The AI race in 2026 has shifted from "who has the smartest model" to "who can afford the power and capital to run them at scale." When Google issues century bonds and Musk eyes orbital data centres, the $700 billion question is whether anyone can sustain this pace.
The $700 Billion Reckoning: Why Tech Titans Are Betting the Future on AI—And Borrowing Like Sovereigns to Do It
Dutch telecom Odido confirms major cyberattack breached 6.2 million customers' personal data including names, addresses, bank account numbers details sparking serious identity theft concerns across the Netherlands
Microsoft has issued an emergency patch for a high-severity zero-day vulnerability (CVE-2026-21509) in Microsoft Office. The flaw, which bypasses key security features, is being actively exploited in targeted attacks, posing a significant risk to organizations globally, including in Australia.
Cyber News Centre's cyber update for 28th January 2026: Microsoft has issued an emergency out-of-band patch for a high-severity zero-day vulnerability in its Office software that is being actively exploited in targeted attacks.
Microsoft is a multinational technology corporation that develops, manufactures, licenses, supports, and sells computer software, consumer electronics, personal computers, and related services.
Update: Microsoft has scrambled to release an emergency patch for a high-severity security feature bypass vulnerability, tracked as CVE-2026-21509, that is being actively exploited in the wild. The flaw, which carries a 7.8 CVSS score, allows attackers to bypass Object Linking and Embedding (OLE) mitigations designed to protect users from malicious code embedded in Office documents.
The vulnerability was discovered and reported by Microsoft's own internal security teams. Successful exploitation relies on social engineering, requiring an attacker to convince a target to open a specially crafted Office file. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities catalog, giving federal agencies until February 16, 2026, to apply the fix.
Microsoft has not released specific details on the threat actors or their targets, but the targeted nature of the attacks suggests sophisticated operators are leveraging the flaw for high-value espionage or data theft operations. Patches are available for Office 2016, 2019, LTSC 2021/2024, and Microsoft 365 Apps, with some newer versions receiving automatic protection through a service-side update.
Why it Matters: The ubiquity of Microsoft Office across Australian government, corporate, and critical infrastructure sectors makes this a significant and immediate threat. While the attacks are described as "targeted," this indicates that high-value organizations—including those in Australia's finance, defence, and professional services industries—are prime candidates for compromise.
The vulnerability allows attackers to bypass a fundamental security control, creating a direct path to execute malicious code and potentially gain full control over a compromised system. This is not a theoretical risk; it is a confirmed, active threat being used by attackers now.
The direct Australian relevance is clear: any organization using Microsoft Office is a potential target. Immediate application of Microsoft's emergency patches is critical to prevent attackers from successfully exploiting this flaw to breach Australian networks, steal sensitive data, and disrupt operations. The incident underscores the persistent risk posed by vulnerabilities in widely-used enterprise software and the need for rapid patch deployment.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Dutch telecom Odido confirms major cyberattack breached 6.2 million customers' personal data including names, addresses, bank account numbers details sparking serious identity theft concerns across the Netherlands
Australian firm FIIG Securities has been ordered to pay a $2.5 million penalty by the Federal Court following ASIC action over significant cybersecurity failures that led to a major data breach in 2023. The landmark case sets a new precedent for cyber resilience obligations for AFS licensees.
Victoria's largest not-for-profit private hospital group, Epworth HealthCare, has been targeted by a fake ransomware group known as 0APT. The group claims to have stolen 920GB of patient data, but evidence suggests it is a bluff designed to extort money through psychological warfare.
A critical 9.8‑rated flaw (CVE-2025-40551) in SolarWinds Web Help Desk is under active exploitation, letting unauthenticated attackers execute remote code and prompting urgent patch orders for government and enterprise users worldwide.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
