A podcast about real threats, real Australian incidents and practical advice for SMBs.
Rapid Response: Australian Cybersecurity Podcast
Claim This Podcastby Adarsha Sigdel
5 episodes
Updated Daily
Accepts GuestsHas SponsorsLocation 🇦🇺
Podcast Overview
A podcast about real threats, real Australian incidents and practical advice for SMBs.
Language
🇺🇲
Publishing Since
2/4/2026
1 verified contact email on file for Rapid Response: Australian Cybersecurity Podcast
Pitch yourself as a guest, propose sponsorships, or reach out directly to the host.
Recent Episodes
May 31, 2026
The Plot Twist- MFA isnt enough anymore
<p>You turned on two-factor authentication. You told your team to do the same. So why are Australian businesses still getting breached?</p><p><br></p><p>In April 2025, cybercriminals raided five of Australia's biggest super funds in a single coordinated attack — not by hacking their systems, but by using passwords already stolen from somewhere else. AustralianSuper CEO Paul Schroder was explicit: "AustralianSuper was not hacked." The attackers didn't need to be.</p><p>This episode covers the three techniques that are now bypassing MFA at scale — and what you can do about it this week.</p><p>━━━━━━━━━━━━━━━━</p><p>WHAT YOU'LL LEARN</p><p>━━━━━━━━━━━━━━━━</p><p>• Session hijacking: how attackers steal your already-authenticated browser tokens — without needing your password or MFA code — and use them to log in as you</p><p>• Adversary-in-the-Middle (AiTM) phishing: how tools like Tycoon 2FA intercept your MFA approval in real time, with no technical skill required</p><p>• MFA fatigue (push bombing): the surprisingly simple technique that brought down Uber in 2022 — and is still working today</p><p>• How to harden your defences across all three attack types</p><p>• A 30-day uplift plan you can implement without a dedicated IT team</p><p>━━━━━━━━━━━━━━━━</p><p>THE NUMBERS BEHIND THIS EPISODE</p><p>━━━━━━━━━━━━━━━━</p><p>• 94 billion browser cookies were stolen by infostealer malware in 2025 and listed on dark web markets (NordStellar, 2025)</p><p>• 54% of ransomware victims had their credentials exposed in stealer logs before the attack happened (Verizon DBIR, 2025)</p><p>• Identity-based attacks surged 32% in just the first half of 2025 — and 97% relied on stolen passwords, not exploits (Microsoft Digital Defense Report, 2025)</p><p>• The average cost of a cyber incident for an Australian small business is now $56,600 — up 14% in one year (ASD ACSC Annual Cyber Threat Report, 2024–25)</p><p>• 1.1 million Australian accounts were breached in Q1 2026 alone (Surfshark, 2026)</p><p>━━━━━━━━━━━━━━━━</p><p>REAL BREACHES COVERED</p><p>━━━━━━━━━━━━━━━━</p><p>• AustralianSuper and four other super funds (April 2025) — 600 accounts, $500K stolen via credential stuffing</p><p>• Qantas (July 2025) — up to 6 million customer records taken via a single vishing call to a third-party call centre</p><p>• Uber (September 2022) — network compromised via MFA fatigue and WhatsApp social engineering</p><p>━━━━━━━━━━━━━━━━</p><p>YOUR 30-DAY ACTION PLAN</p><p>━━━━━━━━━━━━━━━━</p><p>Week 1 — Audit & visibility (check haveibeenpwned.com for your domain tonight — it's free)</p><p>Week 2 — Harden your authentication</p><p>Week 3 — Protect devices and train your team</p><p>Week 4 — Monitor, test, and lock in the habit</p><p>━━━━━━━━━━━━━━━━</p><p>RESOURCES</p><p>━━━━━━━━━━━━━━━━</p><p>• Report a cyber incident or sign up for ACSC alerts: cyber.gov.au</p><p>• Check if your business domain has been exposed: haveibeenpwned.com</p><p>• ASD Essential Eight framework: cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight</p><p>━━━━━━━━━━━━━━━━</p><p>Rapid Response is a cybersecurity podcast for Australian small and medium business owners. New episodes tackle one real threat at a time — and tell you exactly what to do about it.</p><p>If this episode was useful, share it with a business owner who needs to hear it.</p><p><br></p><p>Music track: Lucifer by Pufino</p><p>Source: https://freetouse.com/music</p><p>Royalty Free Music (Free Download)</p>
April 30, 2026
From Bug to Breach — Why Vulnerability Management Just Got Harder
