Introduction
Today’s cybersecurity news highlights critical developments around emerging AI supply chain risks, ongoing ransomware impacts on healthcare, and significant law enforcement actions against cybercrime groups. Additionally, new malware tactics targeting air-gapped networks and enhancements in system security underscore the evolving threat landscape that security teams and business leaders must navigate.
AI Supply Chain and Government Technology Policies
Pentagon Designates Anthropic as a Supply Chain Risk
The Pentagon has officially designated Anthropic, an AI firm, as a supply chain risk following a dispute over ethical restrictions on AI use. The disagreement centres on Anthropic’s refusal to allow their AI model, Claude, to be used for mass domestic surveillance and fully autonomous weapons. This move reflects growing concerns within the defence sector about the security and ethical implications of emerging AI technologies.
Federal Phase-Out of Anthropic Technology
In a related development, former President Trump has ordered all federal agencies to phase out the use of Anthropic technology. Competing AI providers like OpenAI, Google, and Elon Musk’s xAI continue to maintain military contracts. This policy shift signals a tightening of scrutiny on AI vendors in government, emphasising the need for trusted, transparent AI supply chains. Security teams should keep abreast of vendor risk assessments and compliance with evolving government regulations.
Ransomware and Critical Infrastructure
Hospitals Under Ransomware Siege Onscreen and Offline
Ransomware attacks continue to plague healthcare systems, as depicted by HBO’s series “The Pitt,” which mirrors a real-life ransomware incident affecting a Mississippi healthcare provider. This convergence of fiction and reality highlights the persistent vulnerability of hospitals to disruptive cyberattacks. For security leaders, this underscores the importance of robust incident response plans and resilience strategies tailored for critical infrastructure sectors.
Emerging Threats and Defensive Measures
Wireless and Drone Security for Major Events
With global events like the FIFA World Cup on the horizon, experts warn cities must expand security beyond physical and traditional cyber defences to counter wireless and drone-based threats. This highlights the growing complexity of securing large venues and public spaces, necessitating integrated approaches that combine cyber, physical, and radio-frequency threat detection.
Microsoft Enhances Windows 11 Batch File Security
Microsoft is testing security improvements aimed at batch file and CMD script execution in Windows 11. These enhancements aim to reduce exploitation risks from malicious scripts, reflecting ongoing efforts to harden endpoint security. Organisations should plan to evaluate and deploy these updates promptly to mitigate script-based attacks.
APT37 Exploits New Malware to Breach Air-Gapped Systems
North Korean-linked APT37 hackers have developed new malware capable of moving data between internet-connected and air-gapped networks, exploiting removable drives for covert surveillance. This sophisticated technique raises alarms for organisations relying on air-gapping as a security measure. Security teams must reassess air-gap protections and implement strict controls around removable media.
Law Enforcement Successes Against Cybercrime
Europol Operation Nets 30 Arrests in Child Exploitation Cybercrime Group
Europol’s “Project Compass” has led to 30 arrests connected to “The Com,” a cybercrime collective targeting children and teenagers online. This operation exemplifies international cooperation in combating cybercrime and protecting vulnerable populations. Businesses and security professionals can draw lessons on the importance of collaborative threat intelligence sharing.
DOJ Seizes $61 Million from Crypto Scams
The U.S. Department of Justice confiscated $61 million in Tether cryptocurrency linked to pig butchering scams—fraudulent schemes that trick victims into investing in fake crypto projects. This successful seizure disrupts criminal financial flows and highlights the ongoing risks associated with crypto investment fraud. Security teams should educate users on these scams and monitor crypto transaction risks.
Web Shell Attacks Compromise Over 900 Sangoma FreePBX Instances
Over 900 instances of Sangoma FreePBX systems remain infected with web shells due to a command injection vulnerability exploited since late 2025. The majority of compromised systems are in the U.S. and other countries including Brazil, Canada, Germany, and France. This persistent threat emphasizes the need for timely patching and continuous monitoring of VoIP infrastructure.
Transparency and Breach Disclosure
The Case for Improved Breach Transparency
A growing concern is the minimal disclosure organisations provide following data breaches, sometimes withholding incident details entirely. Enhanced transparency is critical for stakeholder trust and effective risk management. Security leaders should advocate for clear breach communication policies to improve organisational resilience and regulatory compliance.
Key Takeaways
- AI supply chain risks are becoming a national security priority, with government agencies reevaluating vendor trustworthiness.
- Ransomware remains a severe threat to healthcare, reinforcing the need for tailored cyber resilience in critical sectors.
- Emerging threats include sophisticated malware targeting air-gapped networks and wireless/drone attacks at major events.
- Law enforcement efforts continue to disrupt significant cybercrime operations, particularly in child exploitation and cryptocurrency fraud.
- Regular patching and vigilant monitoring are essential to combat persistent web shell infections in telephony systems.
- Transparency in breach disclosure is vital for maintaining trust and improving security postures.
Security teams and business leaders should stay informed on these evolving threats and regulatory changes to protect their organisations effectively.