ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Anthropic’s Mythos clampdown, April’s record Patch Tuesday and Nvidia’s Blackwell‑to‑Rubin GPU roadmap mark a turning point in cyber defence, exposing how deeply allied nations now rely on US‑controlled, agentic AI to detect and counter zero‑day threats.
Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
Microsoft’s March 2026 Patch Tuesday fixes 83 flaws, including three critical Office vulnerabilities exploitable through the Preview Pane that allow code execution without opening files, and a Copilot-linked Excel bug that could leak data. The ACSC urges immediate patching under the Essential Eight.
Cyber News Centre's cyber update for 11th March 2026: Microsoft has released its March 2026 security update, patching 83 vulnerabilities, including critical remote code execution flaws in Microsoft Office that can be triggered simply by previewing a malicious document.
Update: Microsoft's March 2026 Patch Tuesday addresses 83 vulnerabilities, with three critical flaws in Microsoft Office demanding immediate attention from Australian organisations. Two remote code execution (RCE) vulnerabilities, CVE-2026-26110 and CVE-2026-26113, can be exploited through the Preview Pane in Outlook and other applications. This means an attacker could execute arbitrary code on a target system without the user even opening the malicious Office file. A third critical flaw, CVE-2026-26144, is an information disclosure vulnerability in Microsoft Excel. This bug allows for a zero-click attack where the Copilot AI agent can be manipulated to exfiltrate sensitive data from a spreadsheet across the network.
The update also includes patches for two publicly disclosed zero-day vulnerabilities, a SQL Server elevation of privilege flaw (CVE-2026-21262) and a .NET denial-of-service bug (CVE-2026-26127), though Microsoft reports neither is being actively exploited.
The release is dominated by elevation of privilege flaws, which account for over half of the total patches, highlighting ongoing risks for post-compromise lateral movement within corporate networks. Organisations are urged to prioritise these patches to mitigate significant security risks.
Why it Matters: The critical Office vulnerabilities represent a significant threat to Australian businesses and government agencies, which rely heavily on Microsoft's productivity suite. The Preview Pane attack vector lowers the bar for successful exploitation, as it bypasses the common security advice of not opening attachments from unknown sources.
For organisations using Microsoft's AI-powered Copilot, the CVE-2026-26144 flaw introduces a novel, sophisticated data exfiltration risk that could lead to major data breaches. Given the Australian Cyber Security Centre's (ACSC) Essential Eight framework, which mandates timely patching, these updates are non-negotiable for maintaining a baseline of cyber resilience and compliance.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
Anthropic’s rapid push into enterprise AI and its $30B raise signal a new phase where autonomous systems drive both productivity and cyber risk. As AI executes tasks at machine speed, markets, governments and workers face a sharper question: who controls the systems now shaping outcomes.
Zero‑day bugs in high‑privilege edge and security tools are being weaponised faster than organisations can patch, compressing response windows for Asia–Pacific defenders and turning shared enterprise stacks into a regional blast radius for attack.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
