Secure World News

In early 2024, an employee at a Hong Kong firm joined what appeared to be a routine video meeting with her chief financial officer and colleagues. By the end of the call, she had authorized $25 million in transfers to overseas accounts. Weeks later came the shocking truth: every “colleague” on that call, including the CFO, was a sophisticated AI-generated deepfake. This incident, among others, heralds a new era of fraud in which artificial intelligence enables criminals to impersonate trusted individuals with uncanny realism.

For cybersecurity professionals safeguarding the intersection of digital and industrial systems, Fortinet’s newly released 2025 State of Operational Technology and Cybersecurity Report offers a rare blend of optimism and realism. Based on a global survey of more than 550 OT professionals, the findings reveal both a maturing OT security landscape and the persistent threats it continues to face.

A newly surfaced U.S. Department of Homeland Security (DHS) memo has confirmed that a Chinese state-linked hacking group known as Salt Typhoon gained extensive, months-long access to a U.S. Army National Guard network, raising concerns not just for military cybersecurity but for the broader fabric of U.S. critical infrastructure defense.

July 16th marks Artificial Intelligence Appreciation Day, a relatively new observance established in May 2021 by A.I. Heart LLC. The day is dedicated to recognizing the myriad positive contributions of AI technology to humanity and fostering greater awareness of its current and future applications.

Goldman Sachs has officially entered the era of the “hybrid workforce” with the announcement of Devin, an autonomous AI software engineer from Cognition. Marco Argenti, Goldman’s chief information officer, told CNBC that Devin will soon join the ranks of the bank’s 12,000-plus developers, with initial deployments numbering in the hundreds and potentially scaling into the thousands.

The North Atlantic Treaty Organization’s (NATO) approach to cybersecurity is evolving rapidly in response to an increasingly volatile digital landscape. The alliance is no longer treating cyberspace as a peripheral concern but as a core element of collective defense. At the 2024 Washington Summit, NATO made a bold statement: cyberattacks can now trigger Article 5, its mutual defense clause. This shift is more than symbolic.

British authorities have arrested four individuals in connection with a series of cyberattacks that disrupted operations at major U.K. retailers—Marks & Spencer, Co-op, and Harrods—earlier this year. The National Crime Agency (NCA) announced the arrests on July 10th following a coordinated operation that targeted suspected members of the notorious hacking group known as Scattered Spider.

In 2025, global supply chains are expected to face an unprecedented wave of cyberattacks. Recent reports indicate a 40% surge in supply chain–related breaches compared to just two years ago, costing companies billions. Nearly one-third of all breaches now originate from third-party vendors or partners, as attackers exploit the interconnected nature of modern supply networks. A single weak link—whether a small software supplier, cloud service, or logistics contractor—can open a backdoor into dozens of organizations. Manufacturing and logistics firms, increasingly digitized and AI-driven, are acutely at risk: state-aligned hackers are “infiltrating the digital arteries of commerce” from ports to payment systems. At the same time, cybercriminal gangs target any partner or tool that offers broad downstream access. The urgency is apparent; supply chain security is now a board-level issue, and failure to secure the weakest links can cascade into operational and financial crises across entire industries.

We have a lot of terms in application and product security that help us to either complicate or demystify the activities in pursuit of a secure design. One of those terms that we often use is “secure by design.” In a nutshell, secure by design means integrating security into the fabric of the product design where threat management becomes a proactive effort, architecture follows best security practices, features are designed to minimize the attack surface, and the product fails-safe when in a broken state. While there are different ways to implement the secure by design principles, ideally we want to codify and build it into the design lifecycle as seamlessly as possible.

At a time when trust is paramount, the rise of generative AI has opened a Pandora’s box of new threats. A recent case involving an imposter pretending to be U.S. Secretary of State Marco Rubio demonstrates the sophisticated nature of these attacks and the challenges they pose to cybersecurity.

Ransomware is no longer the work of lone-wolf hackers with deep technical chops. It’s become a full-fledged business model, especially with agentic AI entering the fold. Ransomware-as-a-Service (RaaS) has transformed cybercrime into an accessible, scalable platform that anyone can tap into—no code required.

The enterprise cloud journey, now more than a decade in, is far from a straight path. A recent white paper, “Cloud Usage and Management Trends: Where’s the Money Going?” by GTT, reveals a landscape of increasing complexity, a surprising resurgence of private cloud, and critical implications for cybersecurity professionals.

A recent audit from the U.S. Department of Justice has exposed severe vulnerabilities in the FBI’s cybersecurity measures, highlighting how these weaknesses directly contributed to the deaths of key informants in the high-profile El Chapo investigation.

Texas is making waves in AI governance.

In February, U.S. officials revealed that the Chinese group Volt Typhoon had maintained undetected access to power grids, ports, and telecommunications providers for as long as five years—long enough to map every breaker, valve, and switch they might someday wish to sabotage.

The cyber threat landscape has fundamentally changed. The latest Europol “Internet Organised Crime Threat Assessment” reaffirms that cybercriminals now operate like sophisticated businesses, now with AI assistance and organized online communities. Forums like Cracked and Nulled have transformed from niche underground markets into massive criminal ecosystems. Cracked alone boasted 4 million users generating 28 million posts.

In a significant strike against one of the world’s most active data leak marketplaces, French law enforcement has arrested five members of the infamous BreachForums, dealing a major blow to the criminal underground economy.

This paper is a companion to our initial paper, From Principles to Relationships: Redesigning Ethics for AI’s Alien Cognition, about how to apply an Ethics model to Agentic AI

As connected healthcare devices become more pervasive and critical to patient outcomes, the cyber risks tied to their design, production, and deployment grow exponentially. In its latest white paper, the U.S. Food and Drug Administration (FDA) takes a proactive stance with a detailed “Cybersecurity Risk Management Playbook” aimed at medical device manufacturers and their supply chain partners.

The U.S. Department of Homeland Security (DHS) issued a new National Terrorism Advisory System (NTAS) bulletin on June 22nd, warning of an “elevated threat environment” in the United States amid global unrest and rising tensions with foreign adversaries like Iran. While the alert highlights threats both physical and digital, cybersecurity professionals are zeroing in on the increased likelihood of Iranian-backed cyber activity targeting U.S. organizations and infrastructure.