Microsoft has issued an emergency patch for a high-severity zero-day vulnerability (CVE-2026-21509) in Microsoft Office. The flaw, which bypasses key security features, is being actively exploited in targeted attacks, posing a significant risk to organizations globally, including in Australia.
Hayward's HEN Technologies has secured $22 million in Series A funding to scale its AI-driven fire suppression platform. The company's IoT-enabled hardware captures real-world physics data, creating a predictive analytics engine for emergency response.
Nike is investigating a massive data breach after the WorldLeaks ransomware group claimed to have stolen 1.4TB of sensitive data, including Jordan Brand design files, supply chain details, and internal documents. The breach poses a significant threat to Nike's IP operations in Australia.
Trump administration unveils comprehensive AI cybersecurity action plan establishing AI Information Sharing and Analysis Center for threat intelligence. Australian regulator ASIC sues Fortnum Private Wealth over cybersecurity failures that exposed client records on dark web.
Cyber News Centre's cyber update for 24th July 2025: The Trump administration unveils a comprehensive AI cybersecurity action plan establishing an Information Sharing and Analysis Center dedicated to AI threats. Meanwhile, Australian financial regulator ASIC takes legal action against Fortnum Private Wealth for alleged cybersecurity compliance failures that led to client data being published on the dark web.
The Trump administration has released a national AI action plan that places cybersecurity at the center of federal strategy. It urges critical infrastructure owners, particularly those with limited resources, to adopt AI tools for defense. The Department of Homeland Security will provide guidance on AI system vulnerabilities and establish a new AI Information Sharing and Analysis Center (AI-ISAC) to coordinate threat intelligence. Federal agencies will also work with the private sector to share AI-related vulnerabilities and improve response capabilities.
Update: The Trump administration's AI action plan promotes "secure by design" principles for AI systems used in safety-critical or homeland security applications. The National Institute of Standards and Technology will lead efforts to partner with industry and AI companies to build AI-specific guidance into incident response plans. The Cybersecurity and Infrastructure Security Agency (CISA) will modify existing industry guidance to include agency chief AI officers in discussions on active incidents.
The plan states that all AI use in safety-critical or homeland security applications should use secure, robust, and resilient AI systems that can detect performance shifts and alert to potential malicious activities like data poisoning or adversarial attacks.
Why it Matters: This represents a significant federal approach to AI cybersecurity, recognizing AI as both a defensive tool and potential attack vector. The AI-ISAC creates new coordination capabilities for sharing threat intelligence on AI-specific threats across critical infrastructure sectors. Organizations that adopt these security frameworks will be better positioned to leverage AI technologies safely while maintaining robust defenses.
The plan's emphasis on secure-by-design principles addresses growing concerns about AI systems being vulnerable to hacking and manipulation, requiring specialized technical expertise and response procedures that traditional cybersecurity approaches may not adequately address.
The Australian Securities and Investments Commission (ASIC) has filed proceedings in the Supreme Court of New South Wales against Fortnum Private Wealth Limited, alleging the financial services firm failed to adequately manage cybersecurity risks between April 2021 and May 2023. The regulatory action follows multiple cyber incidents affecting Fortnum's authorized representatives, including a significant cyber attack that resulted in data from more than 9,000 clients being published on the dark web.
ASIC alleges that despite introducing a cybersecurity policy in April 2021, Fortnum's framework was inadequate and failed to meet obligations as an Australian Financial Services licensee. The regulator claims Fortnum did not require its authorized representatives to undertake minimum cybersecurity education or training and failed to adequately supervise their cyber risk management frameworks. ASIC is seeking declarations and pecuniary penalties against the firm, with proceedings listed for directions on August 4, 2025.
Update: This legal action represents ASIC's continued enforcement push for financial services firms to implement adequate cyber risk management systems. The case follows similar action in March 2025 against FIIG Securities Limited, where ASIC alleged inadequate cybersecurity measures for over four years enabled theft of approximately 385GB of confidential data affecting 18,000 clients.
ASIC has published comprehensive "Cyber Resilience" guidance providing resources for boards and organizations to develop adaptive cybersecurity processes. The Fortnum case specifically highlights failures in supervising authorized representatives' cybersecurity practices and inadequate training requirements for staff handling sensitive client data.
Why it Matters: This enforcement action signals ASIC's commitment to holding financial services firms accountable for cybersecurity failures that compromise client data. For Australian financial institutions, this demonstrates that regulatory compliance now explicitly includes robust cybersecurity frameworks, with potential legal and financial consequences for inadequate protection measures.
The case establishes precedent that financial services licensees must actively supervise and monitor their representatives' cybersecurity practices, not merely implement policies. For consumers, this regulatory enforcement provides additional protection for personal financial data and demonstrates that regulators are taking proactive steps to ensure firms prioritize cybersecurity as a core business obligation rather than an optional consideration.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Microsoft has issued an emergency patch for a high-severity zero-day vulnerability (CVE-2026-21509) in Microsoft Office. The flaw, which bypasses key security features, is being actively exploited in targeted attacks, posing a significant risk to organizations globally, including in Australia.
Nike is investigating a massive data breach after the WorldLeaks ransomware group claimed to have stolen 1.4TB of sensitive data, including Jordan Brand design files, supply chain details, and internal documents. The breach poses a significant threat to Nike's IP operations in Australia.
The Everest ransomware group has breached ASRock Rack, a major server hardware vendor, stealing 509GB of sensitive data including firmware, BIOS, and other critical files. The breach creates a significant supply chain risk, potentially allowing attackers to embed vulnerabilities in server hardware.
A newly disclosed vulnerability in Schneider Electric's Foxboro DCS, a widely used industrial control system, could allow attackers to disrupt critical infrastructure operations. The flaw, originally from Intel, affects energy and manufacturing sectors worldwide, including Australia.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
