This alert is relevant to all Australian businesses and organisations. This alert contains a combination of simple and moderately complex technical advice, intended for business owners and technical IT support services. Background ASD’s ACSC is aware of a recent increase in active exploitation in Australia of a 2024 critical vulnerability in SonicWall SSL VPNs (CVE-2024-40766).
US Army soldiers kick the tires on a new class of multipurpose drones
JOINT BASE LEWIS-MCCHORD, Washington — The U.S. Army has an ambitious plan to field autonomous platforms across all its divisions in 2026. During a recent demonstration in the Pacific Northwest, it put that plan to the test, handing over the first batch of systems to a group of soldiers for a trial run. The mid-August
Plex tells users to reset passwords after new data breach
Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases. In a data breach notification seen by BleepingComputer, Plex says the stolen data includes email addresses, usernames, securely hashed passwords, and authentication data. “An
iCloud Calendar abused to send phishing emails from Apple’s servers
iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes. Earlier this month, a reader shared an email with BleepingComputer that claimed to be a payment receipt for $599 charged against the recipient’s
Coast Guard team honored for response to DC air tragedy
Coast Guard team honored for response to DC air tragedy A team from Station Washington were honored as the 2025 Coast Guardsmen of the Year for their work in the wake of a mid-air collision near the Pentagon. 3 days ago
VirusTotal finds hidden malware phishing campaign in SVG files
VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia’s judicial system that deliver malware. VirusTotal detected this campaign after it added support for SVGs to its AI Code Insight platform. VirusTotal’s AI Code Insight feature analyzes uploaded file samples using machine learning to generate summaries of suspicious or malicious
Microsoft now enforces MFA on Azure Portal sign-ins for all tenants
Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. The company’s Azure MFA enforcement efforts were announced in May 2024 when Redmond began implementing mandatory MFA for all users signing into Azure to administer resources. One year ago, in August 2024, Microsoft also warned Entra
Army picks 3 startups to fast-track self-driving squad vehicle
101st Airborne Division soldiers in a Infantry Squad Vehicle at the Joint Readiness Training Center, Fort Johnson, Louisiana, August 2024. (Staff Sgt. Joshua Joyner/Army) The U.S. Army is turning to commercial startups to fast-track autonomous ground vehicles into combat formations, awarding $15.5 million in new contracts to three companies to test self-driving systems on Infantry
Hackers exploited Sitecore zero-day flaw to deploy backdoors
Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState deserialization vulnerability caused by the inclusion of a sample ASP.NET machine key in pre-2017 Sitecore guides. Some customers reused this key in production, allowing attackers with knowledge of the key
Microsoft says recent Windows updates cause app install issues
Microsoft says the August 2025 security updates are triggering unexpected User Account Control (UAC) prompts and app installation issues for non-admin users across all supported Windows versions. This known issue is caused by a security patch that addresses the CVE-2025-50173 Windows Installer privilege escalation vulnerability, which can allow authenticated attackers to gain SYSTEM privileges due