The Iran Israel confrontation is expanding into cyberspace. A cyberattack linked to pro Iran hackers disrupted medical technology giant Stryker, highlighting how geopolitical conflict can now spill directly into hospitals, businesses and supply chains across the connected global economy.
Singtel executives fronted a Senate inquiry, categorically denying explosive allegations that a secret ransom was paid to hackers following the massive 2022 Optus data breach that exposed personal information of 9.8 million Australians, amid ongoing inquiry into the telco's operational failures.
Joint advisory by Australian, New Zealand, and Tongan cyber authorities warns of rising INC Ransom attacks on critical infrastructure. The RaaS group has breached 11 Australian organisations, mainly in healthcare and professional services.
Microsoft has issued an emergency patch for a high-severity zero-day vulnerability (CVE-2026-21509) in Microsoft Office. The flaw, which bypasses key security features, is being actively exploited in targeted attacks, posing a significant risk to organizations globally, including in Australia.
Cyber News Centre's cyber update for 28th January 2026: Microsoft has issued an emergency out-of-band patch for a high-severity zero-day vulnerability in its Office software that is being actively exploited in targeted attacks.
Microsoft is a multinational technology corporation that develops, manufactures, licenses, supports, and sells computer software, consumer electronics, personal computers, and related services.
Update: Microsoft has scrambled to release an emergency patch for a high-severity security feature bypass vulnerability, tracked as CVE-2026-21509, that is being actively exploited in the wild. The flaw, which carries a 7.8 CVSS score, allows attackers to bypass Object Linking and Embedding (OLE) mitigations designed to protect users from malicious code embedded in Office documents.
The vulnerability was discovered and reported by Microsoft's own internal security teams. Successful exploitation relies on social engineering, requiring an attacker to convince a target to open a specially crafted Office file. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities catalog, giving federal agencies until February 16, 2026, to apply the fix.
Microsoft has not released specific details on the threat actors or their targets, but the targeted nature of the attacks suggests sophisticated operators are leveraging the flaw for high-value espionage or data theft operations. Patches are available for Office 2016, 2019, LTSC 2021/2024, and Microsoft 365 Apps, with some newer versions receiving automatic protection through a service-side update.
Why it Matters: The ubiquity of Microsoft Office across Australian government, corporate, and critical infrastructure sectors makes this a significant and immediate threat. While the attacks are described as "targeted," this indicates that high-value organizations—including those in Australia's finance, defence, and professional services industries—are prime candidates for compromise.
The vulnerability allows attackers to bypass a fundamental security control, creating a direct path to execute malicious code and potentially gain full control over a compromised system. This is not a theoretical risk; it is a confirmed, active threat being used by attackers now.
The direct Australian relevance is clear: any organization using Microsoft Office is a potential target. Immediate application of Microsoft's emergency patches is critical to prevent attackers from successfully exploiting this flaw to breach Australian networks, steal sensitive data, and disrupt operations. The incident underscores the persistent risk posed by vulnerabilities in widely-used enterprise software and the need for rapid patch deployment.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Singtel executives fronted a Senate inquiry, categorically denying explosive allegations that a secret ransom was paid to hackers following the massive 2022 Optus data breach that exposed personal information of 9.8 million Australians, amid ongoing inquiry into the telco's operational failures.
Joint advisory by Australian, New Zealand, and Tongan cyber authorities warns of rising INC Ransom attacks on critical infrastructure. The RaaS group has breached 11 Australian organisations, mainly in healthcare and professional services.
Microsoft’s March 2026 Patch Tuesday fixes 83 flaws, including three critical Office vulnerabilities exploitable through the Preview Pane that allow code execution without opening files, and a Copilot-linked Excel bug that could leak data. The ACSC urges immediate patching under the Essential Eight.
A Western Australian government audit has exposed critical Microsoft 365 security failures across seven state entities, leading to a data breach that leaked information on minors and a separate business email compromise incident resulting in the theft of $71,000 through fraudulent invoices.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
