ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Anthropic’s Mythos clampdown, April’s record Patch Tuesday and Nvidia’s Blackwell‑to‑Rubin GPU roadmap mark a turning point in cyber defence, exposing how deeply allied nations now rely on US‑controlled, agentic AI to detect and counter zero‑day threats.
Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
Singtel executives fronted a Senate inquiry, categorically denying explosive allegations that a secret ransom was paid to hackers following the massive 2022 Optus data breach that exposed personal information of 9.8 million Australians, amid ongoing inquiry into the telco's operational failures.
Cyber News Centre's cyber update for 13th March 2026: Optus's parent company, Singtel, has fronted a parliamentary inquiry, forcefully denying allegations that it paid a secret ransom to hackers following the catastrophic 2022 data breach.
Optus is Australia's second-largest telecommunications company, providing mobile, internet, and other services to over 11 million customers. It has been a wholly-owned subsidiary of Singaporean telecommunications giant Singtel since 2001.
Update: In a tense Senate committee hearing today, Singtel board directors Gail Kelly and John Arthur unequivocally denied claims that a ransom was paid to the criminals behind the 2022 Optus data breach. The explosive allegation, first reported by The Nightly, suggested senior Australian officials suspected a covert payment was made to prevent the release of 9.8 million customers' data.
The hacker, who initially demanded $1 million, mysteriously withdrew their threats and claimed to have deleted the data. Ms. Kelly told the inquiry,
"Singtel unequivocally, unambiguously says no, no ransom was paid, and similarly, no, no discussion was ever held (by the board) on such a matter."
The executives were appearing as part of a broader inquiry into the September 2025 triple-zero outage, another major operational failure for the telco. The 2022 breach itself stemmed from a simple but critical error: a publicly exposed, unauthenticated API that allowed attackers to scrape customer data unimpeded. The denial of a ransom payment leaves the hacker's sudden change of heart an unresolved mystery, with Ms. Kelly admitting, "We just don't know" why the attacker backed down.
Why it Matters: This public denial under parliamentary privilege puts Singtel's corporate integrity on the line. If evidence of a payment ever surfaced, the reputational and legal fallout would be immense, shattering trust with the Australian public and government.
The allegation itself, reportedly originating from within Australian intelligence circles, highlights a deep-seated mistrust between the government and the foreign-owned critical infrastructure provider. For Australian businesses, this saga is a stark reminder of the lose-lose nature of ransomware. Paying a ransom offers no guarantees and fuels the criminal ecosystem, yet refusing can lead to catastrophic data exposure. The unresolved mystery of the hacker's retreat does little to build confidence in Optus's ability to manage a crisis or be transparent with the public.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
Anthropic’s rapid push into enterprise AI and its $30B raise signal a new phase where autonomous systems drive both productivity and cyber risk. As AI executes tasks at machine speed, markets, governments and workers face a sharper question: who controls the systems now shaping outcomes.
Zero‑day bugs in high‑privilege edge and security tools are being weaponised faster than organisations can patch, compressing response windows for Asia–Pacific defenders and turning shared enterprise stacks into a regional blast radius for attack.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
