The Cyber Week That Was

Cybersecurity incidents and developments from December 1 to 5, 2025, revealed important trends and challenges worldwide. This week saw significant events in Australia alongside notable global updates, highlighting how cybersecurity continues to evolve amid rising threats and technological advances like AI. You will find practical insights here to understand recent risks and how they might affect you.

Major Cybersecurity Incidents in Australia

The first week of December has been marked by a series of significant cybersecurity developments, both in Australia and globally. In Australia, the spotlight fell on the defence sector, where contractors were targeted in breaches exposing sensitive material tied to weapons programs. This incident came as the Australian Cyber Security Centre (ACSC) warned of record‑breaking DDoS attacks, SaaS supply chain compromises, and heightened risks to healthcare infrastructure. With the holiday season approaching, ACSC urged organisations to brace for phishing and scam activity, reinforcing the importance of resilience and proactive monitoring.

At the same time, Australia is preparing for a landmark social media ban for under‑16s, set to take effect on December 10. The ban, introduced through amendments to the Online Safety Act, requires platforms to take “reasonable steps” to prevent minors from creating or maintaining accounts. Already, Meta has begun removing Instagram, Threads, and Facebook accounts belonging to users under 16. The eSafety Commissioner has described the measure as a necessary step to protect young Australians from harmful design features and online risks, though critics argue it may drive teens to less regulated platforms.

Global Cybersecurity Developments

Globally, the cybersecurity picture was equally turbulent. Developers faced a wake‑up call after 17,000 sensitive credentials were found exposed in public GitLab projects, highlighting supply chain risks. In the United States, a fintech vendor was hit by ransomware, disrupting services and reigniting debate about financial sector preparedness. South Korea grappled with one of its largest retail breaches to date, as Coupang confirmed data from 34 million customers had been leaked, intensifying concerns about phishing and national resilience. Europe also saw disruption, with Sorbonne University staff records surfacing on the dark web and London councils scrambling to contain shared IT data theft.

What These Events Mean for You

What ties these incidents together is the growing fragility of supply chains and third‑party dependencies. Whether it’s Australian defence contractors, global SaaS platforms, or retail giants, attackers are exploiting trust relationships to gain footholds. For Australia, the lesson is particularly sharp: critical sectors like defence and healthcare are not just national priorities but global targets. For the rest of the world, the message is equally clear — vigilance must extend beyond one’s own perimeter to every partner and platform in the ecosystem.

As 2025 winds down, this week’s events — from Australia’s defence breach and upcoming social media ban to global supply chain exposures — serve as a reminder that cybersecurity is not static. Threats evolve, attackers adapt, and resilience requires constant investment. From Sydney to Seoul, Boston to Berlin, organisations are being tested — and those that emerge stronger will be the ones treating cybersecurity as a cornerstone of trust and continuity.