May 2026
Key cyber trends straight from the desk of Cyber Intelligence
- Zero-day discovery continues, with concerns for the future: Anthropic’s Claude Mythos has reportedly been able to identify significant zero-day vulnerabilities in major IT software globally, causing Anthropic to limit its release and work with software vendors to remediate these threats. We can expect to see more zero-days as AI capabilities develop.
- So what? AUNZ organisations should prioritise defence in depth, including zero trust and patch management mitigations to reduce the chance of a successful compromise.
- Nation states compromise devices to create covert networks: Chinese and Russian nation-state actors have been identified compromising small office/home office (SOHO) routers and Internet of Things (IoT) devices globally to create covert infrastructure networks. Nodes have been identified in AUNZ and present a threat to organisations. Threat actors can exploit these devices for DNS hijacking and adversary-in-the-middle-attacks (AiTM) while obfuscating attribution.
- So what? Organisations should map and baseline their edge devices to identify malicious tradecraft, and review the latest guidance issued by the Australian Cyber Security Centre alongside 15 partner agencies and the UK National Cyber Security Centre.
- Open-source software supply chains increasingly targeted: In March and April, financially motivated and nation-state threat actors have been identified compromising open-source software supply chains to introduce information stealers and remote access trojans.
- So what? As threat actors continue to target open-source dependencies used in common software, such as JavaScript libraries and npm packages, organisations will need to both scrutinise their own critical infrastructure and critical defence pipelines, and gain visibility into the upstream dependencies used by their third parties.
Looking for more insights?
Our intelligence reporting services deliver timely, curated intelligence for your organisation.
The latest from CyberCX
2026 Hack Report
The Hack Report lifts the lid on the state of cyber vulnerabilities in our economy leaving organisations exposed. The insights are built on three years of data analysing over 70,000 findings performed by our Security Testing & Assurance team. Download your copy for practical guidance to defend your organisation in a fast-evolving risk landscape.
After the Mythos moment: The age of AI has transformed cyber readiness
What does the launch of Claude Mythos Preview mean for defenders? Explore why frontier AI models like Mythos are emerging as a gamechanger for the scale and speed at which cyber vulnerabilities can be detected, chained together and exploited, and what organisations should do now to prepare.
Inside the dark and damaging world of deepfakes
Our Cyber Intelligence experts joined Nine’s 60 Minutes to demonstrate how easy it is to generate realistic deepfakes. Watch the full investigation into how deepfake technology is increasingly the social engineering tool of choice for cyber criminals to conduct malicious crimes, requiring a whole of industry, law enforcement and government approach to address the problem.
Privacy fundamentals matter, but the context has shifted
Good privacy starts with knowing your data. But as data becomes difficult to consistently track and govern, organisations increasingly need to look beyond what data they hold to how it is accessed and used in practice. Learn how your organisation can strengthen privacy maturity and improve security posture.
Coming up
Stay ahead with a preview of upcoming webinars, events and more.
June 2 – 2026 Hack Report webinar
Join lead author and Executive Director, Security Testing and Assurance VIC, Liam O’Shannessy, for a consolidated view of the key findings and takeaways from the Hack Report, followed by a live Q&A session to answer your questions.
June 16 – Navigating the decisions that lead to successful and secure AI capability
Join the conversation and get your AI questions answered. Brendan Wilkinolls, Technical Director, Secure AI, will explore how individuals and organisations can make decisions required for successful and secure AI adoption, from both technical and non-technical perspectives.
Subscribe to Cyber Readout