Itron has confirmed a cyber intrusion affecting parts of its internal systems, drawing attention to growing vulnerabilities across digital infrastructure linked to essential utility services. In a regulatory filing, the company said an unauthorised third party gained access to certain systems before the activity was contained and removed.
The US energy technology company said it has not identified any compromise of customer-hosted systems, suggesting that the incident may be limited to internal operations for now. At the same time, the lack of detail on the attack method, including whether ransomware was involved, underscores the uncertainty that still surrounds the breach.
As a provider of connected technologies for utilities serving more than 110 million homes and businesses, Itron sits within infrastructure that supports electricity, water, and gas services at scale. That makes the incident significant beyond the company itself, even if operational disruption appears limited so far.
Itron said it activated its cybersecurity response plan, notified law enforcement, and implemented contingency measures, including reliance on backups, to maintain continuity. The company also said operations have continued in all material respects while the investigation remains ongoing.
While services appear largely unaffected at this stage, the filing suggests the full scope of the breach has not yet been determined. The case reflects the growing pressure on infrastructure technology providers to strengthen cyber resilience as threats increasingly target the digital systems underpinning essential services.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The European Commission and the European Union Agency for Cybersecurity (ENISA) have stepped up efforts to strengthen cybersecurity certification across the EU during the European Cybersecurity Certification Week held in Cyprus. The event brought together policymakers, industry representatives, and national authorities to support the implementation of a more unified certification framework.
Discussions focused on advancing the EU Cybersecurity Certification Framework under the Cybersecurity Act, as well as its interactions with related legislation, including the Cyber Resilience Act, the NIS2 Directive, and the Cyber Solidarity Act. The initiative reflects a broader effort to harmonise standards and strengthen trust in digital products and services across member states.
Progress was also reported on two certification schemes currently under development. One concerns European Digital Identity Wallets, aiming to set high security requirements to protect citizens’ credentials, while the other focuses on Managed Security Services, particularly incident response capabilities under the Cyber Solidarity Act.
Participants also reviewed the peer assessment mechanism intended to support consistent implementation across member states. That process, already underway, is designed to promote equivalent cybersecurity standards throughout the EU and reduce the risk of fragmented national approaches.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The European Union Agency for Cybersecurity has released an updated version of its National Cybersecurity Capabilities Assessment framework, designed to help countries evaluate the maturity of their cybersecurity strategies and implementation progress.
The revised tool provides a structured approach for identifying strengths, weaknesses, and areas requiring further development.
The framework, known as NCAF 2.0, is intended for policymakers and government officials responsible for national cybersecurity planning. It enables authorities to track progress at both strategic and operational levels while improving understanding of how effectively national strategies are being implemented.
Aligned with key EU legislation, including the NIS2 Directive, the updated framework supports coordination across Member States by offering a shared reference point for capability assessment.
It also facilitates peer review processes and encourages the exchange of best practices in cybersecurity governance.
Why does it matter?
The tool gives EU Member States a consistent way to measure and improve cybersecurity readiness, reducing fragmentation across national approaches.
By identifying gaps and aligning strategies with frameworks like NIS2, it strengthens collective resilience against cross-border cyber threats. The shared methodology also improves coordination, enabling faster learning and more coordinated responses to evolving cyber risks across the EU.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The US Cybersecurity and Infrastructure Security Agency has published a malware analysis report on FIRESTARTER, a malware affecting Cisco Firepower and Secure Firewall products running Adaptive Security Appliance or Firepower Threat Defense software. At the same time, CISA updated Emergency Directive 25-03 with new required actions for Federal Civilian Executive Branch agencies.
CISA said the report was co-sealed with the UK’s National Cyber Security Centre and is intended to help organisations detect and respond to FIRESTARTER. The agencies assess that an advanced persistent threat actor exploited CVE-2025-20333 and CVE-2025-20362 in Cisco ASA firmware to gain initial access and deploy the malware on affected devices.
The report also says FIRESTARTER enabled post-patching persistence. CISA stated that firmware patching on compromised devices did not necessarily remove an existing threat actor.
The updated directive requires affected federal agencies to identify specified Firepower and Secure Firewall devices, collect forensic data, and apply new vendor-provided updates. CISA also urged organisations using the affected Cisco products to review the report and implement the recommended mitigations.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
New Zealand’s National Cyber Security Centre has warned that frontier AI models are likely to change the cyber threat landscape by increasing malicious actors’ ability to discover and exploit software vulnerabilities at greater speed and scale.
The guidance states that frontier AI models have already demonstrated the ability to identify vulnerabilities in software products. At the same time, it notes that defenders should consider where AI can support their own work, including checking in-house code for vulnerabilities and strengthening software before it is deployed into production.
Also, the guidance refers to a recent Anthropic report on Mythos Preview, which describes it as an agentic model capable of autonomously completing a series of tasks. According to the NCSC, Anthropic says the model can identify zero-day vulnerabilities in code and turn them into working exploits.
At the same time, the NCSC stresses that effective security controls remain the best line of defence as new vulnerabilities continue to be discovered. It recommends that organisations review their security posture to ensure it remains fit for purpose, and that appropriate methods to detect and contain malicious activity are in place across networks.
