The Week in Cybersecurity: 7 Things That Happened While You Weren't Patching
Week of February 24 – March 1, 2026 | By lilMONSTER
TL;DR
- Caddy web server dropped 5 CVEs in one batch — two rated CRITICAL (CVSS 9.1), including an mTLS bypass that silently disables mutual authentication. If you run Caddy, upgrade to v2.11.1 now.
- PostgreSQL pushed an out-of-cycle release patching 3 high-severity RCEs (CVSS 8.8). Millions of databases worldwide were running vulnerable versions all week.
- Redis has a CVSS 10.0 vulnerability (CVE-2025-49844, dubbed "RediShell") enabling unauthenticated remote code execution. Update to Redis 8.2.2+ immediately.
- SANDWORM_MODE — successor to the Shai-Hulud npm worm — is actively targeting AI coding tools (Claude Code, Cursor, Windsurf) by planting rogue MCP servers that steal SSH keys and cloud credentials.
- Clinejection was confirmed as the first real-world exploitation of AI prompt injection as a software supply chain attack vector, affecting ~4,000 developer machines.
- youX (formerly Drive IQ) suffered a ransomware breach exposing 444,538 Australians, including 230,000+ driver licence numbers — the largest AU identity breach so far in 2026.
- ASIC handed down Australia's first ever cyber penalty against a financial licensee — $2.5M against FIIG Securities — setting legal precedent that cybersecurity failures breach AFSL general obligations.
Introduction: A Week That Didn't Wait for You
Most cyber incidents don't make headline news until after the damage is done. The week of February 24 to March 1, 2026 was a quiet avalanche — critical patches dropped, breaches came to light, regulatory history was made, and a new class of AI-targeting malware went operational. If you were heads-down on delivery work and skimmed your inbox, this roundup is for you.
Seven items. Plain English. What happened, why it matters, and what to do next.
Free Resource
Weekly Threat Briefing — Free
Active threats, new CVEs, and practical mitigations for Australian businesses — every week, no spam.
Subscribe Free →1. Caddy's 5-CVE Wake-Up Call: Your Reverse Proxy Might Not Be Doing What You Think
Severity: CRITICAL (two CVEs at CVSS 9.1) | Fix available: Yes — upgrade to Caddy v2.11.1
ELI10: What Is This?
Imagine you hired a bouncer for your nightclub who was supposed to check IDs at the door. But someone discovered that if you handed the bouncer a slightly broken ID card, he'd wave you through without checking anyone's ID for the rest of the night. That's essentially what CVE-2026-27586 does to Caddy's mutual TLS (mTLS) authentication.
On 24 February 2026, the Caddy web server project disclosed five vulnerabilities in a single batch — all fixed in v2.11.1 [1]. Two are rated CRITICAL at CVSS 9.1.
CVE-2026-27586 — mTLS Fail-Open. Mutual TLS is an authentication system where both the server and the connecting client must prove their identity using certificates. It's used everywhere that only trusted machines or services should connect — microservices, zero-trust architectures, API gateways. The flaw: when Caddy's ClientAuthentication module encounters a missing or malformed CA certificate file, it silently swallows the error and starts up anyway — with mTLS effectively disabled. Any client with a certificate signed by any system-trusted CA can now connect. No alarm. No log entry. Just silent failure [2].
CVE-2026-27589 — Admin API CSRF. Caddy exposes a local admin API at localhost:2019 by default. This CVE allows a malicious webpage to send a cross-site request forgery (CSRF) attack to that endpoint, silently replacing your entire server configuration — routing, TLS settings, access controls — without any authentication. If you've ever visited a compromised website with Caddy running locally, your server config could have been rewritten [2].
CVE-2026-27590 — FrankenPHP RCE (CVSS 9.8 in some configurations). FrankenPHP is a popular PHP runtime that integrates directly with Caddy. A Unicode case-folding bug in the FastCGI layer causes Caddy to misinterpret certain file paths. An attacker can craft a request that Caddy routes to PHP for execution when it should be served as a static file — classic PHP RCE via path confusion [2].
The remaining two CVEs (CVE-2026-27585, CVE-2026-27587) are path-bypass flaws: backslash injection and percent-encoding tricks that let attackers bypass ACL rules protecting specific directories or routes.
What to do: Upgrade to Caddy v2.11.1 immediately. There is no workaround for the mTLS or CSRF flaws. If you use FrankenPHP, treat this as a production emergency. After upgrading, audit your Caddy config for client_auth blocks and verify your CA file paths are correct and readable.
