2026 Hack Report: Insights from CyberCX offensive security testing → 

decor

June 2026

Key cyber trends straight from the desk of Cyber Intelligence

 

  • AI advances expected to drive increased threat activity – Following Anthropic’s limited release of Claude Mythos Preview, last month saw record numbers of vulnerabilities patched by software vendors such as Microsoft and Mozilla. CyberCX Intelligence expects the overall scale and pace of threat activity to continue to climb as frontier AI capabilities are acquired by cyber crime actors.
    • So what? AUNZ organisations should prioritise review of their patch management protocols to prepare for record levels of vulnerability disclosure over the next 3-6 months.
  • Social engineering remains a highly effective initial access vector – In May several major social engineering campaigns occurred, including ongoing device code phishing activity targeting AUNZ Microsoft 365 environments and a vishing campaign conducted by cyber extortion group BlackFile.
    • So what?  Organisations are encouraged to implement phishing-resistant MFA as threat actors continue to abuse adversary-in-the-middle (AiTM) techniques to bypass multi-factor authentication (MFA), and to invest in employee education and awareness to combat social engineering attempts.
  • Open-source software supply chains targeted via malicious packages – TeamPCP, a recently emerged threat actor known for its software supply chain attacks, compromised several AI-related projects in order to distribute a variant of the Shai-Hulud malware, dubbed “Mini Shai-Hulud”, which it subsequently made publicly available encouraging other threat actors to participate in a “supply chain competition”. 
    • So what? AUNZ organisations should prepare for an increase in worm-like malware targeting developer environments, secrets and CI/CD pipelines, and review and approve package updates before deployment within development environments, especially as more threat actors adopt the leaked Mini Shai-Hulud tooling.
cta icon

Looking for more insights?

Our intelligence reporting services deliver timely, curated intelligence for your organisation.

The latest from CyberCX

 

decor

Your top questions answered about the 2026 Hack Report

Find out the answers to the top questions our customers asked about the report findings, including future cyber trends, AI’s role in penetration testing, and advice on vulnerability management from expert Liam O’Shannessy, Executive Director Security Testing and Assurance, VIC.

Learn more

decor

CyberCX is Rugby Australia’s official cyber security partner

CyberCX has extended a multi-year partnership with Rugby Australia as the official cyber security partner of the Wallabies and Wallaroos. Learn how we’re working together to secure technology infrastructure, protect sensitive data and intellectual property, and bolster overall organisational resilience. 

Learn more

decor

EOFY scams: what one security leader wants you to know about high-volume periods

EOFY doesn’t create new scam risks, it creates conditions that make it easier for scammers to succeed. Explore why EOFY is a prime window for payment scams and what your team can do to strengthen controls before 30 June.

Learn more

decor

Why ‘one size fits all’ is the wrong approach for cyber security

Treating security as a tick-box or a final step is an approach that is bound to fail. Read the blog to find out why organisations must take a more tailored approach to cyber security, and where they should be focusing remediation efforts for the greatest ROI.

Learn more

Your weakest link: How your supply chain can enable a cyber attack

Supply chain attacks are surging, and most organisations are blind to their exposure until it’s too late. Read the blog to explore the common pitfalls organisations make with third party risk management (TPRM) and how to build strong cyber resilience so your partnerships become an enabler, not a risk.

Learn more

decor
decor
decor
decor

Subscribe to Cyber Readout

 

cta icon

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.