SAP npm packages poisoned with credential-stealing malware in "Mini Shai-Hulud" attack. Malicious preinstall hooks harvest GitHub tokens, cloud keys and CI/CD secrets. Attackers weaponise AI agent configs for persistence, turning Claude and VS Code settings into execution paths.
Medtronic says a third party accessed data in corporate IT systems, while ShinyHunters claims more than nine million records were stolen. The incident did not disrupt products or patient care, but it exposes the widening risk around corporate IT, identity data and medical technology supply chains.
Australia’s A$25bn AI wager, Bezos’s leap into “physical AI” and Musk’s push to shift data centres into orbit turned this week into a defining moment in the AI global industrial contest, with the Global South emerging as both proving ground and prize in the new AI steel age.
Australian firm FIIG Securities has been ordered to pay a $2.5 million penalty by the Federal Court following ASIC action over significant cybersecurity failures that led to a major data breach in 2023. The landmark case sets a new precedent for cyber resilience obligations for AFS licensees.
German insurance major HanseMerkur has been targeted by the Russia-aligned Dragonforce ransomware gang, which claims to have stolen 97GB of data. The attack on the €3 billion firm highlights the escalating threat of ransomware to the global financial services and insurance sectors.
The CL0P ransomware gang has breached Podiatry WA, a key Australian healthcare association, as part of a massive 22-victim global attack wave. The incident highlights the escalating threat of data extortion targeting professional services and healthcare sectors across Australia.
Microsoft has issued an emergency patch for a high-severity zero-day vulnerability (CVE-2026-21509) in Microsoft Office. The flaw, which bypasses key security features, is being actively exploited in targeted attacks, posing a significant risk to organizations globally, including in Australia.
Nike is investigating a massive data breach after the WorldLeaks ransomware group claimed to have stolen 1.4TB of sensitive data, including Jordan Brand design files, supply chain details, and internal documents. The breach poses a significant threat to Nike's IP operations in Australia.
The Everest ransomware group has breached ASRock Rack, a major server hardware vendor, stealing 509GB of sensitive data including firmware, BIOS, and other critical files. The breach creates a significant supply chain risk, potentially allowing attackers to embed vulnerabilities in server hardware.
Japanese automaker Nissan is the latest victim of the Everest ransomware group, which claims to have stolen 900GB of sensitive data. The breach, announced January 10, threatens internal records, dealer info, and possibly customer data —raising serious concerns for its Australian operations.
The Victorian Department of Education has confirmed a major data breach affecting all 1700+ government schools. Hackers accessed the names, emails, and encrypted passwords of current and former students, impacting potentially hundreds of thousands of individuals just weeks before the new school year
Australian car rental insurer Prosura has suffered a major data breach, exposing the personal and policy information of an estimated 300,000 customers. Attackers are now selling the stolen data identity data on a public forum after the company reportedly failed to meet their demands.
Gulshan Management Services, a Texas-based operator of ~150 gas stations, has disclosed a major data breach affecting over 377,000 individuals. The breach, resulting from a phishing attack that led to a ransomware infection, exposed highly sensitive personal and financial information.
Melbourne-based fleet management firm Netstar Australia has been hit by the Blackshrantac ransomware group in a data extortion attack, underscoring rising cyber risks in the telematics sector that handles sensitive GPS data for government and critical infrastructure operators.
The Rhysida ransomware group has targeted Harbour Town Doctors, a Queensland medical centre, threatening to leak sensitive patient data. The attack highlights the persistent threat of ransomware to the Australian healthcare sector.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
