MAY CYBER NEWS MONTHLY WRAP-UP
As May 2025 comes to a close, the cybersecurity landscape in Australia continues to evolve rapidly, with a mix of sophisticated threat campaigns, critical vulnerabilities, and strategic investments shaping the month’s headlines. For CIOs, CSOs, and IT leaders, staying informed is essential to proactively defend against emerging risks and align with best practices.
Here’s a curated summary of six of the most impactful cyber stories from May 2025, along with insights and recommendations to help your organisation stay secure.
Threat Actors Impersonate DocuSign in Phishing Campaigns
Cybercriminals are leveraging fake DocuSign notifications to launch phishing attacks targeting enterprise users. These emails mimic legitimate DocuSign branding and prompt recipients to click malicious links, leading to credential harvesting and potential network infiltration. The campaign highlights the ongoing risk of business email compromise (BEC) and the importance of user awareness training, email filtering, and multi-factor authentication (MFA) to mitigate phishing threats.
Recommendation: Implement advanced email security gateways and conduct regular phishing simulations to bolster employee vigilance.
Source: cybersecuritynews.com, written by Tushar Subhra Dutta, published on 28 May 2025
Australia Joins Global Warning on State-Sponsored Hacking Campaigns
Australia has joined international partners in issuing a joint advisory on a state-sponsored cyber campaign targeting countries supporting Ukraine. The campaign involves sophisticated tactics such as zero-day exploitation, credential theft, and lateral movement within networks. This underscores the geopolitical dimension of cyber threats and the need for heightened vigilance across critical infrastructure and government-linked sectors.
Recommendation: Review threat intelligence feeds regularly and ensure your organisation’s incident response plans are up to date and tested.
Source: cyberdaily.au, written by David Hollingworth, published on 22 May 2025
ACSC Releases New Guidance on SIEM and SOAR Implementation
The Australian Cyber Security Centre (ACSC) has published updated guidance on implementing Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platforms. The advice focuses on aligning these tools with business objectives, navigating decision making around the procurement and implementation of these platforms, ensuring data quality, and integrating threat intelligence for proactive defence. Below you can find the publications:
- Implementing SIEM and SOAR platforms: Executive guidance defines SIEM and SOAR platforms, explains their value and also their challenges and provides high level recommendations for implementing them. It is written for executives, but can be used by any organisation that is considering whether and how to implement a SIEM and/or SOAR.
- Implementing SIEM and SOAR platforms: Practitioner guidance provides high-level guidance for cybersecurity practitioners and describes how a SIEM/SOAR can enhance visibility, detection and response as well as principles for procurement, establishment and maintenance of those platforms.
- Priority logs for SIEM ingestion: Practitioner guidance provides practitioners with detailed logging guidance for specific categories of log sources, such as from Endpoint Detection and Response tools, Windows/Linux operating systems, network devices and Cloud deployments.
Source: Australian Signals Directorate, cyber.gov.au, published on 27 May 2025
Victorian Government Commits $100M to Cybersecurity Overhaul
The Victorian Government has announced a $100 million investment in cybersecurity over the next four years. The funding will support the development of a new Cyber Defence Centre, workforce training, and improved protection for public sector systems. This move reflects growing recognition of cybersecurity as a strategic priority at the state level.
Recommendation: Public-private collaboration opportunities may arise from this initiative—consider engaging with government-led programs or partnerships.
Source: itnews.com.au, written by Ry Crozier, published on 21 May 2025
GitHub MCP Server Vulnerability Exposes DevOps Pipelines
A critical vulnerability in GitHub’s MCP (Managed Control Plane) server has been disclosed, potentially allowing attackers to execute arbitrary code and compromise CI/CD pipelines. Given the widespread use of GitHub in enterprise DevOps environments, this flaw poses a significant risk to software supply chains.
Recommendation: Patch affected systems immediately and audit your CI/CD environments for signs of compromise or misconfiguration.
Source: cybersecuritynews.com, written by Tushar Subhra Dutta, published on 27 May 2025
Fortinet Zero-Day Vulnerability Exploited in the Wild
A zero-day vulnerability in Fortinet’s FortiOS SSL VPN has been actively exploited, with proof-of-concept (PoC) code now publicly available. The flaw allows remote code execution and could be used to gain persistent access to enterprise networks. Fortinet has released patches, but many organisations may still be exposed.
Recommendation: Prioritise patching Fortinet devices and monitor for unusual VPN activity. Consider implementing network segmentation to limit lateral movement.
Source: cybersecuritynews.com, written by Guru Baran, published on 23 May 2025
May 2025 has reinforced the need for proactive, intelligence-driven cybersecurity strategies. From phishing and zero-days to state-sponsored threats and infrastructure investments, the landscape is dynamic and unforgiving. For Australian enterprises, the key lies in continuous improvement—adopting best practices, staying informed, and fostering a culture of cyber resilience.
Stay ahead of the curve—subscribe to threat intelligence feeds, review your security posture regularly, and engage with national cyber security initiatives.
Consider adding the following trusted resources to your toolkit:
Australian Cyber Security Centre (ACSC) Alerts & Advisories – offers timely alerts, technical advisories, and best practice guides for Australian organisations.
AUSCERT Australia Bulletins – Regular updates on vulnerabilities, threat actor activity, and mitigation strategies.
Microsoft Security Intelligence – Offers global threat intelligence, malware trends, and vulnerability disclosures.
The Australian Cyber Security Magazine - Delivers global expert insights and news on cybersecurity, emphasising the growing threat landscape and frequent major data breaches.
The Hacker News & Cyber Daily AU – For daily news on breaches, vulnerabilities, and emerging threats relevant to the Australian context.
LinkedIn Groups & Industry Forums – Join communities like “Australian Cyber Security Professionals” or “CISO Network” for peer insights and shared experiences.
More from this months newsletter:
May 2025 Cybersecurity News Australia: Top Threats, Trends & Enterprise Insights
MAY CYBER NEWS MONTHLY WRAP-UP As May 2025 comes to a close, the cybersecurity landscape […]
Read More
Powerful New Features in Our AI SOC & SOAR Platform
Powerful New Features & Product Enhancements Now Available in our AI-based SOC and SOAR Platform […]
Read More
Australia Ransomware Reporting Law 2025: Key Business Obligations
Australia’s New Ransomware Reporting Law Takes Effect: What Your Business Needs to Know As of […]
Read More
New SendSafely Outlook Add-in Now Available on Microsoft AppSource
Now Available: The New & Improved SendSafely Outlook Add-in The updated SendSafely Outlook add-in is […]
Read More