Australian Cyber Security Centre (ACSC) stories

Google says the axios npm supply chain attack was linked to suspected North Korean actor UNC1069, raising fears for Australian and New Zealand firms.

Rockwell Automation launches SecureOT to help Australian industry counter rising cyber attacks on critical operational technology.

SentinelOne appoints Jason Duerden ANZ area vice president to drive cyber growth in government, critical infrastructure and AI security.

Datadog warns 87% of organisations run software with exploitable flaws as ageing code, fast releases and automation amplify DevSecOps risk.

AI-driven agents and rising network attacks are reshaping cyber risks, experts warn, as Safer Internet Day 2026 urges 'verified trust' online.

Insurance brokers must scrutinise software vendors' SOC 2 Type 2 security to safeguard client data, compliance and operational resilience.

Global cyber defence group FIRST reports record 2025 growth, topping 820 member teams and expanding technical, training and capacity work.

Cybersecurity is now central to Australia's economic growth, safeguarding digital infrastructure amid rising cybercrime costing organisations up to AUD $63,600 per incident.

BeyondTrust has passed the IRAP PROTECTED review by CyberCX, validating four cloud security solutions for Australian government use at the PROTECTED level.

Government agencies outpace the private sector in quantum computing readiness, urging urgent action to protect future cybersecurity and national security.

Security scores for hybrid identity systems drop to 61 in 2025, with mid-sized companies and government sectors facing the biggest vulnerability challenges.

The rise of Fast Flux DNS has empowered cybercriminals to evade detection more effectively, presenting significant challenges for security agencies in Australia.

Elastic has achieved the Protected level IRAP certification for Elastic Cloud, ensuring compliance with Australian government security requirements.

A coalition of global agencies warns of Iranian cyber threats targeting critical infrastructure, highlighting emerging tactics and unresolved vulnerabilities.

A joint advisory from international agencies warns of Iranian cyber actors targeting critical infrastructure sectors using brute force tactics for credential compromise.

Mobile access control is revolutionising data centre security, addressing insider threats and ensuring compliance with mandates like GDPR and NDB.

The New Zealand National Cyber Security Centre has teamed up with global partners to tackle a China-linked botnet compromising over 260,000 devices globally.

A new cybersecurity report reveals that 52% of critical open-source projects rely on memory-unsafe programming languages, posing significant security risks.

Security in the software supply chain stands on shaky ground, as reliance on prebuilt and open-source code leads to rampant vulnerabilities and 91% of firms report incidents within the last year.

Rising cybersecurity threats prompt a shift from traditional, vulnerable password methods to phishing-resistant authentication solutions.