Australia’s A$25bn AI wager, Bezos’s leap into “physical AI” and Musk’s push to shift data centres into orbit turned this week into a defining moment in the AI global industrial contest, with the Global South emerging as both proving ground and prize in the new AI steel age.
Vercel confirms a security incident after a compromised third-party AI tool's OAuth token allowed attackers to pivot into internal systems, exposing environment variables and API keys across its platform.
Anthropic is scrambling to contain fresh questions over its Mythos AI after online users reportedly accessed the ultra‑powerful model through previously mapped pathways, sharpening Pentagon supply chain concerns and spooking markets already on edge about AI‑driven cyber risk
Trump administration unveils comprehensive AI cybersecurity action plan establishing AI Information Sharing and Analysis Center for threat intelligence. Australian regulator ASIC sues Fortnum Private Wealth over cybersecurity failures that exposed client records on dark web.
Cyber News Centre's cyber update for 24th July 2025: The Trump administration unveils a comprehensive AI cybersecurity action plan establishing an Information Sharing and Analysis Center dedicated to AI threats. Meanwhile, Australian financial regulator ASIC takes legal action against Fortnum Private Wealth for alleged cybersecurity compliance failures that led to client data being published on the dark web.
The Trump administration has released a national AI action plan that places cybersecurity at the center of federal strategy. It urges critical infrastructure owners, particularly those with limited resources, to adopt AI tools for defense. The Department of Homeland Security will provide guidance on AI system vulnerabilities and establish a new AI Information Sharing and Analysis Center (AI-ISAC) to coordinate threat intelligence. Federal agencies will also work with the private sector to share AI-related vulnerabilities and improve response capabilities.
Update: The Trump administration's AI action plan promotes "secure by design" principles for AI systems used in safety-critical or homeland security applications. The National Institute of Standards and Technology will lead efforts to partner with industry and AI companies to build AI-specific guidance into incident response plans. The Cybersecurity and Infrastructure Security Agency (CISA) will modify existing industry guidance to include agency chief AI officers in discussions on active incidents.
The plan states that all AI use in safety-critical or homeland security applications should use secure, robust, and resilient AI systems that can detect performance shifts and alert to potential malicious activities like data poisoning or adversarial attacks.
Why it Matters: This represents a significant federal approach to AI cybersecurity, recognizing AI as both a defensive tool and potential attack vector. The AI-ISAC creates new coordination capabilities for sharing threat intelligence on AI-specific threats across critical infrastructure sectors. Organizations that adopt these security frameworks will be better positioned to leverage AI technologies safely while maintaining robust defenses.
The plan's emphasis on secure-by-design principles addresses growing concerns about AI systems being vulnerable to hacking and manipulation, requiring specialized technical expertise and response procedures that traditional cybersecurity approaches may not adequately address.
The Australian Securities and Investments Commission (ASIC) has filed proceedings in the Supreme Court of New South Wales against Fortnum Private Wealth Limited, alleging the financial services firm failed to adequately manage cybersecurity risks between April 2021 and May 2023. The regulatory action follows multiple cyber incidents affecting Fortnum's authorized representatives, including a significant cyber attack that resulted in data from more than 9,000 clients being published on the dark web.
ASIC alleges that despite introducing a cybersecurity policy in April 2021, Fortnum's framework was inadequate and failed to meet obligations as an Australian Financial Services licensee. The regulator claims Fortnum did not require its authorized representatives to undertake minimum cybersecurity education or training and failed to adequately supervise their cyber risk management frameworks. ASIC is seeking declarations and pecuniary penalties against the firm, with proceedings listed for directions on August 4, 2025.
Update: This legal action represents ASIC's continued enforcement push for financial services firms to implement adequate cyber risk management systems. The case follows similar action in March 2025 against FIIG Securities Limited, where ASIC alleged inadequate cybersecurity measures for over four years enabled theft of approximately 385GB of confidential data affecting 18,000 clients.
ASIC has published comprehensive "Cyber Resilience" guidance providing resources for boards and organizations to develop adaptive cybersecurity processes. The Fortnum case specifically highlights failures in supervising authorized representatives' cybersecurity practices and inadequate training requirements for staff handling sensitive client data.
Why it Matters: This enforcement action signals ASIC's commitment to holding financial services firms accountable for cybersecurity failures that compromise client data. For Australian financial institutions, this demonstrates that regulatory compliance now explicitly includes robust cybersecurity frameworks, with potential legal and financial consequences for inadequate protection measures.
The case establishes precedent that financial services licensees must actively supervise and monitor their representatives' cybersecurity practices, not merely implement policies. For consumers, this regulatory enforcement provides additional protection for personal financial data and demonstrates that regulators are taking proactive steps to ensure firms prioritize cybersecurity as a core business obligation rather than an optional consideration.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Vercel confirms a security incident after a compromised third-party AI tool's OAuth token allowed attackers to pivot into internal systems, exposing environment variables and API keys across its platform.
According to Microsoft’s April 2026 Security Update Guide, the company fixed more than 160 vulnerabilities across Windows, Office and core services, including an actively exploited SharePoint zero‑day and a Defender privilege‑escalation flaw.
The largest DeFi exploit of 2026 has seen $293 million drained from Kelp DAO's LayerZero cross-chain bridge, triggering a $5.4 billion withdrawal panic across the broader ecosystem and exposing critical centralization flaws in modular security.
ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
