The Australian Signals Directorate's (ASD) Annual Cyber Threat Report 2024–25 highlights the continuously challenging threat landscape, noting a significant increase in malicious cyber activity from both cybercrime and state-sponsored actors targeting Australia's economic and critical infrastructure. The report reveals the ASD responded to over 1,200 cyber security incidents (an 11% increase) and received over 84,700 cybercrime reports, underscoring the urgent need for all Australian organizations and individuals to raise their collective cyber defenses.

The Federal Court of Australia handed down the first civil penalty under the amended Privacy Act 1988 (Cth), ordering Australian Clinical Labs Limited (ACL) to pay $5.8 million. The penalty was imposed for failing to take "reasonable steps" to protect the personal and sensitive health information of its patients (breach of APP 11.1) and for significant delays and deficiencies in its response and notification obligations under the Notifiable Data Breach (NDB) scheme, establishing a new and demanding precedent for corporate data security standards.

The Australian Department of Home Affairs released the PSPF 2025 Annual Release as part of its Commonwealth Cyber Security Uplift reforms, mandating a substantial change in how government entities manage security. The updated framework heavily embeds Zero Trust principles, includes new guidance on emerging technologies like Artificial Intelligence (AI) and post-quantum cryptography, and strengthens requirements across its six security domains to better protect government personnel, information, and resources.

Origin Energy confirmed an insider-led data breach where a former employee allegedly attempted to steal sensitive customer payment details. The employee tried to email an encrypted file containing the credit and debit card information of 732 customers to a personal account shortly after their termination. Origin has reported the incident to the Office of the Australian Information Commissioner (OAIC) and law enforcement, and is notifying affected customers, offering them a year of complimentary credit monitoring.

Following a major cyberattack, the personal information of over 5 million Qantas customers was leaked onto the dark web by a hacking collective, reportedly after a ransom deadline passed. The leaked data includes customer names, email addresses, and Frequent Flyer numbers, along with some addresses, dates of birth, and phone numbers, prompting Qantas to notify affected customers and offer support services while warning them to be on high alert for subsequent scams.

Western Sydney University (WSU) issued an urgent alert and apology following a major security incident where thousands of current and former students received fraudulent emails that falsely claimed their degrees had been revoked or they had been disqualified from the University. While WSU confirmed the emails were not legitimate, the incident, which reportedly stemmed from an exploited vulnerability, caused widespread panic and has since been reported to the NSW Police.

Australia's largest superannuation funds are collaborating to develop a sophisticated "cyber shield" designed to share real-time intelligence on suspicious criminal activity. This major initiative, driven by recent chaotic incidents where retirees' life savings were stolen through cyberattacks, involves creating a secure information-sharing platform to proactively tackle the persistent and damaging threat of cyberattacks across the $4.3 trillion sector.

The National Cyber Security Centre (NCSC) in New Zealand launched a new tool called 'How Exposed Am I' to combat the alarming statistic that over 4.3 million New Zealand account details have been exposed online. The free tool, which utilizes data from the 'Have I Been Pwned' service, allows Kiwis to check their exposure and is part of a broader push to encourage basic but critical defenses like creating long, unique passwords and enabling two-factor authentication (2FA), following estimates that New Zealanders lost NZ$1.6 billion to online threats in 2024.