Australia’s A$25bn AI wager, Bezos’s leap into “physical AI” and Musk’s push to shift data centres into orbit turned this week into a defining moment in the AI global industrial contest, with the Global South emerging as both proving ground and prize in the new AI steel age.
Vercel confirms a security incident after a compromised third-party AI tool's OAuth token allowed attackers to pivot into internal systems, exposing environment variables and API keys across its platform.
Anthropic is scrambling to contain fresh questions over its Mythos AI after online users reportedly accessed the ultra‑powerful model through previously mapped pathways, sharpening Pentagon supply chain concerns and spooking markets already on edge about AI‑driven cyber risk
A significant supply chain attack has struck the US financial sector, with fintech vendor Marquis Software Solutions confirming a ransomware incident that exposed the sensitive data of hundreds of thousands of customers from dozens of American banks and credit unions.
Texas-based Marquis Software Solutions, a key marketing and compliance software provider for over 700 financial institutions, has begun notifying customers of a major data breach that occurred on August 14, 2025. The incident, which the company detected on the same day, involved a ransomware attack that compromised a vast trove of sensitive personal and financial information.
The company said ransomware-wielding attackers gained a foothold in its IT environment after breaching its SonicWall firewall on Aug. 14, which it detected the same day after seeing "suspicious activity on its network."
Investigators found that the attacker may have accessed files containing data stored by Marquis Software on behalf of "present and former business customers," pertaining to their own customers, and that "the incident was limited to Marquis' environment."
Attackers exploited a zero-day vulnerability in the company's SonicWall firewall to gain access to its network. While Marquis has not officially named the threat actor, security researchers widely attribute the attack to the Akira ransomware gang, which was actively exploiting the specific SonicWall vulnerability during that period.
The compromised data is highly sensitive and includes customer names, dates of birth, postal addresses, Social Security numbers, and financial details such as bank account, debit, and credit card numbers. According to data breach notifications filed in multiple states, at least 400,000 individuals are confirmed to be affected, with the total number expected to rise as more institutions complete their investigations. One of the most alarming revelations came from a now-deleted breach notification filed by an Iowa credit union, which stated that "Marquis paid a ransom" to the attackers.
The attack on Marquis highlights the devastating speed and efficiency of modern ransomware operations. Security firm Arctic Wolf, which has tracked the Akira gang's campaign, noted the exceptionally short dwell times observed in similar intrusions. In a recent report, The State of Cybersecurity: 2025 Trends Report revealed that:
that 23% of organizations experienced at least one significant ransomware attack in 2024. And these attacks remain difficult for organizations to remediate without succumbing to threat actor demands, with the same report finding 76% of victim organizations are electing to pay the ransom to regain access to their data and environment.
This rapid execution leaves victim organisations with a minimal window to detect and respond, underscoring the critical need for automated, proactive defense systems.
The Marquis data breach is a textbook example of a catastrophic supply chain attack. The nearly four-month delay between the incident and the public disclosure is a significant point of concern, as it left hundreds of thousands of individuals vulnerable to fraud without their knowledge. This case underscores the systemic risk posed by third-party vendors and the critical importance of holding them to the highest security standards. The exploitation of a zero-day flaw demonstrates that even well-prepared organisations can fall victim, highlighting the need for a defense-in-depth strategy that goes beyond simple perimeter security. The alleged ransom payment, if true, further fuels the ransomware economy and emboldens threat actors to continue their campaigns against critical infrastructure.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Vercel confirms a security incident after a compromised third-party AI tool's OAuth token allowed attackers to pivot into internal systems, exposing environment variables and API keys across its platform.
According to Microsoft’s April 2026 Security Update Guide, the company fixed more than 160 vulnerabilities across Windows, Office and core services, including an actively exploited SharePoint zero‑day and a Defender privilege‑escalation flaw.
The largest DeFi exploit of 2026 has seen $293 million drained from Kelp DAO's LayerZero cross-chain bridge, triggering a $5.4 billion withdrawal panic across the broader ecosystem and exposing critical centralization flaws in modular security.
ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
