Australia’s A$25bn AI wager, Bezos’s leap into “physical AI” and Musk’s push to shift data centres into orbit turned this week into a defining moment in the AI global industrial contest, with the Global South emerging as both proving ground and prize in the new AI steel age.
Vercel confirms a security incident after a compromised third-party AI tool's OAuth token allowed attackers to pivot into internal systems, exposing environment variables and API keys across its platform.
Anthropic is scrambling to contain fresh questions over its Mythos AI after online users reportedly accessed the ultra‑powerful model through previously mapped pathways, sharpening Pentagon supply chain concerns and spooking markets already on edge about AI‑driven cyber risk
Microsoft’s March 2026 Patch Tuesday fixes 83 flaws, including three critical Office vulnerabilities exploitable through the Preview Pane that allow code execution without opening files, and a Copilot-linked Excel bug that could leak data. The ACSC urges immediate patching under the Essential Eight.
Cyber News Centre's cyber update for 11th March 2026: Microsoft has released its March 2026 security update, patching 83 vulnerabilities, including critical remote code execution flaws in Microsoft Office that can be triggered simply by previewing a malicious document.
Update: Microsoft's March 2026 Patch Tuesday addresses 83 vulnerabilities, with three critical flaws in Microsoft Office demanding immediate attention from Australian organisations. Two remote code execution (RCE) vulnerabilities, CVE-2026-26110 and CVE-2026-26113, can be exploited through the Preview Pane in Outlook and other applications. This means an attacker could execute arbitrary code on a target system without the user even opening the malicious Office file. A third critical flaw, CVE-2026-26144, is an information disclosure vulnerability in Microsoft Excel. This bug allows for a zero-click attack where the Copilot AI agent can be manipulated to exfiltrate sensitive data from a spreadsheet across the network.
The update also includes patches for two publicly disclosed zero-day vulnerabilities, a SQL Server elevation of privilege flaw (CVE-2026-21262) and a .NET denial-of-service bug (CVE-2026-26127), though Microsoft reports neither is being actively exploited.
The release is dominated by elevation of privilege flaws, which account for over half of the total patches, highlighting ongoing risks for post-compromise lateral movement within corporate networks. Organisations are urged to prioritise these patches to mitigate significant security risks.
Why it Matters: The critical Office vulnerabilities represent a significant threat to Australian businesses and government agencies, which rely heavily on Microsoft's productivity suite. The Preview Pane attack vector lowers the bar for successful exploitation, as it bypasses the common security advice of not opening attachments from unknown sources.
For organisations using Microsoft's AI-powered Copilot, the CVE-2026-26144 flaw introduces a novel, sophisticated data exfiltration risk that could lead to major data breaches. Given the Australian Cyber Security Centre's (ACSC) Essential Eight framework, which mandates timely patching, these updates are non-negotiable for maintaining a baseline of cyber resilience and compliance.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Australia’s A$25bn AI wager, Bezos’s leap into “physical AI” and Musk’s push to shift data centres into orbit turned this week into a defining moment in the AI global industrial contest, with the Global South emerging as both proving ground and prize in the new AI steel age.
Vercel confirms a security incident after a compromised third-party AI tool's OAuth token allowed attackers to pivot into internal systems, exposing environment variables and API keys across its platform.
According to Microsoft’s April 2026 Security Update Guide, the company fixed more than 160 vulnerabilities across Windows, Office and core services, including an actively exploited SharePoint zero‑day and a Defender privilege‑escalation flaw.
The largest DeFi exploit of 2026 has seen $293 million drained from Kelp DAO's LayerZero cross-chain bridge, triggering a $5.4 billion withdrawal panic across the broader ecosystem and exposing critical centralization flaws in modular security.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
