AI is everywhere in Australian schools. Students are using AI-powered tools to support learning, teachers are leveraging AI to improve productivity and lesson planning, and school administrators are exploring new ways to simplify operations. But while AI holds a lot of promise, it also introduces new cybersecurity challenges. Australian schools increasingly find themselves balancing innovation with the need to protect students and staff.

For years, application security ran on a simple assumption: software moves through a lifecycle, and security inspects the artifacts as they travel from development to production. Developers plan, write code, commit it, test it, scan it, and ship it. Every control built, including pull request reviews, CI/CD gates, and post-commit scanning, assumed a human was sitting between each step, making decisions a tool could later check.

Scammers are increasingly targeting athletes with advanced social engineering attacks, the Guardian reports. The Guardian cites a recent report from Ernst & Young that found that athletes and teams have lost nearly $1 billion to fraud over the past twenty years, and more than 40% of these losses were reported in the past six years.

The pitch is familiar enough that most security leaders tune it out. It sounds like marketing language, just an updated way of saying “a better scanner.” This post is here to bust the myth behind that framing. Both scanners and autonomous pentesting agents look the same from the outside. Both crawl your application, both send payloads, and both produce findings. But they operate on completely different assumptions of what constitutes a vulnerability.

Scammers are taking advantage of the conflicts in the Middle East and Ukraine to exploit people’s emotions, according to researchers at ESET. “Geopolitical turmoil often leads to human misery, which tends to pull at the heartstrings,” ESET says. “Legitimate charities may solicit donations to help their efforts to support innocent citizens caught in the crossfire.

A critical, unauthenticated remote code execution vulnerability in Windows Netlogon (CVE-2026-41089, CVSS 9.8) lets a remote attacker run code as SYSTEM on a domain controller. Patch all domain controllers in the same maintenance window with the May 2026 security updates.

There is a huge amount of excitement right now about AI and security operations. Across the industry, we are seeing rapid innovation in areas such as behavioural analytics, AI-assisted investigation, and increasingly agent-based capabilities designed to help security teams process large volumes of activity more effectively. Security teams need that help. The scale of alerts, identities, and telemetry they must manage today has grown far beyond what humans alone can realistically handle.