Red Piranha

03/06/2026

A great first day at EDUtech AU!

Today, George Boulis and Stephanie Howes from Red Piranha joined education leaders, IT professionals, and industry experts for a day of insightful discussions on the future of education, technology, and cybersecurity.

One theme stood out across many conversations: schools are facing growing pressure to balance innovation with increasingly complex cybersecurity and compliance requirements. From protecting sensitive student data to meeting evolving regulatory obligations, educational institutions are navigating a rapidly changing threat landscape.

It was encouraging to hear how schools are embracing new technologies while continuing to prioritise resilience, security, and student outcomes.

We're looking forward to another day of valuable conversations and fresh perspectives tomorrow.

If you're attending EDUtech AU, be sure to connect with our team to discuss how schools can strengthen cyber resilience, simplify compliance, and improve visibility across their environments.

01/06/2026

The compliance burden on Australian schools has never been greater.

Australian schools recorded 44 notifiable data breaches in the first half of 2024 alone. Behind that number is something most IT managers already know. The compliance environment has become genuinely overwhelming for teams already stretched beyond capacity.

The obligations are specific, and they are mounting.

At the federal level, Australia's Cyber Security Act 2024 now requires ransomware payments to be reported to the Australian Signals Directorate within 72 hours. Miss that window and penalties of up to $99,000 apply.

In New South Wales, the NSW Cyber Security Policy requires a full compliance report covering 31 Mandatory Requirements by 31 October each year. In Victoria, all government schools must complete annual VPDSS attestation reporting to the Office of the Victorian Information Commissioner, with full rollout mandated by 2028. In Queensland, mandatory breach notification requirements for public sector agencies take full effect in July 2026.

Catholic education networks carry additional obligations on top of all of this. The South Australian Commission for Catholic Schools mandates a risk-based cyber security approach across all Catholic schools and Education Offices, with specific requirements around access controls, data integrity and ongoing compliance. Dioceses across the country are navigating similar policy instruments at the same time.

The integration problem makes it worse.

Schools now depend on cloud platforms, student management systems, assessment tools and outsourced IT services, and every additional supplier introduces another potential entry point for attackers. The result is threat data in one tool, compliance evidence in another, and no coherent picture across the environment. When things do go wrong, recovery costs average $2.28 million per incident, the highest of any sector.

Come and talk to us at

Red Piranha is an Australian-owned cybersecurity company based in Perth with offices in most states. Our Crystal Eye XDR platform and 24 x 7 SOC (Security Operations Centre) managed security service bring threat detection, endpoint visibility and compliance reporting together in one place, so your team is not rebuilding evidence from scratch every reporting cycle.

We are here to sit down with the people dealing with these challenges every day. Book a one-on-one consultation and walk away with a clear picture of where you stand and what to do next.

📅 Book your meeting here: [email protected]/e834b6531dc743f7ac826455c3b3954e4039689228767356462/calendar.html" rel="ugc" target="_blank">https://outlook.office365.com/owa/calendar/[email protected]/e834b6531dc743f7ac826455c3b3954e4039689228767356462/calendar.html

29/05/2026

Strong governance and ethical decision-making are critical controls in today’s defence environment.

Red Piranha’s Dayna Bennett joined the Women in Defence Association (WiDA) WA community last Monday for a focused evening of networking ahead of IODS.

Keynote insights were delivered by Kirsten Trott who drew on global experience to address:

✅ Whistleblowing frameworks that reduce organisational risk
✅ Ethical decision-making in high-stakes environments
✅ Integrity-by-design through culture and tech

Thank you to WiDA WA for hosting an insightful and well-supported event ahead.

28/05/2026

IODS 2026 wrapped up today in Perth after three days of meaningful discussions, collaboration, and innovation across the defence and technology sectors.

As these leaders drive impact across energy, security, and AI, Red Piranha is proud to provide the defensive shield. Our CEO, Adam Bennett, and the team showcased Crystal Eye 6.0, our Next-Generation Consolidated Security Platform, proudly designed, built, and sustained here in WA.

Missed us during the final sessions today?

👋 Our team is available for the next steps. Connect for follow‑ups or to book a demo.

27/05/2026

IODS 2026 is a movement toward a more secure Australia.

Yesterday, we joined industry leaders in Perth to discuss the future of defence and cyber security. Today, we are back to showcase Crystal Eye 6.0, the Australian Made platform that is helping Team Defence Australia stay ahead of emerging threats.

What we are bringing to the table:
✓ Sovereign capability - full Australian control
✓ Defence-grade performance - built for national security
✓ Collaborative innovation - designed with input from Australia’s top defence and security experts

► Connect with our team: Adam, Dayna, Anthony and Zayd are here to share how Crystal Eye 6.0 can strengthen your organisation’s resilience in an era of rising cyber risk.

Strong defences start with strong partnerships. Let us build them together: redpiranha.net

26/05/2026

BAVACAI is a ransomware variant in the MedusaLocker ransomware family, identified after analysing the malware sample submitted to a malware analysis platform. It was confirmed as part of this family by five independent antivirus vendors.

BAVACAI encrypts files on the victim's systems, exfiltrates data from the network, and then demands a ransom in exchange for decryption and to prevent publication of the stolen data. The ransom note states that exfiltrated data will be published within 72 hours unless the victim makes contact.

In this report, we discuss a new cyber threat, HookedWing. This week’s ransomware in focus is BAVACAI Ransomware.

25/05/2026

Detection without response is noise.

If your team can’t answer:
➡️What happened?
➡️What’s impacted?
➡️What’s next?

You don’t have visibility - you have exposure.

A vCISO aligns your detection, investigation, and response into a single operational capability. Learn more: https://bit.ly/3Rqd2KF

21/05/2026

This , we’re proud to celebrate the innovation, expertise, and sovereign capability being built right here in Australia. 💚💛

At Red Piranha, we believe strong starts with sovereign capability - locally developed solutions designed to protect Australian organisations, critical infrastructure, defence, education, and enterprises against evolving cyber threats.

From advanced threat intelligence and 24/7 managed security operations to the continued evolution of, we’re committed to delivering world-class cybersecurity engineered in Australia for a global threat landscape.

Supporting technology means investing in local innovation, stronger supply chains, and a more resilient digital future.

Australian Made Campaign |

21/05/2026

Cybersecurity isn’t just about tools - it’s about continuous monitoring, rapid response, and expert oversight.

Red Piranha offers 24/7 protection backed by defence-aligned expertise and over 10 years of experience securing Australian businesses.

Know what’s happening. Respond faster. Stay protected.

Want to know more? Get in touch with our team: https://bit.ly/44mHBoO

20/05/2026

BravoX is a Ransomware-as-a-Service (RaaS) operation that surfaced publicly on 23 January 2026 after a Tor-based Data Leak Site (DLS) address was published on the RAMP underground cybercriminal forum.

The threat actor behind BravoX registered on RAMP in September 2025 but stayed dormant before its public emergence. This gap between forum registration and public announcement is consistent with preparatory infrastructure build-out observed in other Russian-speaking RaaS operations. Read more: https://redpiranha.net/news/threat-intelligence-report-may-12-may-18-2026

In this report, we discuss a new cyber threat, Sainbox RAT. This week’s ransomware in focus is BravoX Ransomware.