Australia’s DeWave is redefining brain-computer interfaces with an AI-powered EEG cap that decodes thoughts without surgery. While Neuralink drills into skulls, DeWave shows non-invasive tech can deliver real impact—raising big questions about access and the future of thought control.
AI-driven humanoids have turned factory floors into geopolitical battlegrounds. China is turbo-charging automation and redrawing alliances, while the U.S. scrambles to close the gap—placing the next era of diplomacy, defense, and economic power squarely in the decisive hands of intelligent machines.
Apple’s new research paper dismantles the myth of AI reasoning, revealing that models from OpenAI, Anthropic, and Google collapse under complex tasks. Released ahead of WWDC 2025, the findings challenge billion-dollar AGI claims and expose the industry’s most persuasive illusion.
Australia, backed by allies like the US, UK, and Japan, has accused a Chinese state-sponsored hacking group, APT40, of breaching government and private sector networks.
Welcome to the Weekly Cyber Scan Wrap-Up, your essential source for the latest insights in cybersecurity and global tech affairs! In this edition, Australia, backed by allies like the US, UK, and Japan, has accused a Chinese state-sponsored hacking group, APT40, of breaching government and private sector networks. This move, endorsed by Five Eyes nations, underscores the ongoing threat of Chinese cyber espionage, despite recent diplomatic efforts to rebuild trade ties with China. The report highlights Australia's commitment to safeguarding its cyber infrastructure while balancing complex international relations.
Australia, supported by allies including the US, UK, and Japan, has accused a Chinese state-backed cyber hacking group of breaching the country’s government and private sector networks. The statement, endorsed by security and intelligence agencies from the Five Eyes nations and other allies, cited a “shared understanding” of a Chinese “state-sponsored cyber group and their current threat to Australian networks.”
The group, identified as Advanced Persistent Threat 40 (APT40), has been linked to China’s Ministry of State Security and is known for infiltrating various global entities.
“APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing,” the advisory noted.
This unprecedented move by the Australian Signals Directorate follows recent efforts to rebuild trade ties with China and highlights the persistent risks of Chinese cyber espionage.
The report marks the latest action by Western governments to combat Chinese cyber threats and raise awareness of their risks. In recent months, the US and UK have taken measures against other Chinese hacking groups, and the Five Eyes intelligence alliance has warned about Chinese espionage threats to critical tech sectors.
Australia’s foreign minister, Penny Wong, emphasised that publicising the allegations against APT40 is in the national interest, stating,
“We have always said we engage with China without compromising on what is important for Australia and to Australians.”
This stance underscores Australia’s commitment to safeguarding its cyber infrastructure while navigating complex diplomatic relations with Beijing.
A newly discovered attack called "Blast-RADIUS" affects the widely used Remote Authentication Dial-In User Service (RADIUS) protocol, according to a paper published by a team of researchers, Ars Technica reports. Developed in 1991, RADIUS is supported by almost all switches, routers, access points, and VPNs but still relies on the outdated MD5 hash function. The researchers explain,
"Our attack exploits an MD5 chosen-prefix collision on the ad hoc RADIUS packet authentication construction to produce Access-Accept and Access-Reject packets with identical Response Authenticators, allowing our attacker to transform a reject into an accept without knowledge of the shared secret between RADIUS client and server."
The paper's publication is being coordinated with security bulletins from at least 90 vendors, accompanied by patches implementing short-term fixes while a working group drafts longer-term solutions.
Microsoft issued patches for 142 vulnerabilities, including two actively exploited zero-days, Help Net Security reports. One zero-day (CVE-2024-38112) is a spoofing vulnerability in the Windows MSHTML Platform that can be triggered with a malicious HTML file.
Researchers at Check Point found that threat actors have been exploiting the flaw since January 2023, explaining, "Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL. An additional trick on IE is used to hide the malicious .hta extension name." By exploiting this vulnerability, attackers gained significant advantages despite the modern Windows 10/11 operating system.
The US Justice Department, along with security agencies in Canada and the Netherlands, has disrupted a Russian disinformation operation on X (formerly Twitter), SecurityWeek reports. The agencies seized two domains and identified "968 social media accounts used by Russian actors to create an AI-enhanced social media bot farm that spread disinformation in the United States and abroad."
The Justice Department stated, "The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the United States — which the operators then used to promote messages in support of Russian government objectives, according to affidavits unsealed today."
Apple’s new research paper dismantles the myth of AI reasoning, revealing that models from OpenAI, Anthropic, and Google collapse under complex tasks. Released ahead of WWDC 2025, the findings challenge billion-dollar AGI claims and expose the industry’s most persuasive illusion.
Asia-Pacific faced over one-third of all cyberattacks in 2024, making it the world’s top target. From manufacturing breaches to talent shortages and rising ransomware, CNC investigates how a region of digital ambition became cybercrime’s global epicentre.
AI is reshaping Western defense, but with progress comes risk. Australia stands at a crossroads: lead in securing AI-driven military tech or risk importing vulnerabilities. As global powers weaponize algorithms, oversight, cooperation, and resilience are now mission-critical.
Cloudflare CEO Matthew Prince issues a stark warning about AI’s growing impact on web economics, revealing how zero-click search and AI scraping are threatening the sustainability of content creators and publishers across the internet.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
