Australia’s A$25bn AI wager, Bezos’s leap into “physical AI” and Musk’s push to shift data centres into orbit turned this week into a defining moment in the AI global industrial contest, with the Global South emerging as both proving ground and prize in the new AI steel age.
Vercel confirms a security incident after a compromised third-party AI tool's OAuth token allowed attackers to pivot into internal systems, exposing environment variables and API keys across its platform.
Anthropic is scrambling to contain fresh questions over its Mythos AI after online users reportedly accessed the ultra‑powerful model through previously mapped pathways, sharpening Pentagon supply chain concerns and spooking markets already on edge about AI‑driven cyber risk
Google's March 2026 Android update patches a critical zero-day (CVE-2026-21385) in Qualcomm chips used in hundreds of millions of devices. The flaw, under active exploitation, allows privilege escalation and system compromise, posing a significant risk to users.
Cyber News Centre's cyber update for 9th March 2026: Google has released an urgent security update for Android devices to patch a critical zero-day vulnerability in Qualcomm chipsets that is under active attack.
Update: Google has confirmed that a high-severity vulnerability, tracked as CVE-2026-21385, is being actively exploited in targeted attacks against Android users. The flaw resides in a graphics component of over 235 unique Qualcomm chipsets, affecting hundreds of millions of devices globally, including a significant number in Australia. The vulnerability is a memory corruption issue caused by an integer overflow in the Qualcomm display driver that can be triggered by a local attacker to escalate privileges and potentially take full control of a device.
The bug was first reported to Qualcomm by Google's Android Security team on December 18, 2025, and Qualcomm notified its customers on February 2, 2026. Google's March 2026 Android Security Bulletin, released last week, includes a patch for this zero-day as part of the 2026-03-05 security patch level, which addresses 129 vulnerabilities in total.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-21385 to its Known Exploited Vulnerabilities (KEV) catalog on March 3, mandating that U.S. federal agencies patch the flaw by March 24, 2026. While Google has released the fix, the actual delivery of the update to end-users depends on device manufacturers and mobile carriers, creating a window of exposure for many users.
Why it Matters: The active exploitation of CVE-2026-21385 represents a direct and immediate threat to Android users. A successful attack could lead to the complete compromise of a device, allowing attackers to steal sensitive personal and corporate data, monitor communications, and deploy further malware. The vulnerability's presence in over 235 chipsets creates a massive attack surface, and the delay between Google's patch release and its implementation by various manufacturers leaves many users unprotected.
For businesses with employees using Android devices for work, this vulnerability poses a significant corporate security risk. The limited, targeted nature of current attacks suggests high-value individuals and organisations are the primary targets, consistent with commercial spyware operations. Android users should immediately check their device's security patch level under Settings and apply the 2026-03-05 patch or later as soon as it becomes available from their device manufacturer.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Vercel confirms a security incident after a compromised third-party AI tool's OAuth token allowed attackers to pivot into internal systems, exposing environment variables and API keys across its platform.
According to Microsoft’s April 2026 Security Update Guide, the company fixed more than 160 vulnerabilities across Windows, Office and core services, including an actively exploited SharePoint zero‑day and a Defender privilege‑escalation flaw.
The largest DeFi exploit of 2026 has seen $293 million drained from Kelp DAO's LayerZero cross-chain bridge, triggering a $5.4 billion withdrawal panic across the broader ecosystem and exposing critical centralization flaws in modular security.
ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