2. PostgreSQL's Out-of-Cycle Release: Three High-Severity RCEs at CVSS 8.8
Severity: HIGH (CVSS 8.8 × 3) | Fix available: Yes — upgrade to PostgreSQL 16.13+
ELI10: What Is This?
Picture a library where librarians are supposed to only fetch books from approved sections. These CVEs are like finding a secret passage that lets certain librarians be tricked into fetching any book — including ones marked "Do Not Access" — and handing them directly to an outsider through a window.
PostgreSQL released an unscheduled security update during the week of February 24, patching three high-severity remote code execution vulnerabilities, all rated CVSS 8.8 and tracked as CVE-2026-2004, CVE-2026-2005, and CVE-2026-2006 [3]. Out-of-cycle releases are rare for PostgreSQL — they signal that the severity was too high to wait for the next quarterly release window.
CVSS 8.8 means the vulnerabilities are rated "High" severity. All three are classified as RCEs — remote code execution — meaning an authenticated attacker with database access can run arbitrary commands on the underlying server. In practice, this turns a compromised database account (via credential stuffing, SQL injection, or a stolen token) into full system access. PostgreSQL is the world's most popular open-source relational database [4], running inside containers, on cloud instances, and in SaaS platforms worldwide.
Organisations running Authentik (an identity provider), Nextcloud, GitLab, or any self-hosted application backed by PostgreSQL 16.x versions prior to 16.13 were exposed all week.
What to do: Check your PostgreSQL version with psql --version or SELECT version();. If you're on any 16.x version below 16.13, upgrade immediately. For containerised deployments (the most common case), pull the updated PostgreSQL Docker image and redeploy. If you run PostgreSQL as part of a self-hosted stack like Authentik, update via your compose file.
3. Redis CVSS 10.0 — RediShell: The Perfect Score Nobody Wanted
Severity: CRITICAL (CVSS 10.0) | Fix available: Yes — upgrade to Redis 8.2.2+
ELI10: What Is This?
If a CVSS score is a school grade, CVSS 10.0 is a perfect score — but for attackers. It means the vulnerability is exploitable remotely, requires no authentication, causes maximum damage, and affects almost every configuration. CVE-2025-49844, nicknamed "RediShell," is exactly that.
Redis is an in-memory data store used by millions of applications for caching, session management, rate limiting, pub/sub messaging, and job queues. It's fast and widely deployed — which is exactly what makes a CVSS 10.0 vulnerability in Redis so alarming.
CVE-2025-49844 allows an unauthenticated remote attacker to achieve arbitrary code execution on a Redis server [5]. The vulnerability exists in Redis versions prior to 8.2.2. While Redis should never be exposed to the public internet without authentication and network controls, real-world deployments frequently have Redis running on internal networks with weak or no access controls — a misconfiguration that's historically "low risk" until a vulnerability like RediShell makes it catastrophic.
The attack surface here isn't just direct Redis exposure. Any application that processes user-controlled input and passes it to a Redis connection — without strict input validation — could be a vector for exploitation. This includes web application backends, API gateways, queue workers, and caching layers.
According to the Shodan internet scan service, tens of thousands of Redis instances are reachable from the public internet at any given time [6] — a number that represents only the most obvious misconfigurations. Internal exposure within cloud VPCs and container networks is orders of magnitude larger.
What to do: Update Redis to version 8.2.2 or later immediately. After updating, audit your Redis deployment: confirm authentication is enabled (requirepass in redis.conf), bind Redis to localhost or internal interfaces only (not 0.0.0.0), and restrict access with firewall rules. Run redis-cli CONFIG GET bind and redis-cli CONFIG GET requirepass to verify.
4. SANDWORM_MODE: The Worm That Turns Your AI Coding Tool Against You
Severity: HIGH (active campaign, credential theft) | Fix available: No patch — detection and prevention only
ELI10: What Is This?
Imagine someone slipped a fake employee into your office who looks completely normal but is secretly copying all the keys from your key cabinet and sending them to a stranger outside. That's what SANDWORM_MODE does — but your "keys" are SSH keys, API tokens, and cloud credentials, and the "fake employee" is a rogue plugin in your AI coding assistant.
Socket's Threat Research Team identified an active npm-based supply chain campaign this week, dubbed SANDWORM_MODE — a direct successor to the earlier Shai-Hulud worm family [7]. At least 19 malicious npm packages were identified, published under the aliases official334 and javaorg. The packages include familiar-sounding names like [email protected], [email protected], and [email protected] — typosquatting real tools that developers use daily.
