Joint advisory by Australian, New Zealand, and Tongan cyber authorities warns of rising INC Ransom attacks on critical infrastructure. The RaaS group has breached 11 Australian organisations, mainly in healthcare and professional services.
Microsoft’s March 2026 Patch Tuesday fixes 83 flaws, including three critical Office vulnerabilities exploitable through the Preview Pane that allow code execution without opening files, and a Copilot-linked Excel bug that could leak data. The ACSC urges immediate patching under the Essential Eight.
A Western Australian government audit has exposed critical Microsoft 365 security failures across seven state entities, leading to a data breach that leaked information on minors and a separate business email compromise incident resulting in the theft of $71,000 through fraudulent invoices.
A series of cyber attacks on Australian defence supply chain contractors has exposed sensitive material relating to major weapons programs, including the Redback infantry fighting vehicle.
Cyber News Centre's cyber update for 1st December 2025: A series of cyber attacks on Australian defence supply chain contractors has compromised material relating to Australia's weapons programs.
IKAD Engineering, a key player in the Australian defence industry, and overseas contractors involved in the ADF’s new Redback infantry fighting vehicle programme have been affected. The breaches have exposed sensitive data and highlight significant vulnerabilities in the nation’s defence industry and critical infrastructure.
Update: A series of cyber attacks on defence industry supply chain contractors has exposed threats to Australia's weapons programs. Recently it was revealed that a hacker group shared material about Australia's $7 billion Land 400 military program after allegedly breaching several Israeli defence companies. The Cyber Toufan group posted images and details on Telegram about the Australian Defence Force's (ADF) next-generation Redback infantry fighting vehicle.
Another group, J Group, claimed responsibility for a cyber attack on IKAD Engineering, a key player in the Australian defence industry. The ransomware gang alleges it infiltrated the company's systems for five months, exfiltrating 800GB of data, including information relating to Australian naval contracts, such as the Hunter Class frigate and Collins Class submarine programs. IKAD Engineering chief executive Gerard Dyson confirmed the incident, stating an "external third party" had gained unauthorised access to a portion of its internal IT systems.
Why it Matters: These incidents are a stark reminder of the importance of supply-chain cyber-resilience. The breaches highlight a structural problem in defence and high-security industries: the entire supply chain constitutes the attack surface. Even data that the supplier characterises as “non-sensitive” can hold strategic value.
Metadata, file structure, subcontractor networks, and project timelines may provide malicious actors with a roadmap to more critical systems. The timing of these breaches coincides with heightened warnings from Australia’s intelligence community. The head of ASIO recently stated that state-backed hacking groups are intensifying efforts to infiltrate Australia’s critical infrastructure and defence supply chains.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Joint advisory by Australian, New Zealand, and Tongan cyber authorities warns of rising INC Ransom attacks on critical infrastructure. The RaaS group has breached 11 Australian organisations, mainly in healthcare and professional services.
Microsoft’s March 2026 Patch Tuesday fixes 83 flaws, including three critical Office vulnerabilities exploitable through the Preview Pane that allow code execution without opening files, and a Copilot-linked Excel bug that could leak data. The ACSC urges immediate patching under the Essential Eight.
A Western Australian government audit has exposed critical Microsoft 365 security failures across seven state entities, leading to a data breach that leaked information on minors and a separate business email compromise incident resulting in the theft of $71,000 through fraudulent invoices.
Google's March 2026 Android update patches a critical zero-day (CVE-2026-21385) in Qualcomm chips used in hundreds of millions of devices. The flaw, under active exploitation, allows privilege escalation and system compromise, posing a significant risk to users.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
