Search

The Commonwealth Cyber Security Posture in 2020   Reports and statistics

Jun 10, 2021 - The Commonwealth Cyber Security Posture Report in 2020 informs the Parliament of the status of the Commonwealth’s cybersecurity posture. Overall, the report found that Commonwealth entities continued to improve their cybersecurity in 2020. Ongoing effort is required to maintain the currency and effectiveness of cybersecurity measures.

Geo-blocking in context: Realities, risks and recommendations   Publication

May 19, 2025 - This guidance is intended for decision makers and cyber security practitioners. It highlights what to be aware of when identifying the source of a threat and the potential implications of geo-blocking in a broader cyber security strategy.

Advice for Malicious Cyber Activity by Iran   News

Sep 15, 2022 - Australian organisations are urged to be alert to continued malicious cyber activity conducted by Advanced Persistent Threat (APT) actors, assessed to be affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC).

Who we are  

Oct 25, 2022 - Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) leads the Australian Government’s efforts to improve cyber security. Our role is to help make Australia the most secure place to connect online.

Secure-by-Design Foundations   News

Jul 31, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has released updated guidance to help technology manufacturers and those who use their digital product or service to adopt secure-by-design principles.

Sign up for alerts  

Nov 14, 2024 - Sign up for alerts on the latest threats and vulnerabilities.

Spotting scams   Guidance

Learn how to identify phishing messages to stay safe and protect your personal information.

Multiple vulnerabilities present in the Spring Framework for Java   Alert

Apr 4, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of media reporting relating to multiple potential vulnerabilities, including the so-called SpringShell vulnerability, in the Java Spring framework and its execution environments. These vulnerabilities pose a threat to organisations running applications on the web which contain components using the Java Spring framework.

Multiple vulnerabilities present in VMware products   Alert

Aug 4, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of multiple vulnerabilities in VMware products. Affected Australian organisations should take appropriate action.

Artificial intelligence for small business   Publication

Jan 14, 2026 - This guide explains the key cyber security risks of adopting AI technologies and how to reduce while adopting. While traditional threats such as phishing, ransomware and insider threats are still relevant, this guide focuses on other risks that AI introduces.

Security tips for social media and messaging apps   Publication

Jul 14, 2022 - This guide covers the risks of using social media and messaging apps and what to look out for. It also covers ways to help keep accounts safe for business and personal use.

Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure   Advisory

Dec 10, 2025 - This joint Cybersecurity Advisory outlines the tactics, techniques and procedures used by pro-Russia hacktivist groups conducting unsophisticated attacks against US and global critical infrastructure, as well as recommended mitigations.

Fundamentals of Cross Domain Solutions   Publication

Oct 6, 2021 - This publication introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains.

Modern defensible architecture for senior decision-makers   Publication

Oct 23, 2025 - ASD’s ACSC and the following international partners present this guidance to assist senior decision-makers to understand the contemporary threat landscape and how modern defensible architecture can support organisations to defend against current threats and prepare for future threats.

Cloud services   Program

Feb 24, 2023 - The Cloud Services Certification Program (CSCP) ceased on 2 March 2020. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) ceased the Certified Cloud Services List (CCSL) on 27 July 2020 and concurrently released the Cloud Security Guidance package.

Critical vulnerability present in certain versions of Microsoft Excel   Alert

Nov 11, 2021 - Microsoft has identified active exploitation of a vulnerability in Microsoft Excel. Affected Australian organisations should apply the available security update as soon as possible.

Secure your website   Guidance

Jul 29, 2024 - Small business account for over 95% of all businesses in Australia and 72% of them have a website. However, in a world in which websites are increasingly being targeted by cyber criminals, only 36% check for updates every week. For those small businesses with a website, or that are considering one, these three quick wins will help you protect your money, data and reputation.

New guidance on detecting and mitigating Active Directory compromises   News

Sep 26, 2024 - Does your organisation use Microsoft’s Active Directory? Read our latest guidance on Active Directory compromises now.

How to secure your devices  

Nov 29, 2024 - Protect your sensitive data and accounts. Learn how to secure your devices such as your computer, mobile phone and Internet of Things devices.

Critical severity vulnerability in Fortinet Fortigate SSL-VPN devices   Alert

Jun 13, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a critical pre-authentication remote code execution vulnerability in Fortinet Fortigate SSL VPN devices. Australian organisations should patch their products and apply any recommended mitigations.