A Western Australian government audit has exposed critical Microsoft 365 security failures across seven state entities, leading to a data breach that leaked information on minors and a separate business email compromise incident resulting in the theft of $71,000 through fraudulent invoices.
Google's March 2026 Android update patches a critical zero-day (CVE-2026-21385) in Qualcomm chips used in hundreds of millions of devices. The flaw, under active exploitation, allows privilege escalation and system compromise, posing a significant risk to users.
Ayar Labs has secured $500 million in a Series E round to scale its co-packaged optics technology. Backed by NVIDIA and AMD, the company is replacing traditional copper interconnects with light-based data transmission to solve the growing power and bandwidth crisis in AI data centres.
A newly disclosed vulnerability in Schneider Electric's Foxboro DCS, a widely used industrial control system, could allow attackers to disrupt critical infrastructure operations. The flaw, originally from Intel, affects energy and manufacturing sectors worldwide, including Australia.
Cyber News Centre's cyber update for 21st January 2026: Schneider Electric has confirmed a significant vulnerability in its EcoStruxure Foxboro Distributed Control System (DCS), a platform used to manage industrial processes in critical infrastructure sectors across Australia and worldwide.
Schneider Electric is a global leader in energy management and automation, providing solutions for a wide range of industries, including energy, manufacturing, and infrastructure. The French multinational's technology is deeply embedded in Australia's critical infrastructure, managing everything from power grids to manufacturing plants.
Update: The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory for a medium-severity vulnerability (CVSS 6.5) in Schneider Electric's EcoStruxure Foxboro DCS. The flaw, identified as CVE-2018-12130, originates from an Intel processor vulnerability known as Microarchitectural Fill Buffer Data Sampling (MFBDS). It allows an authenticated user with local access to perform a side-channel attack, potentially leading to information disclosure, loss of system functionality, or unauthorised access.
The vulnerability affects Foxboro DCS Virtualisation Servers and Standard Workstations running on specific Intel Xeon processors. Schneider Electric has released an official security notification (SEVD-2025-343-01) and is urging affected customers to apply mitigations. The advisory highlights the risk to commercial facilities, critical manufacturing, and the energy sector. This disclosure comes amid a documented surge in cyberattacks targeting industrial control systems (ICS) and operational technology (OT) globally, with hacktivist groups increasingly focused on disrupting critical infrastructure.
The vulnerability's republication by CISA on January 20, 2026, underscores its current relevance and the ongoing risk to industrial operators who have not yet applied the necessary patches or workarounds.
Why it Matters: This vulnerability is significant for Australia because the Foxboro DCS is a foundational component in the nation's energy and manufacturing sectors. A successful exploit could move beyond simple data theft, leading to the disruption of essential services like power generation or manufacturing processes.
The requirement of local access mitigates the risk of remote, internet-based attacks, but it does not eliminate the threat from insiders or attackers who have already gained a foothold in the operational network. As industrial systems become more interconnected, the line between digital and physical risk blurs. This incident serves as a critical reminder that vulnerabilities in the industrial supply chain, even those originating from a processor-level flaw, have direct implications for national security and the stability of critical infrastructure.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A Western Australian government audit has exposed critical Microsoft 365 security failures across seven state entities, leading to a data breach that leaked information on minors and a separate business email compromise incident resulting in the theft of $71,000 through fraudulent invoices.
Google's March 2026 Android update patches a critical zero-day (CVE-2026-21385) in Qualcomm chips used in hundreds of millions of devices. The flaw, under active exploitation, allows privilege escalation and system compromise, posing a significant risk to users.
Global legal intelligence giant LexisNexis has confirmed a significant cloud data breach after hackers exploited a vulnerable application, exfiltrating 2GB of data. The incident exposed details on enterprise clients, including law firms and government agencies, raising serious supply chain concerns.
Tehran-linked hackers are turning a distant war into a live resilience test for Australia, probing Five Eyes networks as local banks quietly move to high alert while hybrid warfare becomes a “when, not if” cyber disruption scenario.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
