Cyber Uncut

Australian students and teachers have been compromised by an international data breach, with thousands of kids likely impacted. David Hollingworth and Daniel Croft break down how it happened, why it matters, and what schools need to do to protect themselves. PLUS! Cyber Daily partners with Austrade to bring you a series of interviews direct from the RSA Conference 2026.

Artificial intelligence is having an impact on almost every industry, and finance is no exception – that's why the US Federal Reserve is helping the sector navigate the global impact of AI. And while organisations are adopting the technology at pace, they're often too slow to secure it. Understand why that matters and what your organisation can do.
The big news of the week stems from a breach of cloud education platform provider Instructure, and Aussie schools – and staff and students – have already been compromised. Find out what happened, who did the hacking, and what it means for the education sector at large. If you're a school CISO, this is vital information!
Finally, the podcast wraps up with a pair of special guests, as Austrade's investment director at the Australian embassy in Washington sits down with ThreatLocker's Rob Allen to talk about the company's philosophy, its operations in Australia, and the importance of application control in the modern enterprise.
Just another week in cyber security.
Enjoy,
The Cyber Uncut team

Qualys ANZ managing director Sam Salehi joins the Cyber Uncut podcast to expose the expanding AI attack surface, the governance gaps exposing organisations, and why boards must translate cyber risk into dollars to take it seriously.

This week on the Cyber Uncut podcast, host Liam Garman speaks with Qualys ANZ managing director Sam Salehi about the rapidly evolving "AI attack surface" – from shadow AI usage and prompt injection risks to data leakage and model vulnerabilities – and why a lack of visibility is leaving businesses exposed before they even realise it.
Salehi outlines the core problem facing security leaders: organisations often don't know what AI tools are already in use, let alone how to secure them. The conversation explores how fragmented tooling, poor asset inventory, and missing business context are undermining risk management efforts, while boards continue to push AI adoption for efficiency gains. Salehi argues that leaders are flying blind, prioritising the wrong threats while leaving critical exposures unaddressed.
From data minimisation and API security to continuous monitoring and the rise of the "risk operations centre", Salehi emphasises the need for a unified, risk-based approach. His bottom line is blunt: in an environment where exploitation timelines are shrinking to hours, the only metric that matters is how quickly organisations can detect and close exposure – before attackers do.
Enjoy,
The Cyber Uncut team

The release and messaging surrounding the 2026 National Defence Strategy and 2026 Integrated Investment Program is just the latest salvo in the government's effort to direct the national conversation about our national security.
With the government emphasising major increases in Defence spending over the next decade, the government is hoping that the headline figures and a lack of public understanding of Defence spending will be enough to convince the nation we're doing enough to protect our interests.
Hosts Phil Tarrant, Major General (Ret'd) Dr Marcus Thompson and Steve Kuper deep dive into the current battle for control of the narrative and the unfolding strategies being leveraged to target various Australian demographics, with specific examples in the economic domain as Australians face increasing inflation and fuel insecurity despite what they're being told.
The trio also unpack the latest announcements around the winds of change sweeping through the Department of Defence, with the recent appointments to chief of Defence, chief of Army and the appointment of the new secretary of Defence designed to emphasise the government's priority areas: national resilience and sovereignty.
Enjoy the podcast,
The Contested Ground team

David Hollingworth and Daniel Croft dive into the biggest stories in cyber security and cyber intelligence, and Anthropic's Claude Mythos preview and Project Glasswing continue to cover both – and it's already been breached. Plus, age verification plans in the European Union (EU), and a wrap-up of ransomware incidents impacting Aussie businesses.
Love it or hate it, but age verification appears to be here to stay, and while Australia may be struggling with its implementation, Hollingworth and Croft think the EU may be on to something with its take – find out why, and why it's a better idea than Australia's.
Anthropic's Claude Mythos AI model is hyped as a vulnerability-hunting powerhouse and too dangerous to share, but outsiders have already gotten inside. And one expert thinks the hype for the platform doesn't match the reality.
Finally, it's been another less-than-stellar week for ransomware actors targeting Australian businesses, with a crane manufacturer, a pharmacy, and a family history society all falling victim to hackers.
Just another week in cyber security.
Enjoy,
The Cyber Uncut team

We are consistently reminded that Australia is a maritime trading nation and, as such, is exposed to all the vulnerabilities. So why haven't we prepared accordingly?
As the ceasefire in the Middle East collapses and both sides begin to once again ramp up their efforts to assert control over the Strait of Hormuz and the globally sensitive waterway, Australia is reminded of its inherent vulnerability to global maritime shocks.
To date, Australia's response to these challenges has been to default to the organs and institutions established by the post-World War II order, seeking arbitration, mediation and resolution, however, those mechanisms no longer suffice.
In this episode of the Contested Ground podcast, host Steve Kuper is joined by UNSW's Professor Douglas Guilfoyle and Associate Professor Daniel Prior, authors of the World in Transition report detailing the challenges which face Australia and now thrown into public focus as a result of the conflict in the Middle East.
The trio deep dive into the legal, economic and political challenges that have emerged as a result of the conflict in the Middle East and Australia's mounting issues that will only continue to compound in the coming months.
They also discuss the ramifications of post-Cold War globalisation and the creation and vulnerability of the "just in time" supply chain ecosystems and what can be done to minimise our exposure to these challenges.
Finally, they also interrogate the phenomena of "friendshoring" and "reshoring" as solutions to bringing supply chains closer to home as a means of securing national interests and what models can be leveraged to change Australia's self-inflicted vulnerability.
Enjoy the podcast,
The Contested Ground team