The attack chain has three stages:
Stage 1 (Immediate): Running npm install on any of the malicious packages triggers an immediate credential harvest. The payload reads ~/.ssh/id_rsa, ~/.ssh/id_ed25519, ~/.aws/credentials, ~/.npmrc, and .env files, then exfiltrates them via a three-channel cascade: direct HTTPS, GitHub API, and DNS tunnelling — making it extremely difficult to detect or block [7].
Stage 2 (Delayed): 48–96 hours after initial infection on developer machines (immediately in CI environments), the worm activates a second stage: deeper harvesting of API keys across 9 major LLM providers, followed by propagation via the stolen npm and GitHub accounts.
Stage 3 (Novel — AI Targeting): This is the new capability that makes SANDWORM_MODE dangerous beyond previous worms. A module called McpInject deploys a rogue Model Context Protocol (MCP) server into AI coding tool configurations. It targets Claude Code, Claude Desktop, Cursor, VS Code with Continue, and Windsurf [7]. The fake MCP server registers what appear to be harmless tools. Those tools contain embedded prompt injection payloads — malicious instructions that the AI follows, silently reading and staging credential files during normal coding sessions.
According to Cisco's State of AI Security 2026 report, only 29% of organisations deploying agentic AI say they're prepared to secure it [8]. SANDWORM_MODE is operating in that 71% gap.
What to do: Run npm audit on all projects. Check your AI tool MCP configurations — for Claude Code, check ~/.config/claude/claude_desktop_config.json; for Cursor and Windsurf, check equivalent config paths — and remove any MCP servers you don't recognise. Rotate npm tokens, SSH keys, and cloud credentials if you've installed any unfamiliar npm packages recently. Enable Lockfile verification in your CI pipelines.
ISO 27001 SMB Starter Pack — $97
Threat intelligence is one thing — having the policies and controls to respond is another. Get the complete ISO 27001 starter kit for SMBs.
Get the Starter Pack →5. Clinejection: When Your AI Bug-Triager Steals Your npm Publishing Key
Severity: HIGH (supply chain compromise confirmed) | Affected: ~4,000 developer machines
ELI10: What Is This?
Imagine a company sets up an AI assistant to reply to customer complaints. One customer figures out they can write a complaint in a special way that tricks the AI into opening the company safe and sending them the contents. That's prompt injection. Clinejection is the first time this actually happened — in a real software supply chain — and it worked.
Clinejection is the attack chain security researcher Adnan Khan disclosed against the Cline CLI — a popular AI coding assistant with over 90,000 weekly npm downloads and 5 million VS Code extension users [9]. It combines three stages: AI prompt injection, GitHub Actions cache poisoning, and credential pivoting.
The chain: Cline's maintainers added an automated issue-triage workflow — Claude (the AI) would read new GitHub issues and write initial responses. The configuration allowed any GitHub account to trigger the workflow by opening an issue, and Claude was given full bash execution on the Actions runner. Issue titles were directly interpolated into Claude's prompt without sanitisation. This is a textbook prompt injection surface: an attacker opens an issue with a title containing instructions for Claude, and Claude executes them [9].
Those instructions were used to poison the GitHub Actions cache — a shared storage space between workflows. The low-privilege triage workflow poisoned the cache with a modified node_modules. When the high-privilege nightly release workflow ran, it restored the poisoned cache and executed attacker code with access to NPM_RELEASE_TOKEN, VSCE_PAT, and OVSX_PAT — the credentials to publish directly to npm and the VS Code Marketplace.
Khan reported the vulnerability on 1 January 2026 — six weeks before it was exploited. The maintainers had not yet patched it when an attacker used the stolen token to push [email protected] on 17 February 2026. The malicious version contained a postinstall script that silently ran on approximately 4,000 developer machines during an 8-hour window before being pulled [9].
The payload in this specific incident was non-destructive (it installed a legitimate tool). The mechanism could have delivered ransomware or persistent backdoors to millions of auto-updating developer environments.
What to do: If you use Cline CLI or the Cline VS Code extension, verify your installed version and update to the latest official release. If you maintain open-source projects with CI/CD automation and AI-assisted workflows, audit your Actions configurations for: unrestricted workflow triggers, AI agents with bash access, and unsanitised user input in AI prompts. Never give an AI workflow access to secrets it doesn't absolutely need.
