MAY CYBER NEWS MONTHLY WRAP-UP
As May 2025 comes to a close, the cybersecurity landscape in Australia continues to evolve rapidly, with a mix of sophisticated threat campaigns, critical vulnerabilities, and strategic investments shaping the month’s headlines. For CIOs, CSOs, and IT leaders, staying informed is essential to proactively defend against emerging risks and align with best practices.
Here’s a curated summary of six of the most impactful cyber stories from May 2025, along with insights and recommendations to help your organisation stay secure.
Threat Actors Impersonate DocuSign in Phishing Campaigns
Cybercriminals are leveraging fake DocuSign notifications to launch phishing attacks targeting enterprise users. These emails mimic legitimate DocuSign branding and prompt recipients to click malicious links, leading to credential harvesting and potential network infiltration. The campaign highlights the ongoing risk of business email compromise (BEC) and the importance of user awareness training, email filtering, and multi-factor authentication (MFA) to mitigate phishing threats.
Recommendation: Implement advanced email security gateways and conduct regular phishing simulations to bolster employee vigilance.
Source: cybersecuritynews.com, written by Tushar Subhra Dutta, published on 28 May 2025
Australia Joins Global Warning on State-Sponsored Hacking Campaigns
Australia has joined international partners in issuing a joint advisory on a state-sponsored cyber campaign targeting countries supporting Ukraine. The campaign involves sophisticated tactics such as zero-day exploitation, credential theft, and lateral movement within networks. This underscores the geopolitical dimension of cyber threats and the need for heightened vigilance across critical infrastructure and government-linked sectors.
Recommendation: Review threat intelligence feeds regularly and ensure your organisation’s incident response plans are up to date and tested.
Source: cyberdaily.au, written by David Hollingworth, published on 22 May 2025
ACSC Releases New Guidance on SIEM and SOAR Implementation
The Australian Cyber Security Centre (ACSC) has published updated guidance on implementing Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platforms. The advice focuses on aligning these tools with business objectives, navigating decision making around the procurement and implementation of these platforms, ensuring data quality, and integrating threat intelligence for proactive defence. Below you can find the publications:
- Implementing SIEM and SOAR platforms: Executive guidance defines SIEM and SOAR platforms, explains their value and also their challenges and provides high level recommendations for implementing them. It is written for executives, but can be used by any organisation that is considering whether and how to implement a SIEM and/or SOAR.
- Implementing SIEM and SOAR platforms: Practitioner guidance provides high-level guidance for cybersecurity practitioners and describes how a SIEM/SOAR can enhance visibility, detection and response as well as principles for procurement, establishment and maintenance of those platforms.
- Priority logs for SIEM ingestion: Practitioner guidance provides practitioners with detailed logging guidance for specific categories of log sources, such as from Endpoint Detection and Response tools, Windows/Linux operating systems, network devices and Cloud deployments.
Source: Australian Signals Directorate, cyber.gov.au, published on 27 May 2025
Victorian Government Commits $100M to Cybersecurity Overhaul
The Victorian Government has announced a $100 million investment in cybersecurity over the next four years. The funding will support the development of a new Cyber Defence Centre, workforce training, and improved protection for public sector systems. This move reflects growing recognition of cybersecurity as a strategic priority at the state level.
Recommendation: Public-private collaboration opportunities may arise from this initiative—consider engaging with government-led programs or partnerships.
Source: itnews.com.au, written by Ry Crozier, published on 21 May 2025
GitHub MCP Server Vulnerability Exposes DevOps Pipelines
A critical vulnerability in GitHub’s MCP (Managed Control Plane) server has been disclosed, potentially allowing attackers to execute arbitrary code and compromise CI/CD pipelines. Given the widespread use of GitHub in enterprise DevOps environments, this flaw poses a significant risk to software supply chains.
Recommendation: Patch affected systems immediately and audit your CI/CD environments for signs of compromise or misconfiguration.
Source: cybersecuritynews.com, written by Tushar Subhra Dutta, published on 27 May 2025
Fortinet Zero-Day Vulnerability Exploited in the Wild
A zero-day vulnerability in Fortinet’s FortiOS SSL VPN has been actively exploited, with proof-of-concept (PoC) code now publicly available. The flaw allows remote code execution and could be used to gain persistent access to enterprise networks. Fortinet has released patches, but many organisations may still be exposed.
Recommendation: Prioritise patching Fortinet devices and monitor for unusual VPN activity. Consider implementing network segmentation to limit lateral movement.
Source: cybersecuritynews.com, written by Guru Baran, published on 23 May 2025
May 2025 has reinforced the need for proactive, intelligence-driven cybersecurity strategies. From phishing and zero-days to state-sponsored threats and infrastructure investments, the landscape is dynamic and unforgiving. For Australian enterprises, the key lies in continuous improvement—adopting best practices, staying informed, and fostering a culture of cyber resilience.
Stay ahead of the curve—subscribe to threat intelligence feeds, review your security posture regularly, and engage with national cyber security initiatives.
Consider adding the following trusted resources to your toolkit:
Australian Cyber Security Centre (ACSC) Alerts & Advisories – offers timely alerts, technical advisories, and best practice guides for Australian organisations.
AUSCERT Australia Bulletins – Regular updates on vulnerabilities, threat actor activity, and mitigation strategies.
Microsoft Security Intelligence – Offers global threat intelligence, malware trends, and vulnerability disclosures.
The Australian Cyber Security Magazine - Delivers global expert insights and news on cybersecurity, emphasising the growing threat landscape and frequent major data breaches.
The Hacker News & Cyber Daily AU – For daily news on breaches, vulnerabilities, and emerging threats relevant to the Australian context.
LinkedIn Groups & Industry Forums – Join communities like “Australian Cyber Security Professionals” or “CISO Network” for peer insights and shared experiences.
More from this months newsletter:
November Cyber News Wrap-Up: Key Australian Security Trends
November Cyber News Wrap-Up As the year winds down, Australia’s cyber landscape is doing anything […]
Read More
2025 Final Cyber Solution Updates – New Features & Enhancements
New Capabilities and Updates Across Our Solutions Stack As we close out 2025, the final […]
Read More
Christmas Trading Hours 2025 – Office Closure Dates
Christmas Trading Hours 2025 As we approach the festive season, our team extends our sincere […]
Read More
Twelve Days of Cyber Security Christmas
The Twelve Days of Cyber Security Christmas Wishing everyone a safe and happy holiday! […]
Read More