Perth-based operational technology firm Intellect Systems has been targeted by the Akira ransomware group, which claims to have stolen 10GB of sensitive corporate and personal data. The attack highlights the growing threat to the critical infrastructure sector through vulnerable network devices.
US casino operator Boyd Gaming has confirmed a cyberattack that resulted in the theft of employee data and information from a limited number of other individuals. The company is investigating the incident and has notified relevant authorities.
Instagram has launched an AI-driven age verification tool in Australia ahead of the December 10 ban on under-16s using social media. The move aims to boost child safety but raises major privacy concerns, with experts warning of risks tied to surveillance, data misuse and unreliable accuracy.
Australia's top cyber agency warns of escalating attacks on code repositories, where threat actors use stolen credentials and infected packages to compromise software supply chains. The alert follows a major npm worm attack, highlighting significant risks for Australian organisations.
Cyber News Centre's cyber update for 23rd September 2025: The Australian Signals Directorate has issued a high-level security alert concerning the ongoing targeting of online code repositories used by developers and organisations across the country.
The Australian Signals Directorate (ASD) is the nation’s foreign signals intelligence, cyber warfare and information security agency. It houses the Australian Cyber Security Centre (ACSC), which is responsible for monitoring threats and protecting national interests in the digital domain.
The Update: The Australian Cyber Security Centre (ACSC) has issued a high-level alert for all Australian organisations, warning of increased attacks against online code repositories. The agency confirmed that threat actors are actively using phishing, compromised credentials and infected software packages to gain access. Once inside, attackers are observed scanning for and publicly leaking sensitive credentials, migrating private code to public repositories, and modifying software packages to launch supply chain attacks.
The advisory follows a recent large-scale incident where a self-replicating worm, dubbed "Shai-Hulud", compromised more than 180 packages in the popular npm JavaScript repository, demonstrating the speed and scale of these automated threats. The ASD directly stated it is aware of threat actors "abusing legitimate tooling and functions to achieve these results, rather than bespoke tooling", making detection more difficult for security teams who are looking for traditional malware signatures. The alert urges organisations to immediately review logs and validate all software packages.
Why it Matters: The targeting of code repositories represents a fundamental threat to the software supply chain. By compromising these foundational developer tools, attackers can inject malicious code into otherwise legitimate software, which is then distributed and trusted by countless downstream users. This technique bypasses traditional perimeter defences, as the threat originates from a trusted source.
The ACSC's alert signals that organisations can no longer simply trust open-source packages without rigorous verification and must actively hunt for exposed credentials within their development pipelines to prevent a minor security lapse from becoming a catastrophic breach.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Perth-based operational technology firm Intellect Systems has been targeted by the Akira ransomware group, which claims to have stolen 10GB of sensitive corporate and personal data. The attack highlights the growing threat to the critical infrastructure sector through vulnerable network devices.
US casino operator Boyd Gaming has confirmed a cyberattack that resulted in the theft of employee data and information from a limited number of other individuals. The company is investigating the incident and has notified relevant authorities.
Automotive giant Stellantis has confirmed a major data breach affecting its North American customers after the ShinyHunters group compromised a third-party Salesforce platform, allegedly stealing contact information for up to 18 million individuals.
Kmart’s facial recognition breach exposes more than a privacy violation. This extended analysis unpacks Wesfarmers’ compliance failures, the identity risks of biometric data, and how retail surveillance linking with social media could erode consumer trust.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