<p>Cyberattacks don't start with ransomware screens or phishing emails. They usually begin much earlier — wherever a software vulnerability meets an attacker who knows how to exploit it.</p><p>This episode breaks down the <strong>six-stage attack lifecycle</strong> (reconnaissance → initial access → execution → privilege escalation → impact → cover-up) and shows exactly where vulnerabilities appear at every step. We then examine how frontier AI models like Anthropic's <strong>Claude Mythos</strong> — shown in controlled tests to autonomously discover and exploit thousands of previously unknown vulnerabilities — are compressing the timeline between bug discovery and real-world attacks.</p><p>For Australian SMBs, this means less time to react and a greater need for clarity about critical systems, vendor dependencies, and decision-making.</p><p>In under 20 minutes, you'll learn:</p><ul><li><p>How vulnerabilities fuel the entire attack chain, not just "initial access"</p></li><li><p>Why AI-driven discovery tools are changing vulnerability management priorities</p></li><li><p>The difference between CVSS scores and real-world exploitability</p></li><li><p>A <strong>practical 5-step vulnerability reset</strong> grounded in industry standards (CISA KEV, EPSS, NIST)</p></li></ul><p>If you've ever wondered whether vulnerability management is "enterprise-only" or what SMBs should actually prioritise — this episode provides clear, actionable answers.</p><p><strong>Key takeaways:</strong></p><ul><li><p>Map internet-facing + business-critical systems first</p></li><li><p>Prioritise by exposure/impact, not severity scores alone</p></li><li><p>Define explicit remediation targets (24-72hrs for critical)</p></li><li><p>Assign clear ownership for decisions and verification</p></li></ul><p>Perfect for business owners, IT leads, and MSPs serving Australian SMBs.</p><p><br></p><p>References:</p><p>https://red.anthropic.com/2026/mythos-preview/</p><p>https://www.cisa.gov/known-exploited-vulnerabilities-catalog</p><p>https://www.first.org/epss/</p><p>https://csrc.nist.gov/pubs/sp/800/40/r2/final</p><p><br></p>
March 31, 2026
Cyber Attacks on Critical Infrastructure: Why SMBs Should Care
<p>Cyber Attacks on Critical Infrastructure: Why SMBs Should Care” explores how threats against power, water, telecoms, banking and logistics are no longer just a “big government” problem, but a daily business risk for small and medium organisations. </p><p>The episode breaks down fresh data from the Australian Cyber Security Centre, which responded to over 1,200 incidents in 2024–25, with around 13% involving critical infrastructure sectors such as energy, transport, communications and financial services. It also draws on the World Economic Forum’s Global Cybersecurity Outlook 2026, showing that about 64% of organisations are now planning for geopolitically motivated attacks on critical infrastructure and less than half of CEOs are confident their country could manage a major CI incident. </p><p>Through real examples of grid, water and telecom disruptions overseas, the episode explains how these attacks cascade into blackouts, outages, failed payments and supply‑chain delays that hit Australian SMBs even when they’re not the direct target, and closes with a simple 30‑day resilience plan any smaller business can start today</p><p>References:</p><p>Main reports</p><ul><li><p>Australian Signals Directorate, <strong>Annual Cyber Threat Report 2024–25</strong>: https://www.cyber.gov.au/sites/default/files/2025-10/Annual%20Cyber%20Threat%20Report%202024-25.pdf</p></li><li><p>Australian Signals Directorate, <strong>Annual Cyber Threat Report 2024–25 fact sheet for critical infrastructure</strong>: https://www.cyber.gov.au/sites/default/files/2025-10/Annual%20Cyber%20Threat%20Report%202024-25%20factsheet%20for%20critical%20infrastructure.pdf</p></li><li><p>Australian Signals Directorate, <strong>Annual Cyber Threat Report 2024–25 fact sheet for businesses and organisations</strong>: https://www.cyber.gov.au/sites/default/files/2025-10/Annual%20Cyber%20Threat%20Report%202024-25%20factsheet%20for%20businesses%20and%20organisations.pdf</p></li><li><p>World Economic Forum, <strong>Global Cybersecurity Outlook 2026</strong>: https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2026.pdf</p></li><li><p>Australian Signals Directorate, <strong>Small business cyber security guide</strong>: https://www.cyber.gov.au/sites/default/files/2025-01/ACSC_Small_business_cyber_security_guide_January_2025.pdf</p></li></ul>
5 total episodes available
Deep-dive analytics for Rapid Response: Australian Cybersecurity Podcast
Frequently asked questions
Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.
- What is Rapid Response: Australian Cybersecurity Podcast?
- How often does this podcast release new episodes?
This podcast updates daily.
- Where can I listen to this podcast?
This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.
- Does this podcast accept guests?
No, this podcast does not typically feature guests.
Legal Disclaimer
Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.
All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.
We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.
While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.
By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.