A Western Australian government audit has exposed critical Microsoft 365 security failures across seven state entities, leading to a data breach that leaked information on minors and a separate business email compromise incident resulting in the theft of $71,000 through fraudulent invoices.
Google's March 2026 Android update patches a critical zero-day (CVE-2026-21385) in Qualcomm chips used in hundreds of millions of devices. The flaw, under active exploitation, allows privilege escalation and system compromise, posing a significant risk to users.
Ayar Labs has secured $500 million in a Series E round to scale its co-packaged optics technology. Backed by NVIDIA and AMD, the company is replacing traditional copper interconnects with light-based data transmission to solve the growing power and bandwidth crisis in AI data centres.
Google's March 2026 Android update patches a critical zero-day (CVE-2026-21385) in Qualcomm chips used in hundreds of millions of devices. The flaw, under active exploitation, allows privilege escalation and system compromise, posing a significant risk to users.
Cyber News Centre's cyber update for 9th March 2026: Google has released an urgent security update for Android devices to patch a critical zero-day vulnerability in Qualcomm chipsets that is under active attack.
Update: Google has confirmed that a high-severity vulnerability, tracked as CVE-2026-21385, is being actively exploited in targeted attacks against Android users. The flaw resides in a graphics component of over 235 unique Qualcomm chipsets, affecting hundreds of millions of devices globally, including a significant number in Australia. The vulnerability is a memory corruption issue caused by an integer overflow in the Qualcomm display driver that can be triggered by a local attacker to escalate privileges and potentially take full control of a device.
The bug was first reported to Qualcomm by Google's Android Security team on December 18, 2025, and Qualcomm notified its customers on February 2, 2026. Google's March 2026 Android Security Bulletin, released last week, includes a patch for this zero-day as part of the 2026-03-05 security patch level, which addresses 129 vulnerabilities in total.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-21385 to its Known Exploited Vulnerabilities (KEV) catalog on March 3, mandating that U.S. federal agencies patch the flaw by March 24, 2026. While Google has released the fix, the actual delivery of the update to end-users depends on device manufacturers and mobile carriers, creating a window of exposure for many users.
Why it Matters: The active exploitation of CVE-2026-21385 represents a direct and immediate threat to Android users. A successful attack could lead to the complete compromise of a device, allowing attackers to steal sensitive personal and corporate data, monitor communications, and deploy further malware. The vulnerability's presence in over 235 chipsets creates a massive attack surface, and the delay between Google's patch release and its implementation by various manufacturers leaves many users unprotected.
For businesses with employees using Android devices for work, this vulnerability poses a significant corporate security risk. The limited, targeted nature of current attacks suggests high-value individuals and organisations are the primary targets, consistent with commercial spyware operations. Android users should immediately check their device's security patch level under Settings and apply the 2026-03-05 patch or later as soon as it becomes available from their device manufacturer.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A Western Australian government audit has exposed critical Microsoft 365 security failures across seven state entities, leading to a data breach that leaked information on minors and a separate business email compromise incident resulting in the theft of $71,000 through fraudulent invoices.
Global legal intelligence giant LexisNexis has confirmed a significant cloud data breach after hackers exploited a vulnerable application, exfiltrating 2GB of data. The incident exposed details on enterprise clients, including law firms and government agencies, raising serious supply chain concerns.
Tehran-linked hackers are turning a distant war into a live resilience test for Australia, probing Five Eyes networks as local banks quietly move to high alert while hybrid warfare becomes a “when, not if” cyber disruption scenario.
Five Eyes nations, led by Australia's ASD, have issued an urgent warning for a critical zero-day (CVE-2026-20127) in Cisco's SD-WAN products. The flaw, actively exploited since 2023 by a sophisticated actor, allows for complete network takeover and impacts critical infrastructure globally.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
