Microsoft has issued an emergency patch for a high-severity zero-day vulnerability (CVE-2026-21509) in Microsoft Office. The flaw, which bypasses key security features, is being actively exploited in targeted attacks, posing a significant risk to organizations globally, including in Australia.
Hayward's HEN Technologies has secured $22 million in Series A funding to scale its AI-driven fire suppression platform. The company's IoT-enabled hardware captures real-world physics data, creating a predictive analytics engine for emergency response.
Nike is investigating a massive data breach after the WorldLeaks ransomware group claimed to have stolen 1.4TB of sensitive data, including Jordan Brand design files, supply chain details, and internal documents. The breach poses a significant threat to Nike's IP operations in Australia.
Microsoft has issued an emergency patch for a high-severity zero-day vulnerability (CVE-2026-21509) in Microsoft Office. The flaw, which bypasses key security features, is being actively exploited in targeted attacks, posing a significant risk to organizations globally, including in Australia.
Cyber News Centre's cyber update for 28th January 2026: Microsoft has issued an emergency out-of-band patch for a high-severity zero-day vulnerability in its Office software that is being actively exploited in targeted attacks.
Microsoft is a multinational technology corporation that develops, manufactures, licenses, supports, and sells computer software, consumer electronics, personal computers, and related services.
Update: Microsoft has scrambled to release an emergency patch for a high-severity security feature bypass vulnerability, tracked as CVE-2026-21509, that is being actively exploited in the wild. The flaw, which carries a 7.8 CVSS score, allows attackers to bypass Object Linking and Embedding (OLE) mitigations designed to protect users from malicious code embedded in Office documents.
The vulnerability was discovered and reported by Microsoft's own internal security teams. Successful exploitation relies on social engineering, requiring an attacker to convince a target to open a specially crafted Office file. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities catalog, giving federal agencies until February 16, 2026, to apply the fix.
Microsoft has not released specific details on the threat actors or their targets, but the targeted nature of the attacks suggests sophisticated operators are leveraging the flaw for high-value espionage or data theft operations. Patches are available for Office 2016, 2019, LTSC 2021/2024, and Microsoft 365 Apps, with some newer versions receiving automatic protection through a service-side update.
Why it Matters: The ubiquity of Microsoft Office across Australian government, corporate, and critical infrastructure sectors makes this a significant and immediate threat. While the attacks are described as "targeted," this indicates that high-value organizations—including those in Australia's finance, defence, and professional services industries—are prime candidates for compromise.
The vulnerability allows attackers to bypass a fundamental security control, creating a direct path to execute malicious code and potentially gain full control over a compromised system. This is not a theoretical risk; it is a confirmed, active threat being used by attackers now.
The direct Australian relevance is clear: any organization using Microsoft Office is a potential target. Immediate application of Microsoft's emergency patches is critical to prevent attackers from successfully exploiting this flaw to breach Australian networks, steal sensitive data, and disrupt operations. The incident underscores the persistent risk posed by vulnerabilities in widely-used enterprise software and the need for rapid patch deployment.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Nike is investigating a massive data breach after the WorldLeaks ransomware group claimed to have stolen 1.4TB of sensitive data, including Jordan Brand design files, supply chain details, and internal documents. The breach poses a significant threat to Nike's IP operations in Australia.
The Everest ransomware group has breached ASRock Rack, a major server hardware vendor, stealing 509GB of sensitive data including firmware, BIOS, and other critical files. The breach creates a significant supply chain risk, potentially allowing attackers to embed vulnerabilities in server hardware.
A newly disclosed vulnerability in Schneider Electric's Foxboro DCS, a widely used industrial control system, could allow attackers to disrupt critical infrastructure operations. The flaw, originally from Intel, affects energy and manufacturing sectors worldwide, including Australia.
Microsoft has issued an emergency patch for a critical zero-day vulnerability (CVE-2026-20805) in its Windows operating system that is being actively exploited by attackers. The flaw affects all supported versions of Windows.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
