NVIDIA turned AI factories into grid assets, China published its AI dominance doctrine, and the US military confirmed using Claude in Iran strikes. From energy infrastructure to battlefield targeting, the AI race this week moved well beyond Silicon Valley.
DragonForce ransomware hit Health Management Systems, an Australian healthcare software provider. Hospitals/clinics urged to check vendor security, isolate backups & train staff vs phishing.
A global coalition led by Microsoft and Europol has dismantled the Tycoon 2FA phishing-as-a-service platform, a major criminal enterprise that enabled attackers to bypass multi-factor authentication and compromise nearly 100,000 organisations worldwide.
Australian firm FIIG Securities has been ordered to pay a $2.5 million penalty by the Federal Court following ASIC action over significant cybersecurity failures that led to a major data breach in 2023. The landmark case sets a new precedent for cyber resilience obligations for AFS licensees.
Cyber News Centre's cyber update for 11th February 2026: Australian fixed-income specialist FIIG Securities has been ordered by the Federal Court to pay a $2.5 million penalty for major cybersecurity failures that persisted for over four years.
FIIG Securities, an Australian financial services firm established in 1998, provides bond and fixed-income investment services to thousands of retail and wholesale clients. The company, which held approximately $3 billion in client assets under management at the time of the breach, was acquired by AUSIEX after the incident.
Update: The Federal Court has imposed a $2.5 million fine on FIIG Securities, alongside a $500,000 payment towards the Australian Securities and Investments Commission's (ASIC) costs, following a significant 2023 data breach. The breach, carried out by the ALPHV/BlackCat ransomware group, exposed 385GB of sensitive data from 18,000 clients, including passport details, tax file numbers, and bank account information. The court found FIIG's cybersecurity measures were inadequate for over four years, from March 2019 to June 2023.
The initial intrusion occurred when an employee downloaded a malicious .zip file, with the firm failing to act on subsequent firewall alerts. Specific failures cited by ASIC included the lack of multi-factor authentication for remote access, no qualified personnel monitoring threat alerts, and the absence of mandatory cybersecurity training for staff.
The firm also failed to conduct regular penetration testing or maintain an adequate, tested incident response plan. FIIG admitted that complying with its own policies could have prevented the data exposure. The court has mandated an independent expert review of FIIG's cybersecurity compliance program.
Why it Matters: This ruling is a landmark event, marking the first time the Federal Court has imposed civil penalties for cybersecurity failures under the general obligations of an Australian Financial Services (AFS) licence.
The decision sends a clear and costly warning to all AFS licensees that inadequate investment in cyber resilience is no longer acceptable. ASIC Deputy Chair Sarah Court stated the consequences "far exceeded what it would have cost FIIG to implement adequate controls in the first place," highlighting the financial and reputational damage that stems from neglecting cybersecurity.
The case establishes a new, enforceable benchmark for cyber risk management in Australia's financial sector, shifting cybersecurity from an IT issue to a core compliance and governance obligation.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
DragonForce ransomware hit Health Management Systems, an Australian healthcare software provider. Hospitals/clinics urged to check vendor security, isolate backups & train staff vs phishing.
A global coalition led by Microsoft and Europol has dismantled the Tycoon 2FA phishing-as-a-service platform, a major criminal enterprise that enabled attackers to bypass multi-factor authentication and compromise nearly 100,000 organisations worldwide.
Stryker is rebuilding after a cyberattack that wiped about 80,000 devices via a compromised Intune admin account, with up to 50TB of data reportedly exfiltrated. As US systems face similar probes, Australia is exposed, increasing pressure on boards to tighten cyber controls and readiness.
Google has issued an emergency patch for a high-severity zero-day (CVE-2026-3910) in its V8 JavaScript engine, which is being actively exploited in the wild. The flaw allows arbitrary code execution, posing a significant risk to billions of Chrome users globally, including in Australia.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
