but the real question in 2026 is whether recovery and cross-device portability are finally good enough for mainstream users.
ASIC Names Mythos in Urgent Cyber Warning to Financial Sector
ASIC has issued an urgent open letter to the financial services industry naming Anthropic's Claude Mythos as a frontier AI threat capable of triggering 'system-wide domino effects', and setting out 12 action steps for firms to strengthen their cyber defences.
Budget boosts AI, but cyber gaps remain, industry warns
The 2026-27 federal budget commits billions to AI and digital infrastructure, but cybersecurity spending tilts toward large institutions while SMEs remain exposed.
CTV ad fraud surges 140 per cent as AI-powered schemes spread globally
Connected TV fraud schemes jumped 140 per cent in the March quarter, with AI-powered bot attacks and data centre traffic costing advertisers US$1.8 million per billion unprotected impressions, according to new research from DoubleVerify.
Instructure reaches deal with ShinyHunters as Canvas breach hits Australian universities
The company behind the Canvas learning platform says stolen data has been returned and destroyed, but declines to say whether any payment was made.
Australia's $7.5B cybersecurity market: scale vs local split
Enterprises will spend AU$7.5B on cybersecurity in 2026. Global platforms dominate yet consolidation splits the market between scale and local sovereign accountability.
