Free open source software is fundamentally broken. In 2023, Denis Pushkarev, maintainer of the widely used core-js library, vented his frustration with the fact that users of his software seldom offer financial support, highlighting the disconnect between widespread dependency on open source and inadequate financial compensation for developers maintaining critical infrastructure.
In its yearly cybersecurity report, Dragos said state-sponsored crews haven't let up on their attempts to compromise America's critical infrastructure, with three new OT-focused threat groups joining the fray. This brings the total number worldwide to 26, and of these, 11 were active in 2025. Additionally, an existing group that Dragos tracks as Voltzite and is "highly correlated" with Volt Typhoon, according to Dragos CEO Robert M. Lee, kept up its intrusion activities last year.
Unlike traditional software bugs that might crash a server or scramble a database, errors in AI-driven control systems can spill into the physical world, triggering equipment failures, forcing shutdowns, or destabilizing entire supply chains, Gartner warns. "The next great infrastructure failure may not be caused by hackers or natural disasters but rather by a well-intentioned engineer, a flawed update script, or a misplaced decimal," cautioned Wam Voster, VP Analyst at Gartner.
The Indurex platform ingests and correlates data from multiple sources across the cyber-physical stack, with a strong focus on industrial historians, instrumentation and asset management systems (IAMS), alarm management, and OT network and endpoint data. The platform, which can be integrated with third-party OT security solutions, is designed to unify cyber, process, and safety context into a single operational view, using adaptive risk scoring to highlight issues and prioritize response actions.
Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region. The cybersecurity company noted that the threat actor is "primarily tasked with obtaining initial access to high-value organizations," based on the tactics, techniques, and procedures (TTPs) and post-compromise activity observed.
A silent crisis is shaking the very foundations of modern society. The industrial workforce responsible for building the global economy is at risk of crumbling. The people charged with keeping our power grids online, factories humming, utilities reliable, and supply chains moving uninterrupted are retiring at a fast clip. Sure, this may seem like the natural cycle of things as mass retirement opens the door to at least 3.8 million jobs.
In organizations with mature processes, this demonstrably leads to a 30 to 50 percent reduction in mean time to respond. This is not an optimization, but a necessary adjustment. The question is no longer whether AI agents will be deployed, but how far their autonomy extends. Security teams must explicitly determine which decisions can be automated and where human oversight remains mandatory. If these frameworks are lacking, the risks only increase.
The funding will establish a Government Cyber Unit, led by the UK's CISO and overseen by the Department for Science, Innovation and Technology (DSIT), to improve risk identification, incident response, and recovery capabilities. The unit will also create a dedicated Government Cyber Profession, elevating cybersecurity from its current placement under the broader Government Security Profession.
The Cybersecurity and Infrastructure Security Agency (CISA) published a guide detailing venue security and disruption management. In this guide, venue owners and operators can review fundamental strategies to mitigate repercussions of possible disruptions to the critical lifeline sectors of: Communications Energy Transportation Water and Wastewater Systems While this guide serves as a broad catalog for support, it is not comprehensive. Security leaders in the event security space are encouraged to leverage the provided resources and consider them in the context of their venue's unique needs.
Proponents of AI preemption equate competitiveness with deregulation, arguing that state-level guardrails hamper innovation and weaken the United States in its technological competition with China. The reality is the opposite. Today's most serious national-security vulnerabilities involving AI stem not from too much oversight, but from the absence of it. AI systems already underpin essential functions across our economy and national-security apparatus, including airport routing, energy-grid forecasting, fraud-detection systems, real-time battlefield data integration, and an expanding range of defense-industrial-base operations.
Andravia and Harbadus - two nations so often at odds with one another - were once again embroiled in conflict over the past seven days, which thoroughly tested NATO's cybersecurity experts' ability to coordinate defenses across battlefield domains. Around 1,500 practitioners took part in the annual battle that engulfed the island of Occasus-Icebergen, all working together to remediate cyberattacks on critical systems, the effects of which influenced how land, sea, and air forces were able to respond.
Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of usernames, passwords, repository authentication keys, Active Directory credentials, database credentials, FTP credentials, cloud environment keys, LDAP configuration information, helpdesk API keys, meeting room API keys, SSH session recordings, and all kinds of personal information. This includes five years of historical JSONFormatter content and one year of historical CodeBeautify content, totalling over 5GB worth of enriched, annotated JSON data.
This represents a "new operational model that's neither traditional cyber attack nor conventional warfare," Amazon Chief Security Officer Steve Schmidt told The Register. "The targeting data collected through cyber means flows directly into kinetic decision making."
In an updated advisory produced with the FBI and European law enforcement partners, it said Akira has expanded its capabilities and is now targeting Nutanix AHV virtual machines, an evolution from its previous attacks against VMware ESXi and Hyper-V. The agencies spotted attacks against Nutanix hypervisors in June, but did not specify the affected organizations, and added that the data informing the advisory is as recent as November 2025.
According to Burgess, a hacker group known as Volt Typhoon is trying to break into critical infrastructure networks such as power, water, and transportation systems. Burgess warned that successful hacks could affect energy and water supplies, and cause widespread outages. The U.S. has previously said that the Chinese hackers have spent years planting malware on critical infrastructure systems that are capable of causing disruptive cyberattacks when activated.
The Cyber Security and Resilience Bill (CSRB) aims to ensure critical services, including healthcare, water, transport and energy, are protected against cyber attacks, which cost the UK economy almost £15bn a year.
I do not think we truly appreciate how disruptive, how devastating, this could be "That's one phone network not working for less than one day," he said. "Imagine the implications if a nation state took down all the networks? Or turned off the power during a heatwave? Or polluted our drinking water? Or crippled our financial system?"
In April, the group targeted a Ukrainian university with two wipers, a form of malware that aims to permanently destroy sensitive data and often the infrastructure storing it. One wiper, tracked under the name Sting, targeted fleets of Windows computers by scheduling a task named DavaniGulyashaSdeshka, a phrase derived from Russian slang that loosely translates to "eat some goulash," researchers from ESET said. The other wiper is tracked as Zerlot.
The victims included a municipal water facility where pressure values were changed, an oil and gas company whose tank gauge was tampered with, and a farm silo where drying temperatures were altered, "resulting in potentially unsafe conditions if not caught on time." Officials stressed these weren't sophisticated, state-sponsored operations but opportunistic intrusions that caused real-world disruption ranging from false alarms to degraded service. The attackers didn't need custom malware or insider access either - just a connection and curiosity.
"The impression is almost unavoidable that the AfD is working through a Kremlin order list with its inquiries," Maier said, adding that the questions had demanded "increasing intensity and depth of detail."
It needs a security mechanism that triggers action automatically, not after collective consultations and individual deliberations. In recent months, a new baseline idea has taken hold in European and United States debates on Ukraine: Article 5like guarantees. In March, Italy's Prime Minister Giorgia Meloni was the first to suggest a mechanism inspired by Article 5 of the NATO Charter, which provides for collective action in the event of an attack on a member.
"If you are willing to go after a small water provider in Littleton, Massachusetts, what other target is off the list?" asked Former National Security Agency Director Gen. Tim Haugh on "60 Minutes."
Why are utilities a prime target for cyberattacks? What can security leaders do to prevent them? What happens when unexpected budget cuts slice your department in half? Tune in to learn how security leaders can simplify complexity, embrace cloud-native platforms, and design scalable, resilient command centers for the future. Protecting Critical Infrastructure With Limited Funding Romero shares common threats towards critical infrastructure and advice for security leaders navigating different challenges.
At stake is a diminished workforce with less capability to analyze and track cyber threats, as well as a bedrock cybersecurity data-sharing law that would expire in tandem with that lapse in appropriations, they told Nextgov/FCW. A shutdown would exacerbate risks to critical infrastructure because staff and resources would be less available for infrastructure owners and operators to access, said Ilona Cohen, chief legal and policy officer at HackerOne and former general counsel at the Office of Management and Budget.
