惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Microsoft Azure Blog
Microsoft Azure Blog
V
V2EX
博客园 - 【当耐特】
WordPress大学
WordPress大学
爱范儿
爱范儿
美团技术团队
宝玉的分享
宝玉的分享
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
小众软件
小众软件
量子位
Hugging Face - Blog
Hugging Face - Blog
B
Blog RSS Feed
Recorded Future
Recorded Future
Engineering at Meta
Engineering at Meta
雷峰网
雷峰网
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
M
MIT News - Artificial intelligence
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 聂微东
H
Hackread – Cybersecurity News, Data Breaches, AI and More
腾讯CDC
大猫的无限游戏
大猫的无限游戏
Jina AI
Jina AI
博客园 - 叶小钗
GbyAI
GbyAI
Y
Y Combinator Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
F
Full Disclosure
G
Google Developers Blog
D
Docker
T
Tailwind CSS Blog
C
Check Point Blog
Last Week in AI
Last Week in AI
人人都是产品经理
人人都是产品经理
T
The Blog of Author Tim Ferriss
B
Blog
博客园 - 三生石上(FineUI控件)
博客园 - Franky
H
Help Net Security
MyScale Blog
MyScale Blog
U
Unit 42
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
I
InfoQ
阮一峰的网络日志
阮一峰的网络日志
The GitHub Blog
The GitHub Blog
L
LangChain Blog
有赞技术团队
有赞技术团队
Martin Fowler
Martin Fowler
Microsoft Security Blog
Microsoft Security Blog

