VMAAS Australia

24/04/2026

HIGH ALERT: New steps for organisations running Cisco Firepower and Secure Firewall productsASD’s partners the US Critical Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) have identified new malware affecting Cisco Firepower and Secure Firewall products running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software.

ASD’s partners the US Critical Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) have identified new malware affecting Cisco Firepower and Secure Firewall products running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software.

23/04/2026

Defending against China-nexus covert networks of compromised devicesThis advisory outlines the shift in tactics, techniques and procedures used by China-nexus cyber actors to target organisations, as well as recommended mitigations.

This advisory outlines the shift in tactics, techniques and procedures used by China-nexus cyber actors to target organisations, as well as recommended mitigations.

20/04/2026

Most businesses trust their IT team — or their IT provider — to keep them secure.

That trust is usually well-placed. But there's a structural problem that doesn't get talked about enough:

The people responsible for your cybersecurity are also the ones assessing whether it's adequate.

It's not a question of honesty. It's human nature. No team evaluates its own work without some degree of optimism. And outsourced providers come with their own pressures — vendor partnerships, rebate structures, and a commercial incentive to keep things complex.

The real governance question is simple: if something goes wrong, who explains why? If it's the same party that set your security up in the first place, you don't have an independent check - you have a single point of failure.

In Australia, this is now a director-level concern. Business leaders can be held personally accountable for the adequacy of their cybersecurity posture. Delegating to your IT team is not the same as governing.

Independent oversight doesn't mean replacing your provider. It means having an impartial, vendor-neutral view that reports directly to leadership - in plain language, not technical jargon.

That's exactly what we do at VMAAS Australia. No vendor relationships. No rebates. No agenda beyond finding your risk.

👉 Learn more: vmaas.au/governance

08/01/2026

CRITICAL ALERT: Critical Unauthenticated Remote Code Ex*****on vulnerability in n8n workflow automation platformA critical unauthenticated Remote Code Ex*****on (RCE) vulnerability affecting n8n workflow automation platform has been observed. The critical vulnerability, tracked as CVE-2026-21858, allows unauthenticated threat actors to access sensitive files on the underlying server through ex*****on of certain form-based workflows leading to RCE.

This vulnerability is assessed as CVSS 10.0.

A critical unauthenticated Remote Code Ex*****on (RCE) vulnerability affecting n8n workflow automation platform has been observed. The critical vulnerability, tracked as CVE-2026-21858, allows unauthenticated threat actors to access sensitive files on the underlying server through ex*****on of certa...

29/12/2025

CRITICAL ALERT: Vulnerability in MongoDB product – MongoDB server leakASD’s ACSC is aware of active global exploitation affecting MongoDB servers CVE-2025-14847.
ASD’s ACSC recommends that organisations take immediate action to mitigate affected products, apply the latest patches and investigate for potential compromise.

ASD’s ACSC is aware of active global exploitation affecting MongoDB servers CVE-2025-14847. ASD’s ACSC recommends that organisations take immediate action to mitigate affected products, apply the latest patches and investigate for potential compromise.

22/12/2025

CRITICAL ALERT: Critical vulnerability in WatchGuard Firebox devices (CVE-2025-14733)The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of active exploitation of a critical vulnerability in WatchGuard Firebox devices.

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of active exploitation of a critical vulnerability in WatchGuard Firebox devices.

10/12/2025

CRITICAL ALERT: Critical vulnerabilities in multiple Fortinet products - FortiCloud SSO Login Authentication BypassCritical vulnerabilities in Multiple Fortinet Products - FortiCloud SSO Login Authentication Bypass CVE-2025-59718 & CVE-2025-59719. ASD’s ACSC recommends organisations update affected products to the latest versions and follow the advice detailed in the Fortinet Advisory.

Critical vulnerabilities in Multiple Fortinet Products - FortiCloud SSO Login Authentication Bypass CVE-2025-59718 & CVE-2025-59719. ASD’s ACSC recommends organisations update affected products to the latest versions and follow the advice detailed in the Fortinet Advisory.

09/12/2025

Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical InfrastructureThis Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, 2025, Joint Fact Sheet Primary Mitigations to Reduce Cyber Threats to Operational Technology, and European Cybercrime Centre’s Operation Eastwood (EC3), in which CISA, the Federal Bureau of Investigation (FBI), Department of Energy (DOE), Environmental Protection Agency (EPA), and EC3 shared information about cyber incidents affecting the operational technology (OT) and industrial control systems (ICS) of critical infrastructure entities in the United States and…

This Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, 2025, Joint Fact Sheet Primary Mitigations to Reduce Cyber Threats to Operational Technology, and European Cybercrime Centre’s Operation Eastwood (EC3), in which CISA...

04/12/2025

CRITICAL ALERT: Critical vulnerability in React Server Components (CVE-2025-55182)ASD's ACSC is aware of a critical vulnerability in React Server Components.

ASD's ACSC is aware of a critical vulnerability in React Server Components.

13/11/2025

MEDIUM ALERT: Scammers impersonating police to target victims for cryptocurrency/seed wallet theftThe ASD’s ACSC is aware that criminals are using Australia’s national cybercrime reporting channel and impersonating police to try to scam Australians out of funds from their cryptocurrency or seed wallets.

The ASD’s ACSC is aware that criminals are using Australia’s national cybercrime reporting channel and impersonating police to try to scam Australians out of funds from their cryptocurrency or seed wallets.

31/10/2025

Don’t take BADCANDY from strangers – How your devices could be implanted and what to do about itASD recommends that system operators take the following actions to remove the BADCANDY implant if compromised and to mitigate the risk of re-exploitation.

ASD recommends that system operators take the following actions to remove the BADCANDY implant if compromised and to mitigate the risk of re-exploitation.