ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Anthropic’s Mythos clampdown, April’s record Patch Tuesday and Nvidia’s Blackwell‑to‑Rubin GPU roadmap mark a turning point in cyber defence, exposing how deeply allied nations now rely on US‑controlled, agentic AI to detect and counter zero‑day threats.
Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
Iran’s confrontation with the US and Israel is playing out as a rolling cyber campaign, with Iran aligned and proxy groups running noisy DDoS, defacement and hack and leak attacks on banks, telecoms and government targets, while active Chrome zero days give attackers fresh options.
The past 48 hours have been defined by fresh zero day activity across Google’s ecosystem, elevated geopolitical cyber operations, and steady pressure on Australian and US critical sectors.
Google has pushed an emergency Chrome update to patch CVE 2026 5281, a high severity use after free in the Dawn WebGPU component that is already being exploited in the wild, continuing a pattern of rapidly weaponised browser flaws this year.
In the mobile stack, Google and partners are still managing the fallout from a Qualcomm related Android zero day that has moved from research finding to confirmed exploitation and mandatory patching across US federal networks. In the background, cyber activity linked to the latest phase of conflict with Iran is sustaining a higher tempo of disruptive and influence operations by state aligned and ideologically motivated groups, with spillover risk for Western commercial networks and infrastructure.
Palo Alto Networks’ Unit 42 reports a surge in Iran aligned and pro Russian hacktivist activity following the US and Israeli operations, with around 60 groups active as of early March and continuing campaigns of DDoS, defacements and hack and leak operations against governments, financial services, telecoms and infrastructure across at least 16 countries.
For Australian and US enterprises, the current wave of Chrome and Android zero days highlights how client side vulnerabilities are being cycled through live campaigns at speed, shrinking the margin for delayed patching on both managed and BYO endpoints. Endpoint hygiene, rapid patch orchestration and realistic browser and mobile exploitation scenarios in red teaming are now central operational issues rather than best practice talking points.
In the Australian market, ongoing Five Eyes warnings about ransomware crews targeting healthcare, professional services and mid market businesses reinforce that criminal operators are exploiting the same gaps in patching discipline and basic configuration that high end actors use, while policy settings and disclosure expectations continue to harden. Set against an environment where AI is being operationalised for reconnaissance, targeting and information operations in live conflicts, boards and executives should be treating AI enhanced tradecraft and geopolitical escalation as core assumptions in cyber risk, not emerging future trends.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
Anthropic’s rapid push into enterprise AI and its $30B raise signal a new phase where autonomous systems drive both productivity and cyber risk. As AI executes tasks at machine speed, markets, governments and workers face a sharper question: who controls the systems now shaping outcomes.
Zero‑day bugs in high‑privilege edge and security tools are being weaponised faster than organisations can patch, compressing response windows for Asia–Pacific defenders and turning shared enterprise stacks into a regional blast radius for attack.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