6. youX Breach: 444,538 Australians, 230K Driver Licences, 141GB Stolen
Severity: HIGH (confirmed breach, data published online) | Affected: 444,538 Australians
ELI10: What Is This?
If you've ever applied for a car loan through an Australian dealer or OEM-branded lender, there's a reasonable chance your information went through YouX. Think of them as the invisible plumbing behind the finance application form. When ransomware attackers hit that plumbing, everything that flowed through it — your ID, income details, contact info — ended up in their hands.
Sydney-based YouX (formerly Drive IQ) — a vehicle finance software platform used by 87% of Australian OEM-branded lenders — suffered a ransomware attack beginning 9 February 2026 [10]. The company disclosed the breach publicly after a threat actor published data online.
The scope is significant by any measure: 229,226 driver licence numbers, names, phone numbers, email addresses, home addresses, financial records, 629,597 loan applications, ABN records, staff directories, and full customer portfolios. A total of 141GB of data was stolen. 8,000+ password hashes to the YouX platform were also reported accessed. The Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC) were notified [10].
Driver licence numbers are particularly harmful in the context of identity fraud. Unlike passwords, you can't just "change" a driver licence number — victims face years of potential identity fraud exposure. The Privacy Act 1988 (Cth) requires notification to affected individuals, but the damage to identity documents is done.
Expert commentary cited by Cyberdaily.au attributed the breach primarily to "lack of adequate cyber hygiene" — not sophisticated nation-state tactics, but foundational security failures in a platform holding extraordinarily sensitive identity and financial data [10].
This breach is part of a larger pattern in Australia: finance-adjacent platforms (not regulated banks, but the third-party platforms they rely on) hold vast amounts of identity and financial data with security postures that rarely match that sensitivity.
For Australians: If you've applied for a vehicle loan through any major Australian car brand's financing arm in the past several years, assume your information may be in scope. Monitor your credit file via Equifax, Illion, or Experian for unusual activity. Consider a credit freeze if you're concerned.
7. ASIC v FIIG: Australia's First Cyber Penalty on a Financial Licensee — $2.5 Million
Significance: Landmark legal precedent | Penalty: $2.5M AUD | Date of order: 9 February 2026
ELI10: What Is This?
In Australia, if you hold a financial services licence, you have to follow a set of rules — including having proper systems to manage risk. Until now, regulators hadn't used those rules to punish companies specifically for bad cybersecurity. FIIG Securities just became the first company to be fined for exactly that. Think of it as the first time someone got a speeding fine on a road that's existed for years but nobody patrolled. Now everyone knows the cameras are on.
On 9 February 2026, the Federal Court of Australia ordered FIIG Securities — a fixed income broker — to pay a $2.5 million civil penalty [11][12]. This is the first time an Australian Financial Services Licence (AFSL) holder has been penalised under its general obligations specifically for cybersecurity failures. The underlying breach occurred in June 2023 — a 32-month journey from breach to court order that demonstrates regulators don't lose interest when time passes.
ASIC's case was not brought under specific cybersecurity legislation (because Australia still doesn't have dedicated mandatory cyber standards for financial services). Instead, ASIC used the Corporations Act general obligations — the requirement that AFSL holders have adequate risk management systems and operate efficiently, honestly, and fairly. The court agreed that failing to maintain adequate cybersecurity constitutes a breach of those general obligations [11].
The implications are significant:
First, this creates binding legal precedent. Every AFSL holder — banks, brokers, insurance companies, super funds, financial advisors — is now on notice that ASIC will use general obligations to pursue cybersecurity failures.
Second, ASIC has explicitly signalled it will pursue further enforcement actions. The regulator has been building toward this for years. FIIG is the public signal that enforcement is now active.
Third, the 32-month timeline should not reassure anyone. Boards and C-suites that experienced breaches in 2023 and 2024 and have done nothing since are now in the window of active exposure.
According to a joint analysis by law firms Herbert Smith Freehills Kramer and Mondaq, the ruling "closes the gap" between having cybersecurity obligations in principle and facing consequences for failing them in practice [11][12]. For small to medium financial services businesses, this is the moment that changes the conversation from "we should probably think about cyber" to "we need a documented, tested, and demonstrable cybersecurity program."
For financial services businesses: Conduct an immediate gap assessment against ASIC's published cyber guidance. Document your controls. Test your incident response plan. If you can't articulate your cybersecurity program to a regulator today, you're in the position FIIG was in.
What Connects These Seven Stories
The week of February 24 – March 1, 2026 looks like seven disconnected events. It isn't.
