Tech Talks With Kinsoft
di Steven Kinnas
Last Week in Tech – Big Tech's "We'll Build It For You" Land Grab, a Cheaper Claude, and a CitrixBleed Sequel
Your Monday catch-up on the week that was in tech, with a security lens. This week: the AI giants pivot from selling software to selling people - Microsoft stands up a 2.5-billion-dollar "Frontier Company" to embed its own engineers inside your business, just two days after Amazon committed a billion to the same idea. Anthropic ships Claude Sonnet 5, a cheaper model built to run autonomous agents. Money keeps pouring into the AI plumbing, with Together AI raising 800 million and Meta reportedly building a cloud business of its own. And on the security desk: a CitrixBleed-style flaw in NetScaler is exploited within a day of its patch, researchers document the first ransomware run end-to-end by an AI agent, and a 19-year-old alleged member of Scattered Spider is extradited to the US. Trying to work out what all this means for your own tech stack and your patch queue? Visit www.kinsoft.com.au to talk through your security and IT needs. Sources: CNBC; TechCrunch; GeekWire; Anthropic; Bloomberg; Business Wire; SecurityWeek; The Hacker News; BleepingComputer; Sysdig; watchTowr; US Department of Justice.Nissan – ShinyHunters Turn an Oracle Zero-Day into a Payroll Nightmare
The Oracle PeopleSoft campaign we've been tracking just claimed a big-name victim. Nissan has disclosed that employee data across the Americas — potentially including bank details, Social Security and national ID numbers — was stolen when the extortion crew ShinyHunters exploited a critical PeopleSoft zero-day. We break down CVE-2026-35273, the two-week window when attackers were inside before a patch even existed, why HR and ERP systems are crown-jewel targets, and the smart, concrete fraud controls Nissan put in place afterwards. Do you know what's exposed on your internet-facing enterprise apps? Visit www.kinsoft.com.au to talk through your security and IT needs. Sources: BleepingComputer; The Register; The Hacker News; Google/Mandiant.Mackay Sugar – "The Gentlemen" Ransomware Halts Australia's Sugar Heartland
An Australian ransomware story you can taste. Mackay Sugar — the country's second-largest raw sugar producer — was hit by the ransomware crew "The Gentlemen" right at the start of the North Queensland crushing season, forcing shutdowns at two of its three mills and leaving 1,300-plus cane-farming families with nowhere to send their harvest. We unpack how an attack on IT systems becomes a physical, region-wide supply-chain problem, why critical infrastructure and agriculture are increasingly in the crosshairs, and what "operational technology" risk really means for Aussie businesses. Worried a cyber incident could stop your operations, not just leak your data? Visit www.kinsoft.com.au to talk through your security and IT needs. Sources: SecurityWeek; Cyber Daily; The Record; Mackay Sugar incident updates.Generation Life – A Third-Party Breach Reaches the Financial Sector
Australian life-investment firm Generation Life has confirmed that some customers' personal information was caught up in a cyber attack it first disclosed back in April — an incident that came in through an external service provider and was later claimed by the Qilin ransomware group. We follow the long tail of a breach: how an April intrusion, a May leak-site listing and a late-June confirmation all belong to the same story, why third-party access is the recurring weak point, and what multi-regulator notification looks like for an APRA-regulated business. Do you know exactly what your service providers can reach? Visit www.kinsoft.com.au to talk through your security and IT needs. Sources: Cyber Daily; Insurance Business Australia; Money Management.Last Week in Tech – Anthropic vs Alibaba, OpenAI's Own Chip, and an Emergency Cisco Patch
Your Monday catch-up, with a security lens. This week: Anthropic takes an extraordinary allegation to US lawmakers, accusing Alibaba's Qwen team of the largest-ever "distillation attack" on Claude. OpenAI and Broadcom unveil "Jalapeño," OpenAI's first custom AI chip. Qualcomm spends nearly $4 billion buying Modular to chip away at Nvidia's CUDA lock-in. And CISA orders an emergency patch of an actively-exploited flaw in Cisco's phone-system software. Wondering whether that Cisco flaw affects you? Visit www.kinsoft.com.au to talk through your security and IT needs. Sources: CNBC; OpenAI; Bloomberg; CISA; BleepingComputer; The Hacker News; Help Net Security.KDDI – One Flaw, Six ISPs, 14 Million Exposed Mailboxes
