Stay Ahead of Cyber Threats with Expert Insights
Practical cybersecurity guidance, incident response expertise, and industry intelligence for Australian law firms and businesses.
The Legal Cyber Brief — monthly cyber intelligence for law firm leaders. Threats, regulatory shifts, and practical tools from the field. No fluff.
CYOODA - Newsletter
Welcome to the “Cybersecurity Loop” Edition #17
🎄 Ho Ho Ho! 🎄 Welcome to the festive edition of the cybersecurity loop! Quick heads up - I'm building something new for 2026. It's called "The Reluctant CISO":...
Welcome to the “Cybersecurity Loop” – Edition #13
Now, before we unpack this month's stories, just a quick note to let you know that we will be on Stand #55 at the ALPMA Summit 2025 in Sydney, 3...
Welcome to the “Cybersecurity Loop” – Edition #12
Every few weeks, I share a quick pulse on what's happening in the world of cybersecurity, framed for law firm leaders and risk stakeholders across Australia. Think of it as...
Thoughts and articles by Cyooda
All
- All
- Cybersecurity
- Detection Engineering
- How To Guides
- Ransomware Insights
- Security Insights
AML Tranche 2 and Cybersecurity: Same Problem, Different Regulator
Australian law firms are spending serious time and money preparing for AML Tranche 2. And they should be. The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 brings legal...
First 24 Hours Post-Breach: Key to Your Firm’s Next Year
Your Firm's First 24 Hours After a Breach Will Define the Next 12 Months In every incident I've worked, from compromised email accounts at mid-tier firms to full-scale ransomware events...
Fractional Security Leadership: The vCISO Model for Law Firms
The security questionnaire from your largest client just landed. It's 200 questions. Your IT provider can answer maybe 40 of them. The rest require someone who understands your firm's risk...
Penetration Testing for Law Firms: What to Expect and Why It Matters
"We got into your trust account in 2 hours." The managing partner's face shifted through several expressions - disbelief, concern, and finally something like relief that this was a test...
Cybersecurity news from around the world
Fractional Security Leadership: The vCISO Model for Law Firms
The security questionnaire from your largest client just landed. It's 200 questions. Your IT provider can answer maybe 40 of them. The rest require someone who understands your firm's risk...
![[Aggregator] Downloaded image for imported item #73879](data:image/svg+xml;nitro-empty-id=MTIwODo0MzM=-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNDQyIDQ0MiIgd2lkdGg9IjQ0MiIgaGVpZ2h0PSI0NDIiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+ "[Aggregator] Downloaded image for imported item #73879")
GRU-Linked BlueDelta Evolves Credential Harvesting
The analysis cut-off date for this report was September 11, 2025 Executive Summary Between February and September 2025, Recorded Future's Insikt Group identified multiple credential-harvesting campaigns conducted by BlueDelta, a...
![[Aggregator] Downloaded image for imported item #73388](data:image/svg+xml;nitro-empty-id=MTI2MjozOTk=-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNDEzIDQxMyIgd2lkdGg9IjQxMyIgaGVpZ2h0PSI0MTMiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+ "[Aggregator] Downloaded image for imported item #73388")
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in...
![[Aggregator] Downloaded image for imported item #73315](data:image/svg+xml;nitro-empty-id=MTMxNjozODk=-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNDEzIDQxMyIgd2lkdGg9IjQxMyIgaGVpZ2h0PSI0MTMiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+ "[Aggregator] Downloaded image for imported item #73315")
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the...
![[Aggregator] Downloaded image for imported item #73287](data:image/svg+xml;nitro-empty-id=MTM3MDo0MDE=-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNTc2IDU3NiIgd2lkdGg9IjU3NiIgaGVpZ2h0PSI1NzYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+ "[Aggregator] Downloaded image for imported item #73287")
MITRE shares 2025’s top 25 most dangerous software weaknesses
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. The list was released...
![[Aggregator] Downloaded image for imported item #69964](data:image/svg+xml;nitro-empty-id=MTQyNDo0MTM=-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNTc2IDU3NiIgd2lkdGg9IjU3NiIgaGVpZ2h0PSI1NzYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+ "[Aggregator] Downloaded image for imported item #69964")
UK fines LastPass over 2022 data breach impacting 1.6 million users
The UK Information Commissioner's Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted...
![[Aggregator] Downloaded image for imported item #72462](data:image/svg+xml;nitro-empty-id=MTQ3ODozOTQ=-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNDEzIDQxMyIgd2lkdGg9IjQxMyIgaGVpZ2h0PSI0MTMiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+ "[Aggregator] Downloaded image for imported item #72462")
MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants
Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users...
![[Aggregator] Downloaded image for imported item #72460](data:image/svg+xml;nitro-empty-id=MTUzMjo0MDM=-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNTEyIDUxMiIgd2lkdGg9IjUxMiIgaGVpZ2h0PSI1MTIiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+ "[Aggregator] Downloaded image for imported item #72460")
OpenAI discloses API customer data breach via Mixpanel vendor hack
OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. Mixpanel offers event analytics that OpenAI uses to...
Lvl 17, Angel Place,
123 Pitt Street,
Sydney
NSW 2000
(02) 7230 1350
The Legal Cyber Brief — monthly cyber intelligence for law firm leaders.