Senior leaders are urged to review how vulnerabilities are identified and managed, including patching, disclosure, supplier assurance, incident response, and protections for critical systems. For developers, the guidance recommends using frontier AI models cautiously in code reviews, patching frequently, reducing attack surfaces, applying defence-in-depth, and monitoring closely for signs of compromise.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The National Cyber Security Centre (NCSC) has developed SilentGlass, a device designed to protect display connections from malicious or unexpected activity. It is the first commercially available product licensed to use NCSC branding and was launched at CYBERUK.
SilentGlass blocks unauthorised interactions between HDMI and DisplayPort connections and screens. The NCSC stated that threat actors can target monitors as they may process sensitive or personal data.
The intellectual property has been licensed to Goldilock Labs, which is manufacturing the device in partnership with Sony UK Technology Centre. The product has already been deployed in government environments and approved for use in high-threat settings.
The NCSC noted that increasing numbers of connected devices raise exposure to risks linked to physical interfaces. SilentGlass has been developed to address this risk by preventing malicious connections at the hardware level.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK government has called on leading AI companies to collaborate on building advanced cyber defence capabilities, as threats grow in scale and sophistication.
Speaking ahead of CYBERUK, Security Minister Dan Jarvis emphasised that AI-driven security will become a defining challenge, requiring innovation at unprecedented speed and scale.
Government officials warn that AI is already reshaping the threat landscape, with hostile states and criminal groups increasingly deploying automated systems to identify vulnerabilities.
To address these risks, businesses are being encouraged to sign a voluntary Cyber Resilience Pledge, committing to stronger governance, early warning systems, and supply chain security standards.
Alongside this initiative, the UK government will invest £90 million over the next three years to support cyber defences, particularly for small and medium-sized enterprises.
A strategy that forms part of a broader National Cyber Action Plan, reflecting a shift towards integrating AI into national security infrastructure.
Officials argue that effective cooperation between government and industry will be essential to protect critical systems and maintain economic stability in an increasingly automated threat environment.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Dr Richard Horne, chief executive of the UK’s National Cyber Security Centre, has described the country as facing a ‘perfect storm’ for cybersecurity.
Speaking at the CYBERUK conference in Glasgow, Horne described developments in AI and wider international tensions as creating a period of ‘tumultuous uncertainty’. He added that the definition of cybersecurity is expanding as technology becomes more deeply embedded in robotics, autonomous systems, and human-integrated technologies.
Horne called for what he described as a ‘cultural shift’ across organisations, adding: ‘cybersecurity is the responsibility of everyone, whether they sit on the Board or the IT help desk… cybersecurity is part of their mission.’
He also argued: ‘organisations that do not focus on their technology base…as core to their prosperity … are no longer just naïve but are failing to grasp the reality of today’s world.’
On the threat landscape, Horne noted that incident numbers remain ‘fairly steady’, but that the source of attacks has shifted, with ‘the majority of the nationally significant incidents that the NCSC is handling now originate directly or indirectly from nation states.’
He also described cyberspace as part of the contested space ‘between peace and war’ and warned that the UK is seeing Russia apply lessons learned during its invasion of Ukraine beyond the battlefield. In that context, he argued that recent conflicts show ‘cyber operations are now integral to conflict’ and that ‘cybersecurity is the home front’.
Addressing frontier AI, Horne said: ‘Frontier AI is rapidly enabling discovery and exploitation of existing vulnerabilities at scale, illustrating how quickly it will expose where fundamentals of cybersecurity are still to be addressed.’
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A shift is emerging in cybersecurity as frontier AI systems become more capable and harder to control.
Anthropic’s decision to restrict access to the Claude Mythos Preview reflects growing concern about how such models can be used in real-world cybersecurity operations, as highlighted in an article published by the World Economic Forum.
Reported capabilities include identifying unknown vulnerabilities and generating working exploits. Tasks that once required specialised teams over long periods can now be accelerated significantly.
Defensive benefits exist, particularly in faster vulnerability detection, but the same capabilities can also lower barriers for attackers.
The main challenge is no longer finding weaknesses but managing them. AI can generate large volumes of vulnerabilities in a short time, while many organisations still rely on slower response cycles.
That gap increases exposure, especially for critical systems and infrastructure.
Cybersecurity is therefore moving away from static protection toward continuous monitoring and rapid response. At the same time, the lack of clear global rules on access to advanced AI systems raises broader concerns about governance and long-term stability.
Such an evolving imbalance between capability and control is likely to define the next phase of cyber risk.
The World Economic Forum report also stresses that AI-driven cyber risk is becoming a strategic issue, requiring board-level attention, stronger public–private coordination, and faster response timelines, as vulnerability discovery and exploitation compress from weeks to hours.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK National Cyber Security Centre has warned that organisations must urgently prepare for severe cyber threats, describing them as a growing risk to operations and national resilience. The guidance calls for immediate action from leadership.
Cyber attacks are becoming more capable and disruptive, with new technologies such as AI increasing their speed and scale. These threats can lead to major operational, financial and security impacts.
The agency emphasises that resilience, rather than prevention alone, is critical. Organisations must be able to continue operating and recover during cyber attacks, with preparation and planning carried out in advance.
The Centre states that responsibility lies with organisational leaders, urging investment, coordination and early planning to ensure essential services can continue under pressure in the UK.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
