Blog

This week, security researchers confirmed that a self-propagating worm had been working its way through the npm ecosystem — the Node Package Manager registry that underpins a substantial portion of the world's JavaScript and TypeScript codebases. The worm, tracked under the name CanisterSprawl, targ...

The Office of the Australian Information Commissioner publishes the Notifiable Data Breaches statistics every six months. Most readers treat them as a press cycle — a chance to nod at the trend lines and move on. That is a missed opportunity. The figures, read carefully, are an unusually candid map...

Most Australian organisations we meet already have a one-page summary of the ASD Cyber Security Principles pinned somewhere. Govern. Identify. Protect. Detect. Respond. Recover. Beyond the principles, the actual work is tracing each of those six functions down into the specific controls in the In...

Every second Australian board paper I have read this year opens with the same sentence: ransomware is on the rise. It's true, but it's also lazy. The more useful question — the one that actually changes how you prepare — is how it has changed. Because what we are responding to in 2025 is not the...