Anthropic’s Fable 5 briefly gave Australia a rare look at Mythos-class cyber AI in action. Then US export controls shut access down, raising a harder question: if the model is too dangerous to leave America, are allies left safer, or simply more exposed?
Tenet Security says a fake Sentry error can push AI coding agents into running attacker controlled code, putting developer trust under fresh scrutiny.
On Friday, Elon Musk priced the largest float in history. SpaceX listed on the Nasdaq at about $1.8 trillion, minting the world's first trillionaire and fusing the space economy with the AI trade. Inside one lifetime, compute and capital have become statecraft. The sky just became an asset class.
Microsoft’s March 2026 Patch Tuesday fixes 83 flaws, including three critical Office vulnerabilities exploitable through the Preview Pane that allow code execution without opening files, and a Copilot-linked Excel bug that could leak data. The ACSC urges immediate patching under the Essential Eight.
Cyber News Centre's cyber update for 11th March 2026: Microsoft has released its March 2026 security update, patching 83 vulnerabilities, including critical remote code execution flaws in Microsoft Office that can be triggered simply by previewing a malicious document.
Update: Microsoft's March 2026 Patch Tuesday addresses 83 vulnerabilities, with three critical flaws in Microsoft Office demanding immediate attention from Australian organisations. Two remote code execution (RCE) vulnerabilities, CVE-2026-26110 and CVE-2026-26113, can be exploited through the Preview Pane in Outlook and other applications. This means an attacker could execute arbitrary code on a target system without the user even opening the malicious Office file. A third critical flaw, CVE-2026-26144, is an information disclosure vulnerability in Microsoft Excel. This bug allows for a zero-click attack where the Copilot AI agent can be manipulated to exfiltrate sensitive data from a spreadsheet across the network.
The update also includes patches for two publicly disclosed zero-day vulnerabilities, a SQL Server elevation of privilege flaw (CVE-2026-21262) and a .NET denial-of-service bug (CVE-2026-26127), though Microsoft reports neither is being actively exploited.
The release is dominated by elevation of privilege flaws, which account for over half of the total patches, highlighting ongoing risks for post-compromise lateral movement within corporate networks. Organisations are urged to prioritise these patches to mitigate significant security risks.
Why it Matters: The critical Office vulnerabilities represent a significant threat to Australian businesses and government agencies, which rely heavily on Microsoft's productivity suite. The Preview Pane attack vector lowers the bar for successful exploitation, as it bypasses the common security advice of not opening attachments from unknown sources.
For organisations using Microsoft's AI-powered Copilot, the CVE-2026-26144 flaw introduces a novel, sophisticated data exfiltration risk that could lead to major data breaches. Given the Australian Cyber Security Centre's (ACSC) Essential Eight framework, which mandates timely patching, these updates are non-negotiable for maintaining a baseline of cyber resilience and compliance.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Tenet Security says a fake Sentry error can push AI coding agents into running attacker controlled code, putting developer trust under fresh scrutiny.
Cyera’s reported $300 million raise at a $12 billion valuation shows how quickly enterprise data security is being repriced as AI adoption accelerates. The figures should be framed carefully, because Cyera has disputed the reported numbers.
CISA has added an actively exploited LiteSpeed cPanel Plugin flaw to its KEV catalogue, with hosting providers urged to patch or remove the vulnerable user-end plugin.
CISA’s latest KEV update mixes new Microsoft Defender flaws with legacy Windows and Adobe bugs, showing why exploited risk often sits in forgotten systems.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
