Ayar Labs has secured $500 million in a Series E round to scale its co-packaged optics technology. Backed by NVIDIA and AMD, the company is replacing traditional copper interconnects with light-based data transmission to solve the growing power and bandwidth crisis in AI data centres.
Global legal intelligence giant LexisNexis has confirmed a significant cloud data breach after hackers exploited a vulnerable application, exfiltrating 2GB of data. The incident exposed details on enterprise clients, including law firms and government agencies, raising serious supply chain concerns.
Tehran-linked hackers are turning a distant war into a live resilience test for Australia, probing Five Eyes networks as local banks quietly move to high alert while hybrid warfare becomes a “when, not if” cyber disruption scenario.
Microsoft has issued an emergency patch for a critical zero-day vulnerability (CVE-2026-20805) in its Windows operating system that is being actively exploited by attackers. The flaw affects all supported versions of Windows.
Cyber News Centre's cyber update for 19 January 2026: Microsoft has released an urgent security patch to address a zero-day vulnerability in its Windows operating system that is under active attack.
Update: Microsoft has confirmed that a zero-day vulnerability in its Windows operating system, tracked as CVE-2026-20805, is being actively exploited in the wild. The flaw, an information disclosure vulnerability in the Desktop Window Manager (DWM), was patched on January 13 as part of the company's monthly Patch Tuesday release, which addressed a total of 114 security holes. The vulnerability allows an attacker to bypass a fundamental security control known as Address Space Layout Randomisation (ASLR), which is designed to prevent memory-corruption exploits.
By defeating ASLR, an attacker can more reliably execute malicious code on a target system. The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server editions, making it a widespread threat. While Microsoft has given the flaw a middling CVSS score of 5.5 and an "Important" severity rating, security researchers are urging organisations to treat it with higher urgency due to the active exploitation. The company has not disclosed how the vulnerability is being used in attacks but has attributed its discovery to its own internal security teams, the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).
Why it Matters: The active exploitation of CVE-2026-20805 poses a direct and immediate threat to countless organisations. Given the near-universal adoption of Windows in business and government, the vulnerability exposes a massive attack surface, from small businesses to critical infrastructure operators. While the flaw itself only allows for information disclosure, its true danger lies in its ability to be chained with other vulnerabilities to achieve full system compromise. Attackers can use this zero-day as a reliable first step to disable key protections before launching more destructive code execution attacks.
The fact that it is already being used "in the wild" means this is not a theoretical risk; it is a clear and present danger. The only effective defense is to apply the security updates released by Microsoft immediately. Any delay leaves systems open to attackers who are already leveraging this weakness to bypass core Windows security features and launch more complex, damaging intrusions. The incident underscores the persistent threat of zero-day attacks and the critical importance of rapid, enterprise-wide patch management.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Global legal intelligence giant LexisNexis has confirmed a significant cloud data breach after hackers exploited a vulnerable application, exfiltrating 2GB of data. The incident exposed details on enterprise clients, including law firms and government agencies, raising serious supply chain concerns.
Tehran-linked hackers are turning a distant war into a live resilience test for Australia, probing Five Eyes networks as local banks quietly move to high alert while hybrid warfare becomes a “when, not if” cyber disruption scenario.
Five Eyes nations, led by Australia's ASD, have issued an urgent warning for a critical zero-day (CVE-2026-20127) in Cisco's SD-WAN products. The flaw, actively exploited since 2023 by a sophisticated actor, allows for complete network takeover and impacts critical infrastructure globally.
Canadian transcription firm VIQ Solutions has admitted to a significant data breach after subcontracting work to an Indian firm, e24 Technologies, exposing highly sensitive Australian federal and state court files. The incident, raises major national security concerns
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
