November Cyber News Wrap-Up

As the year winds down, Australia’s cyber landscape is doing anything but slowing. This wrap-up brings together the most significant developments impacting government, business and consumers, highlighting the emerging threats, major incidents and technology shifts shaping November. This month has seen increased activity across the sector, with concentrated threats, targeted attacks and critical regulatory updates demanding attention.

This edition provides a clear overview of the developments with real operational impact, the evolving risks, confirmed compromises and industry movements that leaders need to be across as we head into year-end.

Threats

Real%20Estate%20Business%2Fbulletin-ops%2Faccounting-alone-analysis-938963

Australia’s Public Sector Under Pressure as Cyber Threats Rise

Federal and state agencies continue to face mounting pressure as the scale and sophistication of cyber activity intensify. The latest reporting highlights a rise in advanced intrusion attempts, increasingly automated reconnaissance and persistent targeting from state-aligned actors. With public-facing digital services expanding and vast volumes of citizen data at stake, government networks remain a highly attractive target. This environment is creating operational strain and increasing incident response demands, reinforcing the need for sustained investment in defensive capability. Agencies are continuing to uplift their detection and resilience programs with guidance from national cyber authorities.

Source: www.cyberdaily.au, written by David Hollingworth, published on Wed, 12 November 2025

Social Engineering Driving Fraud Risks for Accounts Payable Teams

Adversaries are intensifying their focus on finance teams, using refined social engineering techniques to manipulate payment workflows and exploit organisational trust. Attackers are conducting detailed research into vendor relationships and internal structures, allowing them to craft highly convincing requests that aim to redirect payments or insert fraudulent invoices. This trend increases the likelihood of financial loss and reputational impact for organisations of all sizes. Stronger verification practices and targeted awareness initiatives are being encouraged to reduce susceptibility across accounts payable functions.

Source: www.cyberdaily.au, written by Emma Partis, published on Thu, 27 November 2025

Cyber Attacks

Digital Fraud Reaches Industrial Scale in 2025

Cybercriminal operations have evolved into highly coordinated, industrialised fraud engines, supported by automation, extensive stolen data sets and well-developed underground marketplaces. These capabilities are enabling criminals to run high-frequency, wide-reaching campaigns with efficiency that mirrors legitimate corporate operations. As a result, organisations and individuals globally are facing increased financial exposure and broader operational disruptions. The analysis underscores the need for enhanced intelligence sharing and more automated defensive measures to counter these rapidly scaled threats.
Source: www.darkreading.com written by Jai Vijayan, published on Wed, 27 November 2025

Salesforce Customers Compromised Through Gainsight Integration

A series of compromises affecting users of a customer-success platform connected to Salesforce has drawn attention to the risks associated with third-party integrations. Attackers were able to gain unauthorised access by abusing stolen or misused API tokens, enabling them to move laterally into linked environments. This resulted in potential exposure of customer data and disruption to system operations. Impacted organisations responded by revoking tokens, tightening permission sets and implementing additional monitoring across their integration frameworks.
Source: www.darkreading.com, written by Nate Nelson, published on 22 November 2025

a-computer-system-hacked-warning.jpg?s=612x612&w=0&k=20&c=U45FHOm5rflXIRqmYByxlQANtdtycEdFZz2Vp5dgI8E=

GettyImages-1229897232-e1672838693650.jpg?resize=1097,617

Vulnerabilities

ImageResizer.ashx?n=https%3a%2f%2fi.nextmedia.com.au%2fNews%2foptus_acma.jpg&h=420&w=748&c=0&s=0

ImageResizer.ashx?n=https%3a%2f%2fi.nextmedia.com.au%2fNews%2f1-zero-day-attack.jpg&h=420&w=748&c=0&s=0

Optus Penalised for Anti-Scam Safeguard Failures

Optus has been issued an $826,000 penalty after failing to meet required anti-scam obligations designed to protect customers from fraudulent messaging activity. Gaps in mandated filtering and monitoring controls contributed to the enforcement action, which adds to ongoing scrutiny of the telecommunications sector’s role in national scam prevention. Optus has committed to strengthening its filtering systems and compliance processes to address the deficiencies.

Source: www.itnews.com.au, written by Andrew Colley, published on 19 November 2025

Commercial Spyware Targeted Samsung Galaxy Users for Months

A covert spyware campaign targeting Samsung Galaxy devices operated undetected for several months, harvesting communications, location data and files from affected users. The activity was linked to the deployment of commercial surveillance tools exploiting mobile platform vulnerabilities, resulting in significant privacy impacts and long-term risk for potentially thousands of individuals. Security updates and patches were subsequently released, and users are being urged to verify device integrity and apply all available updates.

Source: www.itnews.com.au, written by Juha Saarinen, published on 11 November 2025

Tech News

OpenAI Challenges Order Requiring Disclosure of Millions of ChatGPT Logs

OpenAI is contesting a legal directive requiring the disclosure of millions of historical ChatGPT conversations, raising concerns about data governance, privacy and regulatory scope. The order stems from an ongoing investigation seeking large-scale access to user interaction records, prompting debate over the balance between oversight and confidentiality. OpenAI is pushing for limits on the request while working to protect user privacy, and the matter remains under legal review.

Source: www.itnews.com.au, written by Blake Brittain, published on 13 November 2025

ImageResizer.ashx?n=https%3a%2f%2fi.nextmedia.com.au%2fNews%2f20230829093352_chatgpt.jpg&h=420&w=748&c=0&s=0

Looking Ahead

As we close out 2025, Australia’s cyber landscape remains dynamic and increasingly complex. Organisations continue to face advanced threats, rapid-fire fraud attempts, evolving vulnerabilities and regulatory pressure to strengthen digital trust. Despite these challenges, the year has shown meaningful uplift in national awareness, maturity and resilience.

Thank you for following our Cyber News throughout the year. Wishing you a safe and secure Christmas season and a successful start to the New Year, we’ll see you again in 2026.