Search

ISM OSCAL v2025.10.8  

Oct 8, 2025 - ISM OSCAL v2024.10.8 - based on June 2025 Information Security Manual (ISM) and OSCAL version 1.1.2. A patch release that supersedes v2025.09.15.

ISM OSCAL v2025.09.10  

Sep 11, 2025 - ISM OSCAL v2024.09.10 - based on June 2025 Information Security Manual (ISM) and OSCAL version 1.1.2.

Security tips for travelling   Guidance

Jul 29, 2024 - Learn how to stay secure while travelling with personal devices.

BADBAZAAR and MOONSHINE: Technical analysis and mitigations   Advisory

Apr 9, 2025 - This guidance has been jointly produced by government agencies from the UK, Australia, Canada, Germany, New Zealand, and the US and is supported by members of the NCSC Cyber League. Its provides new and collated threat intelligence on two spywares known as MOONSHINE and BADBAZAAR with guidance for how App store operators, developers and social media companies can keep their users safe.

Russian GRU targeting Western logistics entities and technology companies   Advisory

May 22, 2025 - This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies.

ISM OSCAL v2024.10.4  

Oct 4, 2024 - ISM OSCAL v2024.10.4 - based on the October patch release of the September 2024 Information Security Manual (ISM) and OSCAL version 1.1.2. A patch release that supersedes v2024.09.26.

2023 top routinely exploited vulnerabilities   Advisory

Nov 13, 2024 - This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets.
The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the following recommendations, and those found within the Mitigations section of this advisory, to reduce the risk of compromise by malicious cyber actors.

Personal cyber security: First steps guide   Guidance

Apr 14, 2023 - The first of three cyber security guides in the personal cyber security series is designed to help everyday Australians understand a basic level of cyber security and how to take action to protect themselves from cyber threats.

Australian Information Security Evaluation Program (AISEP)   Program

Dec 11, 2025 - The Australian Information Security Evaluation Program (AISEP) evaluates and certifies products to provide a level of assurance in its security functionality in order to protect systems and data against cyberthreats. These evaluation activities are certified by the Australian Certification Authority (ACA).

2022-02: Australian organisations should urgently adopt an enhanced cyber security posture   Advisory

Apr 28, 2022 - Entities should follow ACSC advice and act on improving their resilience within a heightened threat environment.

Resources library  

Jun 18, 2025 - Resources for individuals, families and small businesses

Exchange server critical vulnerabilities   Alert

Apr 15, 2021 - On 2 March 2021 Microsoft released information regarding multiple exploits being used to compromise instances of Microsoft Exchange Server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange servers exposed to the internet, enabling access to email accounts and to enable further compromise of the Exchange server and associated networks.

Securing edge devices  

Feb 4, 2025 - Malicious actors often target internet-facing edge devices to gain unauthorised access to enterprise networks. Learn how to secure edge devices such as routers, firewalls and VPN concentrators.

Personal cyber security: Advanced steps guide   Guidance

Mar 23, 2023 - The third and final cyber security guide in the personal cyber security series is designed to help everyday Australians understand an advanced level of cyber security and how to take action to protect themselves from cyber threats.

Secure by Design  

Jul 22, 2024 - Secure by Design is a proactive, security-focused approach to the development of digital products and services that necessitates a strategic alignment of an organisation’s cybersecurity goals. Secure by Design requires cyberthreats to be considered from the outset to enable mitigations through thoughtful design, architecture and security measures. Its core value is to protect consumer privacy and data through designing, building, and delivering products with fewer vulnerabilities.

Personal cyber security: Next steps guide   Guidance

Jun 16, 2023 - The second of three cyber security guides in the personal cyber security series is designed to help everyday Australians understand a moderate level of cyber security and how to take action to protect themselves from cyber threats.

Junos OS 22.3R1 for EX4400-24T, EX4400-24P, EX4400-24MP, EX4400-48T, EX4400-48P, EX4400-48MP, EX4400-48F, QFX5120-48YM and ACX5448-M  

Nov 29, 2022 - Product evaluation of a series of network appliance models from the EX4400 Series and QFX5120-48YM and ACX5448-M switches.

Vulnerability Alert – 2 new Vulnerabilities associated with Microsoft Exchange.   Alert

Oct 10, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of 2 zero day vulnerabilities associated with Microsoft Exchange Servers 2013, 2016 and 2019 (Exchange).

Archived reports and statistics  

Feb 13, 2025 - Search archived report and statistics

2021 Top Routinely Exploited Vulnerabilities   Advisory

Apr 28, 2022 - This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.