Fujitsu Cyber - Threat Intelligence Reports
Our Threat Intelligence Reports offer a practical, regional view of the cyber threats affecting organisations across Australia and New Zealand. Built on real‑world activity observed by our teams and shaped by hands‑on experience across consulting, threat hunting and managed services, each monthly report provides clear, actionable guidance to help improve cyber resilience.
In this edition, we explore how the Aura data breach shows that just one hour of legitimate access can be enough to expose hundreds of thousands of records. How AI‑driven vulnerability discovery, highlighted by Mythos and Project Glasswing, is compressing the zero‑day window. Practical, framework‑aligned steps that dev teams can take to strengthen supply‑chain security.
This report looks at how AI is reshaping cyber risk, from new malware techniques designed to evade modern security tools, to AI‑driven attacks that target trust, language and identity rather than traditional software flaws.
This month highlights how modern cyber threats succeed through scale, visibility gaps and misplaced trust - spanning software supply‑chain compromise, industrialised botnets, detection blind spots, OSINT exposure, and the operational risks organisations create when they lack clear visibility of their environments.
January’s report examines how identity‑driven attacks, third‑party exposure and emerging infrastructure abuse are shaping today’s threat landscape, from state‑sponsored activity and significant New Zealand breaches, to metadata leaks, crypto‑enabled command‑and‑control and the human factors that turn incidents into large‑scale events.
Bringing together the most significant threat insights of the year, this edition shows how trust, identity and scale were exploited throughout 2025, from ransomware and supply‑chain compromise to cloud credential theft, AI‑enabled attacks, operational technology risk and the growing abuse of legitimate platforms and services.
This edition explores how attackers are abusing trusted infrastructure and common development practices, from dead‑drop command‑and‑control techniques and changes to the OWASP Top 10, to a critical WSUS vulnerability that demonstrates how “safe” systems can quickly become points of failure.