Cyber Daily News

Exclusive: Aussie car part importer Strategic Imports allegedly breached by threat actors New South Wales, other states, investigating Instructure/Canvas data breach Australian Cyber Security Centre warns of ClickFix campaign leveraging Australian infrastructure OpenAI partners with PwC to assist CFOs with AI agents Queensland Department of Education confirms students & staff impacted by ShinyHunters data breach ACMA takes action against SpinTel & Yomojo over mobile number fraud violations The Industry Speaks, Part 1: World Password Day 2026 Qualys and Converge tie cyber insurance pricing to real-time security posture Fakeout: Iranian APT caught hiding behind Chaos ransomware activity Exclusive: Australian energy management firm allegedly breached by SafePay APRA warns of cyber and governance risk due to lagging AI risk management Op-Ed: Australia’s next budget must treat cyber resilience as essential infrastructure Real estate giant Cushman & Wakefield confirms cyber incident, Qilin and ShinyHunters claim attack CrowdStrike expands Project QuiltWorks as more partners join AI security coalition Hacked: ALS discloses cyber incident, unauthorised access to IT systems Microsoft the main target of AI phishing attacks, report uncovers Attackers increasingly turning to trusted security tools to compromise Aussie victims Exclusive: Champion Homes confirms customer data compromised in “cyber event” Australia, Japan commit to partnership to meet cyber security challenges & strengthen cyber defences NSW Treasury cyber incident contained, impact no longer ‘significant’ Report: AI-based data incidents on the rise in Australia WA rental scam surge: Tenants targeted with fake $500 discount trap Aussie Information Commissioner launches Privacy Awareness Week 2026 Unregistered branded text messages to be labelled ‘Unverified’ from 1 July US Federal Reserve outlines AI's influence on the finance sector Exclusive: Major Australian jewellery brand confirms cyber incident Australian government establishes new Cyber Incident Review Board Watch this! Komari server monitor tool abused by hackers Act Now! ACSC warns of active exploitation of cPanel & WHM critical vulnerability Exclusive: Kiwi electrical contractor confirms cyber attack Over 1 in 2 firms have AI privacy concerns: Intuit Exclusive: Prime Properties listed as breach victim by M3rx ransomware Anthropic launches dedicated Claude Security platform to public beta DigiCert launches AI Trust architecture to secure agents, models, and content ‘Rebuilding the enterprise’: How CEOs are preparing for automation Op-Ed: Redefining performance in the AI-powered SOC Ukrainian official advocates for artificial intelligence, autonomous drones for battlefield deployment NZ council cyber attack leads to ID and financial data being exposed ‘Building confidence’: The key to effective AI implementation Vect unveiled: Inside an emerging ransomware group’s affiliate network Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims US Department of War launches cyber-focused apprenticeship program CrowdStrike launches Project QuiltWorks to tackle skyrocketing AI-discovered vulnerabilities Australian government stands up new ‘tripartite forum’ to tackle AI challenges in the workforce Aussie ice-cream franchise Gelatissimo suffers alleged hack by DragonForce Report: Aussie small businesses doing it tough as job scams double, losses rise Cyber attacks on medical devices pose ‘significant’ impact on real-life patient care Twisted Firestarter! Aussie, US, and UK cyber agencies warn of Cisco malware campaign Generation Life informs customers of “cyber incident” as owner shares incident with ASX CBA launches new scam-finding AI agent Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations ANZ appoints its first chief AI officer Westpac appoints Chief AI Innovation Officer as part of technology push ADF strengthens skills as Cyber Command marks 2 years of operation Sri Lankan government hack sees $3.7m destined for Australia stolen Outsiders are already accessing Anthropic’s new AI model, but is Claude Mythos really that powerful? CrowdStrike extends cloud threat detection to Google Cloud Hey big spender! Microsoft to invest $25bn in Australian AI infrastructure AI adoption highest for finance and property SMEs, says NAB Genetec marks Sydney milestone with visit by high commissioner of Canada to Australia Rental platform under fire for collecting excessive personal data Exclusive: SA genealogical research firm confirms cyber incident following SafePay ransom claims Q&A: Quantum cryptography will be a “Y2k times 10 problem,” says DigiCert CEO PentenAmio announces acquisition of Armour Communications Exclusive: Aussie passports compromised in alleged Favelle Favco data breach Cutting edge: Anthropic’s Claude Mythos preview is a ‘double-edged sword’, expert says Treasury staffer charged for NSW government data breach Op-Ed: AI won’t patch the holes in your SOC AI is helping young investors get into the property market Australia’s financial regulators are keeping a close eye on Mythos Game on! More than a third of FIFA World Cup 2026 partners expose Aussies to email fraud risk Dark web markets: A complete Aussie identity costs as little as $200 Your next car may be designed by AI Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group Report: Data collection by school-backed apps in Australia is out of control and a risk to kids Kinetic IT appoints Kishore Jayaram in new chief transformation officer role Anthropic launches Claude Opus 4.7 as researchers reveal fake Claude installer spreading malware Australian Federal Court embraces AI in new practice note FOI docs reveal information commissioner’s concerns over Age Assurance Technology Trial Mortgage fraud now harder to detect thanks to AI McGraw Hill confirms ShinyHunters breach, won’t confirm if any Aussie customers impacted Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway Op-Ed: Australia inspired the EU’s online age restrictions, now it’s time for us to learn from them National Defence Strategy 2026: Spending on military cyber capability to reach at least $15bn Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware Anthropic co-founder confirms Trump admin was informed about Mythos AI model European Commission’s new age verification app removes privacy risk of third-party data collection Op-Ed: ASIO has broken its silence on cyber crime, and you should listen Too-hard basket: NIST to scale back CVE updates as vulnerabilities soar OpenAI launches GPT 5.4-Cyber in response to Anthropic Glasswing CHROs must lead the AI transformation, AI CEO says Op-Ed: Microsoft April Patch Tuesday reveals 167 vulnerabilities Latitude Financial faces $3.96m fine over spam law breaches Kid stuff: Roblox to introduce safety improvements following Aus government warnings ADF joins international military exercise focused on cyber resilience and multi-domain operations WASTED! GTA developer Rockstar Games confirms hack as ShinyHunters demands ‘pay or leak’ Exclusive: Gunra ransomware lists Eric Davis Dental as breach victim Exclusive: NSW pharmacy management firm allegedly breached by INC Ransom US Treasury launches intelligence-sharing initiative with crypto companies Citigroup says AI speeds up new account openings
Op-Ed: Australia’s cyber law is stuck in the past – the Slay Review is our chance to fix it
Chloe Harpley and Dr Huon Curtis · 2026-05-15 · via Cyber Daily News

The numbers are stark. In 2018, the average time between a software vulnerability being disclosed and an attacker weaponising it was 2.3 years. Today, it’s 20 hours.

Last month, Anthropic released Claude Mythos – an AI model capable of discovering zero-day vulnerabilities at scale, across every major operating system, faster than any human team. The physics of cyber threats have changed again, and the gap between attacker capability and defender readiness is widening faster than any legislative framework anticipated.