A single vulnerability in one shared platform cascaded across six Japanese internet providers, exposing up to 14.2 million email accounts. Telecoms giant KDDI has confirmed a breach of a shared email system used by KDDI, JCOM, NIFTY, BIGLOBE and others — an intrusion via a flaw in third-party software. We look at "shared-infrastructure blast radius": how concentration risk turns one weakness into millions of victims, why exposed email logins are gold for credential-stuffing, and the transparency questions KDDI has left unanswered. Do you know how many of your services depend on one shared platform? Visit www.kinsoft.com.au to talk through your security and IT needs. Sources: BleepingComputer; SecurityAffairs; The Japan Times.NSW Rural Fire Service – Nova Ransomware Hits an Emergency Service
The NSW Rural Fire Service — the world's largest volunteer fire service — has confirmed a cyber security incident, reported as Australia's first confirmed ransomware attack on a government agency in 2026. The entry point? A single compromised account and the remote-access system behind it. The ransomware crew "Nova" claims to have stolen 300 gigabytes of data — a figure the RFS has not confirmed. We dig into the compromised-account-plus-remote-access playbook, and the very real gap between what an attacker claims and what a victim can verify. Is your remote access as locked down as you think? Visit www.kinsoft.com.au to talk through your security and IT needs. Sources: Cyber Daily; Comparitech; ACS Information Age.Last Week in Tech – SpaceX Buys Cursor for $60B, Washington Pulls Anthropic's Top Models, and the Klue Breach Spreads
Your Monday catch-up, with a security lens. This week: SpaceX makes the largest startup acquisition in history, buying AI-coding company Cursor for around $60 billion in stock — days after its own IPO. Washington uses export-control powers to force Anthropic to pull its most powerful models on national-security grounds. The Klue OAuth breach we flagged a fortnight ago balloons to nearly 200 companies, including a who's-who of security vendors. And world leaders sit down with AI's biggest names at the G7, as SoftBank pledges €45 billion for French data centres. Trying to work out what all this AI consolidation means for your own tech stack? Visit www.kinsoft.com.au to talk through your security and IT needs. Sources: CNBC; TechCrunch; Fortune; SecurityWeek; BleepingComputer; Global Banking & Finance.Texas Parks & Wildlife – 3 Million Licences Exposed in a Vendor Breach
A clean, cautionary supply-chain story from the US. The Texas Parks and Wildlife Department disclosed that attackers breached the third-party vendor processing its hunting and fishing licences, exposing personal data — including driver's-licence and passport numbers — for more than three million people. No ransomware, no dramatic leak site; just a quiet vendor compromise leaking exactly the kind of identity documents you can't change. We dig into why government-via-vendor breaches keep happening, and why passport and licence numbers are the data attackers now want most. Do you know what your third-party vendors can see? Visit www.kinsoft.com.au to talk through your security and IT needs. Sources: SecurityWeek; KXAN.Mackay Sugar – "The Gentlemen" Ransomware Halts Australia's Sugar Heartland
An Australian ransomware story you can taste. Mackay Sugar — the country's second-largest raw sugar producer — was hit by the ransomware crew "The Gentlemen" right at the start of the North Queensland crushing season, forcing shutdowns at two of its three mills and leaving 1,300-plus cane-farming families with nowhere to send their harvest. We unpack how an attack on IT systems becomes a physical, region-wide supply-chain problem, why critical infrastructure and agriculture are increasingly in the crosshairs, and what "operational technology" risk really means for Aussie businesses. Worried a cyber incident could stop your operations, not just leak your data? Visit www.kinsoft.com.au to talk through your security and IT needs. Sources: SecurityWeek; Cyber Daily; The Record; Mackay Sugar incident updates.