Australia has become one of the first countries to mandate AS IEC 62443 standards by law, transforming healthcare cybersecurity into a legal obligation. The move marks a critical shift toward operational resilience and positions patient safety at the center of cyber strategy.
United Australia Party confirms ransomware attack exposing all emails and documents. Cisco patches critical ISE vulnerability with maximum CVSS 10.0 severity allowing unauthenticated root access. Steadfast Companies reports data breach affecting 1,102 Texas residents.
Compumedics ransomware attack exposes 320,000 patient records. International operation dismantles NoName057(16) Russian hacker network. Google patches fifth actively exploited Chrome zero-day of 2025.
United Australia Party confirms ransomware attack exposing all emails and documents. Cisco patches critical ISE vulnerability with maximum CVSS 10.0 severity allowing unauthenticated root access. Steadfast Companies reports data breach affecting 1,102 Texas residents.
Cyber News Centre's cyber update for 18th July 2025: Clive Palmer's United Australia Party confirms a ransomware attack that potentially exposed all party emails and documents. Cisco has issued an emergency patch for a maximum-severity vulnerability in Identity Services Engine allowing unauthenticated root access. Meanwhile, California-based Steadfast Companies reports a data breach affecting over 1,100 Texas residents.
The United Australia Party (UAP) is an Australian political party founded by mining magnate Clive Palmer in 2013. Based in Queensland, the party operates alongside Palmer's Trumpet of Patriots party and has contested federal and state elections across Australia. The UAP maintains digital infrastructure containing member communications, financial records, and political correspondence spanning multiple election cycles.
Update: The United Australia Party disclosed on July 17, 2025, that both it and Palmer's Trumpet of Patriots party suffered a ransomware attack on June 23, 2025, resulting in unauthorised access to servers and possible data exfiltration. The breach potentially exposed all emails to and from both political parties, including attachments, plus documents and records created or held electronically at any time in the past.
The party admitted it cannot confirm what specific data was compromised and stated it is "impracticable to notify individuals" because they do not maintain records of all individuals who were on the server.
Why it Matters: This attack represents a significant breach of Australian political infrastructure, potentially exposing sensitive communications between party officials, donors, and members during critical election periods. The admission that individual notification is "impracticable" raises serious questions about data governance practices within Australian political organisations and highlights vulnerabilities in the democratic process.
For Australian voters and party supporters, this incident demonstrates how political parties may be inadequately protecting personal information and correspondence, potentially affecting public trust in political institutions and electoral processes.
Cisco Systems is a multinational technology conglomerate headquartered in San Jose, California, specialising in networking hardware, software, and telecommunications equipment.
Update: Cisco released patches on July 16, 2025, addressing CVE-2025-20337, a critical vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with the maximum CVSS severity score of 10.0. The flaw allows unauthenticated remote attackers to execute arbitrary code with root privileges through a crafted API request, requiring no user interaction or credentials. The vulnerability affects ISE versions 3.3 and 3.4, with fixes available in patches 3.3 Patch 7 and 3.4 Patch 2. This marks the second critical ISE vulnerability patched by Cisco within three weeks, highlighting ongoing security challenges in the platform.
Why it Matters: The maximum severity rating and zero-click nature of this vulnerability make it exceptionally dangerous for enterprise networks worldwide. ISE platforms manage network access control for millions of devices across corporate environments, making successful exploitation potentially catastrophic for organisational security. The rapid succession of critical ISE vulnerabilities suggests attackers are actively targeting this infrastructure, requiring immediate patching and heightened monitoring of ISE deployments to prevent network compromise.
Steadfast Companies is a real estate investment management firm founded in 1994 and headquartered in Irvine, California. The company specialises in real estate development, property management, and investment services across Southern California, employing over 50 individuals and managing diverse commercial and residential property portfolios.
Update: Steadfast Companies experienced a data breach on November 27, 2024, affecting at least 1,102 Texas residents. The company reported the incident to the California Attorney General on July 16, 2025, and to the Texas Attorney General on July 17, 2025. The compromised information includes names, Social Security numbers, and addresses of affected individuals.
While specific details about the breach method have not been publicly disclosed, the company has begun providing notification letters to impacted individuals. Multiple law firms are now investigating the incident and the adequacy of Steadfast's data protection measures prior to the breach.
Why it Matters: This breach highlights ongoing vulnerabilities in the real estate sector, where companies handle extensive personal and financial information for property transactions and management services. The exposure of Social Security numbers alongside names and addresses creates significant identity theft risks for affected Texas residents.
The incident underscores the need for enhanced cybersecurity measures across real estate investment firms, which often maintain large databases of sensitive client information spanning multiple states and property transactions over extended periods.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Compumedics ransomware attack exposes 320,000 patient records. International operation dismantles NoName057(16) Russian hacker network. Google patches fifth actively exploited Chrome zero-day of 2025.
Australia adopts AS IEC 62443 cybersecurity standards for critical infrastructure protection. Oracle releases massive July 2025 patch update addressing 165 CVEs. DragonForce ransomware gang claims attack on US retailer Belk, stealing 156GB of customer data including Social Security numbers.
Louis Vuitton confirms global data breach affecting UK, South Korea, and Turkey customers. Critical Wing FTP Server vulnerability actively exploited with CISA warning. Romanian authorities arrest 13 in £47 million UK tax phishing operation.
UK teens arrested over £300M retail cyberattacks. CISA confirms CitrixBleed 2 is being exploited and demands urgent patching. McDonald’s exposed 64M job applications through its AI hiring tool using default login credentials.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