The Security of Critical Infrastructure Act (SOCI Act) was written in that earlier world, and it shows.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

Dr Jill Slay AM’s independent review of the SOCI Act makes uncomfortable reading for those working across critical infrastructure and cyber security. Approximately 70 per cent of the sentiment expressed across more than 600 town hall participants was negative. Operators aren’t rejecting the act’s purpose. In fact, respondents widely support the need for the framework. What they’re rejecting is its execution: it’s too reactive, too slow, and structurally unable to keep pace with a threat environment that has changed beyond recognition since 2018.

The culture problem is as serious as the legislative one

One of the review’s most striking findings isn’t about law, but rather the attitude of people deeply embedded in SOCI compliance. The review concluded that the majority of people in these roles have no meaningful emotional connection to the national security purpose of the work. Penalties, when they exist at all, are widely seen as easier to pay than to comply with. Boards, respondents noted, simply don’t care. The result is a sector optimising for attestation cycles and audit readiness, not for the adversary.

That’s the wrong target.

Mandatory sharing: the sector has spoken

For years, the debate around cyber threat intelligence (CTI) sharing has been framed as a question of appetite: do operators actually want to share? The Slay Review answers that definitively. Mentimeter data from more than 460 town hall attendees shows a majority favour mandatory over incentivised CTI sharing. This is no longer a matter of preference. The question has shifted to implementation: how do we build the institutional architecture that mandatory sharing requires?

The answer matters enormously because not all architectures are equal.

Reporting up isn’t sharing

Recommendation 6A calls for mandatory bidirectional threat information exchange between government and operators, modelled explicitly on the United States Cybersecurity and Infrastructure Security Agency’s (CISA) framework. This is one of the review’s most important structural findings, because it names the asymmetry that has frustrated operators for years: you report up, but little of operational value comes back.

That asymmetry isn’t a minor service gap. The review treats it as a structural deficiency requiring legislative remedy. The government must share what it knows with the sector, and not just receive what the sector reports.

The CISA model is worth examining honestly

The review cites CISA as the international benchmark, but the comparison requires candour. The Cybersecurity Information Sharing Act of 2015, which underpins voluntary US private-sector sharing and its liability protections, expired in September 2025. It has survived only through short-term congressional extensions. Significant components of CISA’s operational capability have effectively been switched off by recent budget decisions.

A national intelligence capability that exists only as long as a funding line is protected isn’t a sovereign capability. It’s contingent capability. Australia has historically drawn on CISA’s frameworks, tooling, and threat intelligence outputs. Where that pipeline narrows, the gap doesn’t fill itself.

This is precisely why Australia is building that capability on different terms: industry-led, cross-sector, and not contingent on the rhythms of another country’s budget cycle; one that persists through geopolitical disruption, budget volatility, and changes in government because it is not dependent on any of them.

The window is open now

The government has accepted all six of the review’s recommendations in principle. Tranche 1 consultation closed 1 May 2026. Tranche 2, where the information-sharing mandate and legislative architecture will actually be determined, is the critical window. The drafting is where the detail and risk both coincide.

Operators who stay on the sidelines during that process will live with the result.

The review’s call to clarify the protected information framework in Part 4 of the SOCI Act is equally urgent. Legal uncertainty has been a genuine barrier to participation for years. Some operators avoid sharing due to real legal exposure; others avoid it due to uncertainty about what the law actually permits. Both are legitimate concerns, and both deserve resolution before Tranche 2 drafting is complete.

What good looks like

Done well, CTI sharing transforms security from a reactive compliance function into shared situational awareness: a community of defenders who collectively see more than any of them could alone, and who act on that knowledge before the attack rather than after it.

The Slay Review has given Australia the clearest policy signal yet that this is the direction of travel. The reform process now needs to match the ambition of the diagnosis, rather than producing another compliance layer that operators work around. We have the opportunity here to build a genuine intelligence-sharing culture with the institutional architecture to sustain it.

The physics of the problem have changed. The framework needs to change with them.


CI-ISAC Australia is the nation’s only cross-sector critical infrastructure cyber intelligence-sharing organisation. If you’d like to learn more, book a briefing here.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.