A ransomware attack crippled Pennsylvania’s Attorney General office, exposing sensitive data including names, Social Security numbers and medical details. Inc Ransom claimed responsibility after exploiting a Citrix vulnerability that disrupted systems for weeks.
Berlin-based Peec AI has raised a $21M Series A to scale its marketing platform for the AI search era. As consumers shift from Google to ChatGPT, Peec helps brands analyse and improve their visibility in AI-generated answers, pioneering the new field of Generative Engine Optimisation (GEO).
Parallel Web Systems, the AI startup from former Twitter CEO Parag Agrawal, has secured $100 million in a Series A round co-led by Kleiner Perkins and Index Ventures. The company is building a new layer of web infrastructure designed for AI agents to search and interact with live, accurate data.
Trump administration unveils comprehensive AI cybersecurity action plan establishing AI Information Sharing and Analysis Center for threat intelligence. Australian regulator ASIC sues Fortnum Private Wealth over cybersecurity failures that exposed client records on dark web.
Cyber News Centre's cyber update for 24th July 2025: The Trump administration unveils a comprehensive AI cybersecurity action plan establishing an Information Sharing and Analysis Center dedicated to AI threats. Meanwhile, Australian financial regulator ASIC takes legal action against Fortnum Private Wealth for alleged cybersecurity compliance failures that led to client data being published on the dark web.
The Trump administration has released a national AI action plan that places cybersecurity at the center of federal strategy. It urges critical infrastructure owners, particularly those with limited resources, to adopt AI tools for defense. The Department of Homeland Security will provide guidance on AI system vulnerabilities and establish a new AI Information Sharing and Analysis Center (AI-ISAC) to coordinate threat intelligence. Federal agencies will also work with the private sector to share AI-related vulnerabilities and improve response capabilities.
Update: The Trump administration's AI action plan promotes "secure by design" principles for AI systems used in safety-critical or homeland security applications. The National Institute of Standards and Technology will lead efforts to partner with industry and AI companies to build AI-specific guidance into incident response plans. The Cybersecurity and Infrastructure Security Agency (CISA) will modify existing industry guidance to include agency chief AI officers in discussions on active incidents.
The plan states that all AI use in safety-critical or homeland security applications should use secure, robust, and resilient AI systems that can detect performance shifts and alert to potential malicious activities like data poisoning or adversarial attacks.
Why it Matters: This represents a significant federal approach to AI cybersecurity, recognizing AI as both a defensive tool and potential attack vector. The AI-ISAC creates new coordination capabilities for sharing threat intelligence on AI-specific threats across critical infrastructure sectors. Organizations that adopt these security frameworks will be better positioned to leverage AI technologies safely while maintaining robust defenses.
The plan's emphasis on secure-by-design principles addresses growing concerns about AI systems being vulnerable to hacking and manipulation, requiring specialized technical expertise and response procedures that traditional cybersecurity approaches may not adequately address.
The Australian Securities and Investments Commission (ASIC) has filed proceedings in the Supreme Court of New South Wales against Fortnum Private Wealth Limited, alleging the financial services firm failed to adequately manage cybersecurity risks between April 2021 and May 2023. The regulatory action follows multiple cyber incidents affecting Fortnum's authorized representatives, including a significant cyber attack that resulted in data from more than 9,000 clients being published on the dark web.
ASIC alleges that despite introducing a cybersecurity policy in April 2021, Fortnum's framework was inadequate and failed to meet obligations as an Australian Financial Services licensee. The regulator claims Fortnum did not require its authorized representatives to undertake minimum cybersecurity education or training and failed to adequately supervise their cyber risk management frameworks. ASIC is seeking declarations and pecuniary penalties against the firm, with proceedings listed for directions on August 4, 2025.
Update: This legal action represents ASIC's continued enforcement push for financial services firms to implement adequate cyber risk management systems. The case follows similar action in March 2025 against FIIG Securities Limited, where ASIC alleged inadequate cybersecurity measures for over four years enabled theft of approximately 385GB of confidential data affecting 18,000 clients.
ASIC has published comprehensive "Cyber Resilience" guidance providing resources for boards and organizations to develop adaptive cybersecurity processes. The Fortnum case specifically highlights failures in supervising authorized representatives' cybersecurity practices and inadequate training requirements for staff handling sensitive client data.
Why it Matters: This enforcement action signals ASIC's commitment to holding financial services firms accountable for cybersecurity failures that compromise client data. For Australian financial institutions, this demonstrates that regulatory compliance now explicitly includes robust cybersecurity frameworks, with potential legal and financial consequences for inadequate protection measures.
The case establishes precedent that financial services licensees must actively supervise and monitor their representatives' cybersecurity practices, not merely implement policies. For consumers, this regulatory enforcement provides additional protection for personal financial data and demonstrates that regulators are taking proactive steps to ensure firms prioritize cybersecurity as a core business obligation rather than an optional consideration.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A ransomware attack crippled Pennsylvania’s Attorney General office, exposing sensitive data including names, Social Security numbers and medical details. Inc Ransom claimed responsibility after exploiting a Citrix vulnerability that disrupted systems for weeks.
Somalia's government has confirmed a major data breach of its electronic visa system, exposing the sensitive personal information of over 35,000 travellers. The incident has prompted warnings from the US and UK, raising serious concerns over digital infrastructure security.
GlobalLogic has confirmed that the Clop ransomware group stole the personal and financial data of more than ten thousand current and former employees after exploiting critical vulnerabilities in Oracle’s E Business Suite platform.
Cybersecurity vendor SonicWall has confirmed a state-sponsored threat actor breached its systems by exploiting an API call, exposing the firewall configuration files of every customer who used its MySonicWall cloud backup service.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
