Australia’s National AI Plan is a welcome start on skills and safety, but it plays too safe. While the US, Europe and the Gulf pour sovereign capital into chips, compute and energy, Canberra is still talking about catalysing investment rather than committing.
A significant supply chain attack has struck the US financial sector, with fintech vendor Marquis Software Solutions confirming a ransomware incident that exposed the sensitive data of hundreds of thousands of customers from dozens of American banks and credit unions.
South Korean e-commerce giant Coupang has confirmed a massive data breach exposing the personal information of 33.7 million customers. The incident, which began in June 2025, is one of the largest in the nation's history and is linked to a former employee's active credentials.
Australia adopts AS IEC 62443 cybersecurity standards for critical infrastructure protection. Oracle releases massive July 2025 patch update addressing 165 CVEs. DragonForce ransomware gang claims attack on US retailer Belk, stealing 156GB of customer data including Social Security numbers.
Cyber News Centre's cyber update for 16th July 2025: Australia has officially adopted the internationally recognized AS IEC 62443 cybersecurity standards to protect critical infrastructure and operational technology systems nationwide. Oracle has released its third quarterly Critical Patch Update for 2025, addressing 165 CVEs across 309 security patches. Meanwhile, the DragonForce ransomware gang has claimed responsibility for a devastating attack on US department store chain Belk, stealing 156 gigabytes of customer data including Social Security numbers.
Australia has taken a significant step forward in protecting its critical infrastructure by officially adopting the AS IEC 62443 series as national cybersecurity standards. This internationally recognized framework specifically targets Operational Technology (OT) systems and Industrial Automation and Control Systems (IACS) that form the backbone of essential services across power grids, water treatment facilities, transportation networks, and healthcare systems.
Update: Standards Australia has officially adopted the IEC 62443 series as the national standard for securing operational technology environments, branded locally as AS IEC 62443. This comprehensive framework addresses the unique cybersecurity challenges faced by industrial control systems where safety, uptime, and physical process control are paramount. The adoption aligns with Australia's 2023-2030 Cyber Security Strategy, which aims to make the country a world leader in cybersecurity by 2030 with $586.9 million in new funding.
The standard provides a modular and role-based approach that can be applied across various stages of a system's lifecycle, tailored to the responsibilities of asset owners, service providers, and product suppliers. The national committee IT-006 played a crucial role in supporting the adoption and ensuring alignment with local regulatory requirements.
Why it Matters: This adoption represents a proactive approach to protecting Australia's most critical infrastructure from increasingly sophisticated cyber threats targeting operational technology systems. Unlike traditional IT environments, OT systems control physical processes that directly impact public safety, economic stability, and national security. The AS IEC 62443 standards provide a structured framework for balancing cybersecurity protection with operational continuity, addressing the unique challenges where system downtime can have catastrophic consequences.
For Australian organizations managing critical infrastructure, this standardization reduces compliance complexity while establishing consistent, high-assurance cybersecurity practices. The timing is particularly significant as Australia prepares for an increasingly interconnected digital-physical landscape driven by smart energy systems, automated manufacturing, and connected urban infrastructure.
Oracle Corporation has released its third quarterly Critical Patch Update (CPU) for 2025, delivering security fixes across a broad range of its products. As one of the world’s largest enterprise software providers, Oracle’s CPUs are critical for organizations that rely on its technologies for secure, mission-critical operations.
Update: Oracle Corporation released its July 2025 Critical Patch Update, delivering 309 security patches that address 165 unique CVEs across 28 product families. The update includes nine critical severity patches, 144 high severity patches, 135 medium severity patches, and 21 low severity patches. Oracle REST Data Services received the most attention with 84 patches (27.2% of total ), followed by Oracle Hospitality Applications with 40 patches and Oracle Communications with 36 patches. Notably, 50 vulnerabilities in Oracle REST Data Services alone can be exploited remotely without authentication, representing significant exposure points for organizations running these systems.
Why it Matters: This substantial patch release highlights the persistent security challenges facing enterprise software ecosystems that form the backbone of global business operations. The high proportion of remotely exploitable vulnerabilities without authentication requirements creates immediate risk vectors for organizations that haven't implemented proper network segmentation or access controls.
Oracle's emphasis on timely patching stems from documented cases where attackers have successfully compromised organizations that delayed applying available security updates. For IT security teams managing Oracle infrastructure, this quarterly update represents both an operational priority and a strategic reminder that enterprise software security requires continuous vigilance and rapid response capabilities to maintain defensive postures against sophisticated threat actors.
The DragonForce ransomware gang has claimed responsibility for a devastating cyberattack against Belk, a major US department store chain founded in the late 1800s. Belk operates over 300 stores across 16 states and serves millions of customers through its retail locations and online platform, making it a significant target for cybercriminals seeking valuable customer data.
Update: DragonForce ransomware operators gained access to Belk's network between May 7-11, 2025, exfiltrating 156 gigabytes of sensitive data before the attack was discovered on May 8. The breach forced Belk to disconnect affected systems, restrict network access, reset passwords, and rebuild compromised infrastructure, causing significant disruption to both online and physical store operations for several days.
The stolen data includes customer names, Social Security numbers, and other personal information, prompting Belk to provide affected individuals with 12 months of free credit monitoring and identity restoration services, including up to $1 million in identity theft insurance. DragonForce has made all stolen data available for download on their Tor-based leak site, indicating that Belk refused to pay the ransom demand. The attack represents part of DragonForce's broader campaign that has recently targeted UK retail chains including Co-op, Harrods, and Marks & Spencer.
Why it Matters: This attack highlights the persistent threat that ransomware-as-a-service operations pose to retail organizations that handle vast amounts of sensitive customer data. DragonForce's targeting of major retail chains demonstrates how cybercriminals are systematically focusing on sectors with valuable personal and financial information that can be monetized through identity theft and fraud schemes. The extended network access period (four days) before detection reveals potential gaps in security monitoring and incident response capabilities that many retail organizations face.
For consumers, this breach represents another erosion of trust in retail data protection practices and underscores the importance of monitoring credit reports and financial accounts for suspicious activity. The attack also demonstrates how ransomware groups are increasingly willing to publish stolen data when ransom demands are not met, turning data protection failures into public relations disasters for targeted organizations.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A significant supply chain attack has struck the US financial sector, with fintech vendor Marquis Software Solutions confirming a ransomware incident that exposed the sensitive data of hundreds of thousands of customers from dozens of American banks and credit unions.
South Korean e-commerce giant Coupang has confirmed a massive data breach exposing the personal information of 33.7 million customers. The incident, which began in June 2025, is one of the largest in the nation's history and is linked to a former employee's active credentials.
A series of cyber attacks on Australian defence supply chain contractors has exposed sensitive material relating to major weapons programs, including the Redback infantry fighting vehicle.
A sophisticated ransomware attack by the INC Ransom group has crippled the OnSolve CodeRED emergency notification platform, impacting hundreds of US municipalities. The incident has forced the permanent decommissioning of the legacy system and exposed the personal data of millions of residents.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
