The AI race in 2026 has shifted from "who has the smartest model" to "who can afford the power and capital to run them at scale." When Google issues century bonds and Musk eyes orbital data centres, the $700 billion question is whether anyone can sustain this pace.
The $700 Billion Reckoning: Why Tech Titans Are Betting the Future on AI—And Borrowing Like Sovereigns to Do It
Dutch telecom Odido confirms major cyberattack breached 6.2 million customers' personal data including names, addresses, bank account numbers details sparking serious identity theft concerns across the Netherlands
Microsoft has issued an emergency patch for a critical zero-day vulnerability (CVE-2026-20805) in its Windows operating system that is being actively exploited by attackers. The flaw affects all supported versions of Windows.
Cyber News Centre's cyber update for 19 January 2026: Microsoft has released an urgent security patch to address a zero-day vulnerability in its Windows operating system that is under active attack.
Update: Microsoft has confirmed that a zero-day vulnerability in its Windows operating system, tracked as CVE-2026-20805, is being actively exploited in the wild. The flaw, an information disclosure vulnerability in the Desktop Window Manager (DWM), was patched on January 13 as part of the company's monthly Patch Tuesday release, which addressed a total of 114 security holes. The vulnerability allows an attacker to bypass a fundamental security control known as Address Space Layout Randomisation (ASLR), which is designed to prevent memory-corruption exploits.
By defeating ASLR, an attacker can more reliably execute malicious code on a target system. The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server editions, making it a widespread threat. While Microsoft has given the flaw a middling CVSS score of 5.5 and an "Important" severity rating, security researchers are urging organisations to treat it with higher urgency due to the active exploitation. The company has not disclosed how the vulnerability is being used in attacks but has attributed its discovery to its own internal security teams, the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).
Why it Matters: The active exploitation of CVE-2026-20805 poses a direct and immediate threat to countless organisations. Given the near-universal adoption of Windows in business and government, the vulnerability exposes a massive attack surface, from small businesses to critical infrastructure operators. While the flaw itself only allows for information disclosure, its true danger lies in its ability to be chained with other vulnerabilities to achieve full system compromise. Attackers can use this zero-day as a reliable first step to disable key protections before launching more destructive code execution attacks.
The fact that it is already being used "in the wild" means this is not a theoretical risk; it is a clear and present danger. The only effective defense is to apply the security updates released by Microsoft immediately. Any delay leaves systems open to attackers who are already leveraging this weakness to bypass core Windows security features and launch more complex, damaging intrusions. The incident underscores the persistent threat of zero-day attacks and the critical importance of rapid, enterprise-wide patch management.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Dutch telecom Odido confirms major cyberattack breached 6.2 million customers' personal data including names, addresses, bank account numbers details sparking serious identity theft concerns across the Netherlands
Australian firm FIIG Securities has been ordered to pay a $2.5 million penalty by the Federal Court following ASIC action over significant cybersecurity failures that led to a major data breach in 2023. The landmark case sets a new precedent for cyber resilience obligations for AFS licensees.
Victoria's largest not-for-profit private hospital group, Epworth HealthCare, has been targeted by a fake ransomware group known as 0APT. The group claims to have stolen 920GB of patient data, but evidence suggests it is a bluff designed to extort money through psychological warfare.
A critical 9.8‑rated flaw (CVE-2025-40551) in SolarWinds Web Help Desk is under active exploitation, letting unauthenticated attackers execute remote code and prompting urgent patch orders for government and enterprise users worldwide.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