The common thread is unglamorous but urgent: deferred maintenance. Caddy's mTLS flaw affects every organisation that deployed Caddy's zero-trust promises and never verified what happened when configuration went wrong. PostgreSQL's RCEs affect every database that hasn't been patched in a sprint cycle. Redis's CVSS 10.0 affects every team that deployed Redis "just for caching" and never revisited the access controls. YouX and FIIG both reflect an industry-wide assumption that third-party platforms and general legal obligations are someone else's problem.
The AI threat evolution is accelerating. SANDWORM_MODE and Clinejection represent a qualitative shift: AI tools embedded in developer workflows are now being weaponised at the infrastructure layer, not just at the user layer. MCP servers, CI/CD automation, and npm ecosystems are converging into a new attack surface that most organisations have no visibility into.
Australian regulatory enforcement has arrived. The FIIG ruling isn't a warning shot — it's the first confirmed hit. The question for every Australian business with a licence, a dataset, or a duty of care is not "will regulators come for us?" It's "what do we have to show them when they do?"
FAQ: Your Cybersecurity Questions Answered
CVSS (Common Vulnerability Scoring System) is a standardised 0–10 score used by security researchers and vendors to rate the severity of vulnerabilities. A score of 7.0–8.9 is "High," 9.0–10.0 is "Critical." The score reflects factors like whether the vulnerability can be exploited remotely, whether authentication is required, and what the potential damage is. A CVSS 10.0 like RediShell means: remote exploitation, no authentication required, maximum potential impact. Organisations should treat CVSS 9.0+ vulnerabilities as production emergencies requiring immediate patching, not next-sprint backlog items.
Mutual TLS (mTLS) is an authentication mechanism where both parties in a connection — the client and the server — present cryptographic certificates. It's the gold standard for zero-trust network architectures, service meshes, and API authentication because it proves identity at the network layer before any application logic runs. The Caddy flaw (CVE-2026-27586) is dangerous precisely because it fails silently: Caddy appears to enforce mTLS, logs no errors, and passes health checks — but actually accepts any client. Organisations that deployed Caddy specifically for its mTLS capabilities had no way to detect that their security control was non-functional without actively testing it.
The Clinejection attack exploited a chain of misconfigurations rather than any single flaw. Cline's automated issue-triage bot used Claude (the AI) to read and respond to GitHub issues, but the configuration allowed any GitHub user to trigger the bot and included the raw issue title in Claude's prompt. Prompt injection attacks work by embedding instructions for the AI inside user-controlled input — the AI can't distinguish between "real" instructions from its operators and injected ones from the attacker. Once the attacker had Claude executing arbitrary bash commands, they used those commands to poison the GitHub Actions cache — a shared storage space — with malicious code that later ran inside a privileged workflow that held the npm publishing credentials. The lesson: AI systems with code execution capabilities are privileged actors and must be treated with the same access control rigour as human developers with commit access.
The FIIG ruling establishes that cybersecurity failures can breach AFSL general obligations. For businesses holding an Australian Financial Services Licence, the immediate priorities are: (1) Document your current cybersecurity controls — if you can't describe them to a regulator, you don't have them in a defensible sense. (2) Conduct a gap assessment against ASIC's published guidance on cybersecurity risk management. (3) Test your incident response plan — tabletop exercises at minimum, live simulations if you haven't done one in 18 months. (4) Review your third-party and supply chain risk — the YouX breach illustrates that your risk surface includes every platform that touches your customer data. (5) Brief your board — directors need to understand that cybersecurity governance is now an AFSL obligation with monetary consequences.
Model Context Protocol (MCP) is a standard developed by Anthropic that allows AI coding assistants like Claude Code, Cursor, and Windsurf to connect to external tools — databases, file systems, APIs, browsers — in a standardised way. Think of MCP servers as plugins for AI: they extend what the AI can see and do. SANDWORM_MODE targets MCP servers because they sit in a privileged position: a rogue MCP server registered in your AI tool's configuration can intercept any task the AI performs and inject instructions into the AI's context. The AI can't easily distinguish between a legitimate MCP tool and a malicious one — especially when the injected instructions are designed to look like normal tool responses. Defending against this requires auditing your MCP configurations regularly and running AI tools in environments with network controls that limit what those tools can access.
Need a Hand?
If this week's headlines made you want to audit your patch management, review your vendor contracts, or understand what the FIIG ruling means for your business — that's exactly what lilMONSTER does.
