Sam Altman is preparing to launch an AI-powered web browser and warns of a looming fraud crisis from AI voice cloning. As OpenAI pushes into hardware and software, Altman is also urging banks to abandon outdated voiceprint authentication before it's exploited at scale.
Elon Musk's xAI is accelerating its reach through federal deals, kid-focused AI, and Tesla integration. A $200M Pentagon contract and Baby Grok's launch show his ambition to rival OpenAI, but questions remain over safety, government ties, and conflicting positions on public spending.
Altman and Musk are battling for control of AI’s future. With OpenAI scaling to one million GPUs and launching its own browser, and xAI securing Pentagon deals and embedding Grok in Teslas, this rivalry is not just about tech. It’s a fight over how AI will shape society and power.
Australian migration authority OMARA discloses accidental data breach affecting six registered agents. Meanwhile, Microsoft warns of critical SharePoint zero-day CVE-2025-53770 being actively exploited worldwide.
Cyber News Centre's cyber update for 21st July 2025: The Australian Office of the Migration Agents Registration Authority has disclosed an accidental data breach affecting six registered migration agents. Meanwhile, Microsoft has confirmed active exploitation of a critical SharePoint zero-day vulnerability, impacting organizations worldwide.
The Office of the Migration Agents Registration Authority (OMARA) is a regulatory body within Australia's Department of Home Affairs responsible for monitoring over 5,000 registered migration agents nationwide. The agency investigates complaints, provides professional development services, and protects consumers who rely on migration agent services across Australia's immigration system.
Update: OMARA disclosed on July 14, 2025, that a data breach occurred on May 5 and 6, 2025, when the agency's website search function incorrectly revealed internal documents to users. The breach affected six registered migration agents whose details became accessible through the OMARA Portal search feature. When users searched for a registered migration agent's name, certain internal documents became viewable and downloadable, including agent full names, migration agent registration numbers, related business contacts, and internal commentary collected by OMARA.
“The Office of the Migration Agents Registration Authority (OMARA) has been affected by a data breach concerning the OMARA Portal on the OMARA website,” an OMARA spokesperson said in a 14 July media release.
The portal was immediately shut down upon discovery, and departmental experts conducted an investigation confirming the breach was a small, isolated event not resulting from malicious or criminal attack. The matter has been reported to the Office of the Australian Information Commissioner under Privacy Act 1988 obligations, and all six affected individuals have been contacted and offered support.
Why it Matters: This incident highlights the vulnerability of government digital systems to configuration errors that can inadvertently expose sensitive regulatory information. While not a malicious attack, the breach demonstrates how technical oversights in search functionality can compromise personal and professional data of regulated individuals.
For Australia's migration sector, this incident underscores the importance of robust testing and security controls for government portals handling sensitive regulatory information. The two-month delay between discovery and public disclosure raises questions about notification timelines for government data breaches, particularly when they involve professional regulatory information that could impact individuals' livelihoods and reputations in the migration services industry.
Microsoft Corporation is a multinational technology company headquartered in Redmond, Washington, providing enterprise software solutions including SharePoint Server for document collaboration and content management. SharePoint Server is widely deployed across government agencies, corporations, and organizations globally for internal document sharing and workflow management.
Update: Microsoft has confirmed active exploitation of a critical zero-day vulnerability in SharePoint Server, tracked as CVE-2025-53770 with a maximum CVSS severity score of 9.8. The vulnerability, dubbed "ToolShell" by security researchers, allows unauthenticated remote code execution through deserialization of untrusted data in on-premises SharePoint installations. Active exploitation began on July 18, 2025, with more than 75 company servers already compromised across 29 organizations, including multinational firms and government entities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities catalog and issued urgent guidance for federal agencies.
Today, Microsoft released security patches, along with mitigation guidance for immediate protection. The vulnerability affects only on-premises SharePoint Server installations, while SharePoint Online in Microsoft 365 remains unaffected.
Why it Matters: This zero-day represents one of the most critical enterprise security threats of 2025, with the potential to compromise sensitive corporate and government data across thousands of organizations worldwide. The unauthenticated nature of the vulnerability means attackers can gain complete system access without any credentials, making it exceptionally dangerous for internet-facing SharePoint deployments.
The active exploitation by multiple threat actors creates an urgent security crisis for organizations relying on SharePoint for critical business operations. For enterprise security teams, this incident demonstrates the ongoing risks of complex enterprise software platforms and the need for robust network segmentation, monitoring, and incident response capabilities to detect and contain sophisticated attacks targeting collaboration infrastructure.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Australian IVF provider Genea confirms a cyberattack that exposed sensitive patient data on the dark web. Meanwhile, CISA and FBI issue a joint advisory on escalating Interlock ransomware attacks targeting virtual machines across North America and Europe.
Australian fashion brand Sabo exposes 3.5 million customer records in unprotected database. Meanwhile, Dell confirms breach of demonstration platform by World Leaks extortion group, affecting primarily synthetic data used for product demos.
Singapore is responding to a cyberattack by UNC3886, a China-linked espionage group targeting critical infrastructure. Minister K. Shanmugam confirmed the threat is serious and ongoing, as the CSA leads investigations to protect national services from long-term disruption.
United Australia Party confirms ransomware attack exposing all emails and documents. Cisco patches critical ISE vulnerability with maximum CVSS 10.0 severity allowing unauthenticated root access. Steadfast Companies reports data breach affecting 1,102 Texas residents.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
