Latest scams, fraud and security alerts

 Posted on 27 November 2025

Fake government emails

Type:  

Scammers are sending extremely convincing fake emails pretending to be from Services Australia and Centrelink. These scams have already hit over 270,000 inboxes nationwide targeting a wide range of organisations including schools, hospitals, law firms, corporations, and even government agencies.

The emails look real and often mention various Australian benefit systems like Superannuation or Family Tax Benefits. These emails are mostly written and sent using various techniques to avoid security or spam filters.

They deceive people into clicking links and entering personal details, which can lead to identity theft, account compromise, or even ransomware attacks.

 Posted on 13 November 2025

ANZ Rewards SMS Scam

Type:  

A scam has been identified where individuals are receiving SMS messages impersonating ANZ Rewards. These messages may claim that rewards points are about to expire and include a link to redeem them.

Be cautious of SMS messages, emails or phone calls, claiming to be from ANZ. They may ask you to log in to your account through a link, provide sensitive banking details, download software, transfer money or open another account.

Remember, we will never ask you to:

• share sensitive banking details (like passwords, PINs, ANZ Shield codes, token codes, or one-time passcodes for payment).
• click a link to log in to your account.
• grant remote access to your computer, phone, tablet (or any other mobile device).
• transfer money to another account.

 Posted on 06 November 2025

Information Stealer Malware alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

ASD’s ACSC has identified corporate network breaches that started in employees accessing work resources or systems from personal devices infected with malware called information stealers.

Info stealers, are a type of malware designed to collect information from a victim’s device.

Organisations that allow employees, contractors, managed service providers or other entities to access their network remotely, including with Bring Your Own Device (BYOD) hardware, need to be aware of the risks and protect themselves from this threat.
 

 Posted on 27 October 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published a critical alert regarding the following vulnerability in the Microsoft Windows Server Update Service:

• CVE-2025-59287: This vulnerability involves deserialisation of untrusted data in WSUS, which could enable an unauthenticated actor to achieve remote code execution with system privileges.
  

The vulnerability impacts Microsoft Windows Server Update Service in Windows Server (2012, 2016, 2019, 2022 and 2025). 

 Posted on 17 October 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published a critical alert regarding multiple high-severity vulnerabilities in F5 products and an incident impacting F5.

According to the ASD’s ACSC, F5 have released an advisory regarding a cyber security incident that has affected certain F5 systems with recommendation on what customers can do to help protect themselves.

In addition to this advisory, F5 has issued its October 2025 quarterly security notification summarising multiple critical vulnerabilities identified across its product portfolio.

 Posted on 29 September 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published a critical alert regarding vulnerabilities within Australia impacting Cisco ASA 5500-X Series models, that are running Cisco ASA Software or FTD software:

• CVE-2025-20333 (Critical) – A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
• CVE-2025-20363 (Critical) – A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device.
• CVE-2025-20362 (Medium) – A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that should otherwise be inaccessible without authentication.

A number of versions of Cisco software releases are affected, including those within the following ranges:

• Cisco ASA Software releases 9.12 to 9.23x and;
• Cisco FTD Software releases 7.0 to 7.7x.

 Posted on 22 September 2025

High alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published a high alert regarding increased targeting of online code repositories.

Threat actors have been observed gaining access to online code repositories and have been noted to do the following after gaining access to privileged systems and accounts:

• Running open-source tools to scan for cryptographic secrets, passwords and sensitive keys stored in online code repositories.
• Extracting and leaking identified credentials publicly.
• Migrating private repositories to public repositories.
• Modifying public packages to initiate supply-chain compromises.

This access provides threat actors a better understanding of internal processes and systems, increasing an organisation’s attack surface and enabling future, novel attacks.

 Posted on 12 September 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published a critical alert regarding vulnerabilities affecting SonicWall SSL VPNs in Australia (CVE-2024-40766)

According to the ASD’s ACSC, the vulnerability can result in Akira ransomware targeting vulnerable Australian organisations through SonicWall SSL VPNs.

The vulnerability enables an attacker to achieve unauthorised access and in specific conditions causes the firewall to crash. The vulnerability affects the following SonicWall devices:

• Gen 5 devices
• Gen 6 devices
• Gen 7 devices running SonicOS 7.0.1-5035 and older versions

 Posted on 01 September 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published an alert regarding multiple vulnerabilities impacting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products:

• CVE-2025-7775 (Critical) involves a memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service.
• CVE-2025-7776 (High) involves a memory overflow vulnerability leading to unpredictable or erroneous behaviour and Denial of Service.
• CVE-2025-8424 (High) involves improper access control on the NetScaler Management Interface.

Citrix reports active exploitation of these vulnerabilities has been observed.