bgp group logo
Client Portal

ESET spots “PromptLock” AI-powered ransomware

Slovakia-based cyber security vendor ESET said it has discovered “the first known” artificial intelligence-powered ransomware that generates malicious scripts on-the-fly on infected machines. ESET called the ransomware “PromptLock”, and has uploaded Microsoft Windows and Linux samples to Google’s VirusTotal scanning site. For now, ESET said there are multiple indicators that suggest the ransomware, which is […]

Home Affairs adds SecOps to new cyber risk overhaul

Home Affairs is investing in cyber security operations after an extensive program to overhaul its cyber risk management and system authorisation processes. The department is in the early stages of implementing ServiceNow’s SecOps module for incident response, integrating it with the vendor’s integrated risk management (IRM). Home Affairs director of cyber risk management Alex Reale […]

Exetel fined $694k over system ‘vulnerability’ for mobile number porting

Exetel has been penalised $694,000 after scammers were able to port mobile numbers to the telco and use them to steal hundreds of thousands of dollars from bank accounts. An investigation [pdf] by the Australian Communications and Media Authority (ACMA) found that unspecified “bad actor/s” were able to port 73 numbers to Exetel through an […]

AI summarisers open to ‘ClickFix’ social engineering attacks

Security researchers have developed a sophisticated prompt injection attack that abuses trusted AI summarisation tools, and potentially turns these into ClickFix-style step-by-step instructions to compromise user systems. The technique, detailed in new research from Singapore security vendor CloudSEK, exploits the gap between what humans can see on a webpage and what artificial intelligence models process […]

Qantas makes architectural changes to its API management platform

Qantas has made a series of architectural changes to its API management platform, improving its reliability and resiliency, which has encouraged usage. Speaking at WSO2Con Asia 2025 in Sri Lanka at the end of last month, principal engineer in the integration and engineering domain at Qantas IT, Waleed Ahmed, said the airline has used the […]

Attackers weaponise Linux file names as malware vectors

A researcher at security vendor Trellix has uncovered a Linux malware attack that embeds malicious code directly into file names, a technique that bypasses most traditional security defences. The attack involves crafting a file name that contains bash command interpreter shell code which, if executed, sets in motion a Linux-specific malware infection chain, researcher Sagar […]

Defence’s ERP bill with IBM hits $575m

The Department of Defence has inked a fresh agreement with IBM related to its enterprise resource planning (ERP) overhaul, bringing the value of the total engagement to at least $575 million since 2019. The latest $18.7 million agreement, set to begin on September 1, covers a year’s worth of consultancy support as Defence pushes ahead […]

Microsoft plans full quantum-resistant cryptography transition by 2033

Microsoft has outlined a timeline to protect its services and customers from future quantum computing threats that could render current encryption methods obsolete. Majorana 1 Microsoft The tech giant now aims to have quantum-safe encryption ready two years ahead of the 2035 deadline set by most governments worldwide. Microsoft warns that scalable quantum computing could […]

AI browsers fall for scams and phishing, security researchers say

Agentic artificial intelligence (AI) web browsers that can act autonomously on users’ behalf appear to be extremely gullible and unsafe to use, falling for hoary old scams as well as newer attacks, security researchers suggest. Consumer oriented security vendor Guardio built three scenarios to test how AI browsers handle fake ecommerce and phishing sites, along […]

Microsoft shrinks Chinese access to cyber early warning system

Microsoft has scaled back some Chinese companies’ access to its early warning system for cyber security vulnerabilities following speculation that Beijing was involved in a hacking campaign against the company’s widely used SharePoint servers. The vendor announced that several Chinese firms would no longer receive “proof-of-concept code,” which mimics the operation of genuine malicious software. […]