This week, the cityscape of Australian business has felt the tremors of relentless cyber adversaries, each probing for a forgotten patch, a neglected device, or a single moment of inattention. The threats aren’t waiting at the gates—they’re already weaving through the alleyways of supply chains, cloud platforms, and critical infrastructure, challenging every assumption about what it means to be secure.
This week, the walls of the digital city have been tested by a wave of targeted attacks and zero-day exploits. Cisco firewalls—long considered a cornerstone of network security—have come under active attack through newly discovered vulnerabilities, triggering denial-of-service incidents and persistent reboot loops. Despite well-publicised patches, over 150 Australian network devices remain infected with the BADCANDY webshell, a stark reminder that even the most robust defences can be undermined by slow patch adoption and persistent adversaries.
Globally, the threat landscape has been shaped by the rapid exploitation of critical flaws in Docker and Kubernetes environments, with three severe runC container vulnerabilities threatening to let attackers escape containers and compromise host systems. Meanwhile, state-sponsored actors from China, Russia, Iran, and North Korea have intensified their campaigns, deploying advanced malware and backdoors, and targeting critical infrastructure, policy experts, and cloud environments.
This week’s vulnerability list reads like a map of weak points in the city’s architecture. Cisco ASA and FTD firewall flaws (CVE-2025-20333, CVE-2025-20362) are being actively exploited, causing widespread disruption. Samsung Galaxy devices have been targeted by the LandFall spyware, exploiting a zero-click vulnerability to deliver surveillance payloads via WhatsApp. In the world of software supply chains, malicious Visual Studio Code and OpenVSX extensions—such as GlassWorm and ransomware-laced “susvsex”—have evaded detection, infecting thousands of developer environments.
The risks extend to industrial control systems, with time-bombed NuGet packages like Sharp7Extend programmed to sabotage operations years after installation, and a critical npm package vulnerability (CVE-2025-11953) exposing millions to remote code execution. Even WordPress sites are under siege, with the Post SMTP plugin flaw (CVE-2025-11833) enabling account takeovers on over 400,000 websites.
For business leaders, these vulnerabilities are not just technical debt—they’re liabilities that can undermine trust, disrupt operations, and expose sensitive data. Every bridge and tunnel in your digital city must be regularly inspected and reinforced.
Malware and ransomware campaigns have grown more sophisticated, with attackers now using cross-platform tactics and supply chain infiltration to evade detection. The emergence of the “ransomvibing” Visual Studio extension and renewed activity from groups like BlackCat/ALPHV and Scattered Spider highlight the evolving nature of ransomware threats. Trojanised npm packages are distributing infostealers like Vidar, expanding the threat into developer ecosystems.
Closer to home, the ACSC has highlighted the ongoing risk from over 150 locally infected Cisco routers, often linked to Chinese espionage efforts. Android banking malware, such as BankBot-YNRK, continues to target users, while Linux-based attacks are leveraging Windows Hyper-V to bypass traditional security controls. These developments underscore the increasing sophistication, persistence, and supply chain focus of recent malware and ransomware activity.
The digital city’s supply lines are under siege. Malicious NuGet packages, including Sharp7Extend, are targeting industrial control devices with logic bombs set to detonate years in the future. Visual Studio Code and OpenVSX extensions have been weaponised with remote access trojans and ransomware, using obfuscation and dynamic command-and-control endpoints to exfiltrate credentials and cryptocurrency wallets.
Critical vulnerabilities in widely used tools—such as the Post SMTP WordPress plugin and the @react-native-community/cli npm package—have exposed millions of systems to exploitation. These incidents reinforce the need for strict vetting, rapid patching, and digital signature enforcement across software supply chains.
Artificial intelligence and cloud platforms are now both tools and targets in the cyber arms race. The “Whisper Leak” side-channel attack has shown that encrypted AI chatbot conversations can be monitored to infer sensitive topics, prompting advice to use VPNs and avoid discussing confidential matters on insecure networks. Vulnerabilities in AI infrastructure tools and chatbots like ChatGPT remain unresolved, with prompt injection attacks enabling data leakage and response manipulation.
Australian Cisco devices remain exposed to the BADCANDY webshell, with persistent re-infection and espionage activity linked to China. Supply chain attacks continue to rise, with GlassWorm malware infiltrating developer marketplaces and AI-powered ransomware appearing in software extensions. These incidents highlight the urgency for Australian organisations to accelerate patching, enhance cloud and AI security controls, and rigorously vet third-party integrations.
Industrial control systems and critical infrastructure have been thrust into the spotlight, with multiple advisories highlighting serious risks. Vulnerabilities in ABB FLXeon Controllers, Delta Electronics CNCSoft-G2, Advantech DeviceOn/iEdge, and other products have been disclosed, with recommendations ranging from firmware upgrades to network isolation. QNAP addressed seven zero-days exploited during Pwn2Own, underscoring ongoing software supply chain threats.
With Australia’s regulatory focus increasing on critical infrastructure, these vulnerabilities and active exploitation attempts demand immediate and sustained attention from both vendors and asset operators. Integrating cyber with physical security is now essential as incidents surge.
To keep your digital city safe, business leaders should act decisively:
This week’s developments show that the digital city is under constant threat, with adversaries probing for weaknesses at every turn. By embracing a proactive, strategic approach—reinforcing defences, patching vulnerabilities, and fostering a culture of security—Australian businesses can transform their organisations from vulnerable targets into resilient fortresses.