Anthropic is scrambling to contain fresh questions over its Mythos AI after online users reportedly accessed the ultra‑powerful model through previously mapped pathways, sharpening Pentagon supply chain concerns and spooking markets already on edge about AI‑driven cyber risk
According to Microsoft’s April 2026 Security Update Guide, the company fixed more than 160 vulnerabilities across Windows, Office and core services, including an actively exploited SharePoint zero‑day and a Defender privilege‑escalation flaw.
The largest DeFi exploit of 2026 has seen $293 million drained from Kelp DAO's LayerZero cross-chain bridge, triggering a $5.4 billion withdrawal panic across the broader ecosystem and exposing critical centralization flaws in modular security.
Australian car rental insurer Prosura has suffered a major data breach, exposing the personal and policy information of an estimated 300,000 customers. Attackers are now selling the stolen data identity data on a public forum after the company reportedly failed to meet their demands.
Cyber News Centre's cyber update for 14th January 2026: Prosura Pty Ltd has confirmed a significant data breach after an unauthorised third party compromised its internal IT systems, with sensitive customer data now being actively sold by the attackers.
Prosura is an Australian financial services company that provides rental vehicle excess insurance, operating in Australia and New Zealand. Trading also as Hiccup, the company partners with the car rental comparison website VroomVroomVroom and its products are issued by Pacific International Insurance.
Update: Australian car rental insurer Prosura confirmed it detected unauthorised access to its systems on January 3rd, 2026. The attackers exfiltrated a significant volume of customer data and subsequently contacted customers directly with fraudulent emails. Following the initial breach, the threat actors have now posted the stolen data for sale on a well-known data leak forum, claiming to possess 98 million lines of records. Security researchers estimate this corresponds to the personal information of around 300,000 individuals.
The compromised data includes names, contact details, policy information, travel destinations, and, for customers who have filed claims, driver's licenses and related images. Prosura has stated that it does not store credit card details and that payment information was not accessed.
The company has taken its policy purchase and claims management portals offline, notified the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC), and is working with external cybersecurity experts to manage the incident. Active policies remain valid, but the operational shutdown and public data leak represent a major security failure for the insurer and its partners.
Why it Matters: The Prosura breach is another significant blow to the security of Australian consumer data, following major incidents at Optus and Qantas. The direct contact by attackers with customers and the subsequent public sale of sensitive data, including identity documents, create a substantial risk of widespread identity theft, sophisticated phishing campaigns, and financial fraud for the 300,000 affected individuals.
This incident underscores the persistent vulnerability of supply chains, as Prosura is a key partner for VroomVroomVroom, and highlights the severe reputational and operational damage inflicted by such attacks, forcing a complete shutdown of key customer-facing systems.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
According to Microsoft’s April 2026 Security Update Guide, the company fixed more than 160 vulnerabilities across Windows, Office and core services, including an actively exploited SharePoint zero‑day and a Defender privilege‑escalation flaw.
The largest DeFi exploit of 2026 has seen $293 million drained from Kelp DAO's LayerZero cross-chain bridge, triggering a $5.4 billion withdrawal panic across the broader ecosystem and exposing critical centralization flaws in modular security.
ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
