When software can think and act on its own, security strategies must shift from static policy enforcement to real-time behavioral governance.
The post Rethinking Security for Agentic AI appeared first on SecurityWeek.
SecurityWeek – Read More
Security researchers have identified two malicious Chrome extensions recording AI chats. Learn how to identify and remove these tools to protect your privacy.
Hackread – Cybersecurity News, Data Breaches, AI, and More – Read More
Although the list does not include what are perceived to be the more consequential multilateral bodies shaping global cyber governance and state behaviour in cyberspace, some of the organizations play a role in shaping international law broadly.
The Record from Recorded Future News – Read More
Bryan Fleming, founder of pcTattletale, pleads guilty in a landmark federal spying case. Read how an undercover HSI sting and a data breach ended a decade of illegal stalkerware sales.
Hackread – Cybersecurity News, Data Breaches, AI, and More – Read More
Google is aggressively pushing Gemini across its apps and services in order to maintain an edge in the AI race. Your email won’t ever be the same.
Latest news – Read More
The cyber threat environment in Australia and New Zealand experienced a new escalation throughout 2025, driven by a surge in initial access sales, ransomware operations, and high-impact data breaches. According to our Threat Landscape Report Australia and New Zealand 2025, threat activity observed between January and November 2025 reveals a complex and commercialized underground ecosystem, where compromised network access is actively bought, sold, and exploited across multiple sectors.
The threat landscape report identifies a persistent focus on data-rich industries, with threat actors disproportionately targeting Retail, Banking, Financial Services, and Insurance (BFSI), Professional Services, and Healthcare organizations. These sectors continue to attract attackers due to the volume of sensitive personally identifiable information (PII), financial data, and downstream access opportunities they offer.
A central finding of the report is the continued growth of the initial access market. Cyble Research and Intelligence Labs (CRIL) documented 92 instances of compromised access sales affecting organizations in Australia and New Zealand during 2025. Retail organizations were the most heavily targeted, accounting for 31 incidents, or approximately 34% of all observed activity. This figure is more than three times higher than that of the next most targeted sector.
The BFSI sector recorded nine compromised access listings, followed by Professional Services with seven incidents. Combined, these three sectors accounted for more than half of all initial access listings observed in the region during the reporting period.
This concentration reflects a strategic approach by initial access brokers. Retail and BFSI organizations routinely handle large volumes of customer data and payment information, making them valuable targets for monetization or follow-on ransomware attacks. Professional Services firms, meanwhile, often provide access to client environments, creating opportunities for supply chain exploitation.
Analysis of the compromised access marketplace reveals a highly fragmented ecosystem rather than one dominated by a small number of major actors. The threat actor known as “cosmodrome” emerged as the most prolific seller of compromised access during the period, followed closely by an actor operating under the alias “shopify.”
Despite their activity, these actors did not control the market. The top seven most active sellers were collectively responsible for only about 26% of the observed access listings. The remaining activity originated from dozens of individual threat actors who posted listings once or twice, suggesting a low barrier to entry and a marketplace populated by both specialized brokers and opportunistic participants.
This structure indicates that initial access sales have become an accessible revenue stream for a wide range of threat actors, reinforcing the resilience and scalability of the underground economy.
Several notable incidents documented in the threat landscape report illustrate how initial access is translated into real-world impact.
In June 2025, the threat group Scattered Spider was suspected of orchestrating a cyberattack against a major Australian airline. Attackers reportedly gained unauthorized access to a customer service portal, resulting in a data breach that exposed records belonging to nearly six million customers. The compromised data included names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
The airline confirmed that more sensitive information, such as credit card details, financial records, and passport data, was not affected because it was not stored in the breached system. Investigators believe the incident may be part of a broader campaign targeting the aviation sector.
In March, threat actor “Stari4ok” advertised the sale of unauthorized access to a large Australian retail chain on the Russian-language cybercrime forum Exploit. The actor claimed the access involved a hosting server containing approximately 250 GB of data, including a 30 GB SQL database with a user table of around 71,000 records. Based on the claimed annual revenue of USD 2.6 billion and the described industry, the victim appears to be a major retailer, although this has not been independently confirmed. The access was listed for auction with a starting price of USD 1,500.
Another listing emerged in May when the threat actor “w_tchdogs” offered unauthorized access to a portal belonging to an Australian telecommunications provider on the English-language forum Darkforums. The actor claimed the access provided entry to domain administration tools and critical network information. The listing price was USD 750.
Not all incidents were tied directly to access sales. In mid-April, unidentified threat actors gained unauthorized access to the IT systems of a prominent accounting firm operating across Australia and New Zealand. The organization publicly confirmed the breach, stating that some data may have been compromised and that an investigation was ongoing. While business operations continued, the firm warned clients of potential phishing attempts and obtained court injunctions in both countries to prevent the dissemination of affected data. As of the time of reporting, no threat group had claimed responsibility.
Hacktivist activity also remained visible. In January 2025, the group RipperSec claimed to have accessed an optical-fiber network monitoring device belonging to an Australian cable and media services provider. The device was reportedly no longer supported by its vendor. As proof, the group released images suggesting internal defacement and possible data manipulation.
Want a deeper insight into these threats? Check out Cyble’s Australia and New Zealand Threat Landscape Report 2025 or schedule a demo to see check out how Cyble can protect your organization against these threats.
The post Initial Access Sales Accelerated Across Australia and New Zealand in 2025 appeared first on Cyble.
Cyble – Read More
Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.
The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.”
bitcoin-main-lib (2,300 Downloads)
bitcoin-lib-js (193 Downloads)
bip40 (970 Downloads)
“The
The Hacker News – Read More
Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit.
The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to
The Hacker News – Read More
Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, and almost half a billion builds, they can see
The Hacker News – Read More