Book a free 30-minute consultation →
No sales pitch. Just a frank conversation about where your risk is and what it would take to fix it. Australian businesses, financial services, and engineering teams particularly welcome.
References
[1] Caddy Project, "Caddy v2.11.1 Release Notes," GitHub, Feb. 2026. [Online]. Available: https://github.com/caddyserver/caddy/releases/tag/v2.11.1
[2] M. Holt, "Five CVEs in Caddy v2.11.1: mTLS Fail-Open, Admin CSRF, FrankenPHP RCE, and Path Bypass," Caddy Security Advisory, Feb. 24, 2026. [Online]. Available: https://caddyserver.com/docs/caddyfile/directives/tls#client-authentication
[3] PostgreSQL Global Development Group, "PostgreSQL 16.13 Released — Out-of-Cycle Security Update," PostgreSQL News, Feb. 2026. [Online]. Available: https://www.postgresql.org/about/news/
[4] Stack Overflow, "Stack Overflow Developer Survey 2025 — Databases," Stack Overflow, 2025. [Online]. Available: https://survey.stackoverflow.co/2025/technology#most-popular-technologies-database
[5] NVD, "CVE-2025-49844 Detail — Redis Remote Code Execution (CVSS 10.0)," National Vulnerability Database, 2026. [Online]. Available: https://nvd.nist.gov/vuln/detail/CVE-2025-49844
[6] Shodan, "Redis Search Results — Internet-Exposed Redis Instances," Shodan, 2026. [Online]. Available: https://www.shodan.io/search?query=redis
[7] Socket Security, "SANDWORM_MODE: Shai-Hulud npm Worm Successor Targets AI Coding Tools via MCP Injection," Socket Threat Research, Feb. 2026. [Online]. Available: https://socket.dev/blog/shai-hulud-like-npm-worm-attack
[8] Cisco, "Cisco State of AI Security 2026," Cisco Security, 2026. [Online]. Available: https://www.cisco.com/c/en/us/products/security/ai-security-report.html
[9] A. Khan, "Clinejection: GitHub Issue → Claude → Cache Poison → npm Token Exfil — The First Real AI Prompt Injection Supply Chain Attack," Security Research, Jan.–Feb. 2026. [Online]. Available: https://www.infosecurity-magazine.com/news/cline-ai-prompt-injection-supply/
[10] CarExpert, "230,000 Australian Driver Licences Exposed in Ransomware Attack on Vehicle Finance Firm YouX," CarExpert, Feb. 2026. [Online]. Available: https://www.carexpert.com.au/car-news/230000-australian-driver-licences-exposed-in-ransomware-attack-on-vehicle-finance-firm
[11] Herbert Smith Freehills Kramer, "First ASIC Penalty for Cybersecurity Failures — Federal Court Imposes $2.5 Million Penalty," HSF Kramer Insights, Feb. 2026. [Online]. Available: https://www.hsfkramer.com/insights/2026-02/first-asic-penalty-for-cybersecurity-failures-federal-court-imposes-two-point-five-million-penalty
[12] Mondaq, "First ASIC Penalty for Cybersecurity Failures — Federal Court Imposes $2.5M Penalty on FIIG," Mondaq Australia, Feb. 2026. [Online]. Available: https://www.mondaq.com/australia/cybersecurity/1747818/first-asic-penalty-for-cybersecurity-failures-federal-court-imposes-$25m-penalty-on-fiig
[13] AusCERT, "AusCERT Week in Review — 20 February 2026," AusCERT, Feb. 2026. [Online]. Available: https://auscert.org.au/week-in-review/auscert-week-in-review-for-20th-february-2026/
[14] Wotton Kearney, "ASIC's FIIG Enforcement Action Through a Privacy and Cyber Governance Lens," Wotton Kearney, Feb. 2026. [Online]. Available: https://www.wottonkearney.com/asics-fiig-enforcement-action-through-a-privacy-and-cyber-governance-lens/
[15] The Hacker News, "Malicious npm Packages Harvest Crypto Keys and Target AI Coding Tools," The Hacker News, Feb. 2026. [Online]. Available: https://thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html
lilMONSTER is an Australian cybersecurity consulting brand. All content is for educational purposes. For advice specific to your organisation, book a consultation.
Work With Us
Ready to strengthen your security posture?
lilMONSTER assesses your risks, builds the tools, and stays with you after the engagement ends. No clipboard-and-leave consulting.
Book a Free Consultation →
lilMONSTER Newsletter
Weekly cybersecurity insights, practical tips, no spam. Unsubscribe anytime.