Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

• ⚠️ AI Agents Emerge as Major Enterprise Security R …

• 🇨🇳 Chinese Hackers Exploit Infrastructure Softwa …

• 🛡️ Federal Agencies Release Critical AI Data Secu …

• ⚡ Nova Scotia Power Confirms Ransomware Attack

• 📰 Further Alerts & Insights

⚠️ AI Agents Emerge as Major Enterprise Security Risk

Agentic AI systems integrated into enterprise data environments are creating unprecedented security vulnerabilities, with Gartner predicting AI agents will cause 25% of enterprise security breaches by 2028. These autonomous systems can access enterprise data from hundreds of applications and take actions without human oversight, potentially exposing sensitive business information to unauthorized users.

• AI agents powered by enterprise data from hundreds of apps can distribute information at unprecedented scale

• Humans currently responsible for nearly 60% of security breaches, but AI agents raise concerns to new level

• Data governance platforms often built for analysts and data scientists, not business users who increasingly use AI agents

• AI agents lack business context to understand when to shield sensitive data like customer information or research

• Nearly half of enterprises manage over 1,000 separate apps with only 2% successfully integrating most systems

🤔 The Bigger Picture:

Without proper data governance, AI agents might become non-compliant and inadvertently leak data to users who shouldn't have access. Gartner predicts governments worldwide will enact AI governance laws by 2027. Organizations must establish policy-driven access controls that determine what data AI agents surface to different user types, preventing unauthorized access to sensitive business information.

Read the full article

🇨🇳 Chinese Hackers Exploit Infrastructure Software to Target U.S. Government Networks

Chinese-speaking threat actors have successfully exploited a critical vulnerability in Trimble Cityworks, a GIS-based asset management platform widely used by U.S. municipal governments for utility management. The campaign, tracked as UAT-6382, demonstrates sophisticated targeting of critical infrastructure management systems.

• CVE-2025-0944 (CVSS 8.6) deserialization vulnerability enabled remote code execution on Trimble Cityworks servers

• Attacks began in January 2025, targeting local government networks managing utility infrastructure

• Threat actors deployed Rust-based TetraLoader, Cobalt Strike, and VShell backdoors for persistent access

• Chinese web shells including AntSword, Chopper, and Behinder used for data exfiltration

• Clear interest in pivoting to utility management systems and critical infrastructure networks

🤔 The Bigger Picture:

Nation-state actors increasingly target infrastructure management software rather than attacking systems directly. Cityworks manages critical utility infrastructure for thousands of municipalities, making it a high-value espionage target. Treat management software as part of critical infrastructure requiring the same security rigor as operational technology. The rapid deployment of multiple backdoors indicates sophisticated preparation for long-term access.

Read the full article

🛡️ Federal Agencies Release Critical AI Data Security Guidelines

CISA, NSA, and FBI released comprehensive guidelines for securing AI systems used in critical infrastructure, warning that compromised training data can corrupt AI decision-making in industrial and building automation applications. The guidance identifies data integrity as the primary weakness in current AI security implementations.

• Joint cybersecurity information sheet focuses on protecting AI training and operational data across entire lifecycle

• Data poisoning attacks targeting AI model training emerging as primary threat vector for industrial systems

• Guidelines emphasize zero-trust principles for AI data access and cryptographic verification of datasets

• NIST AI Risk Management Framework outlines six critical stages requiring data security controls

• Special focus on privacy-preserving techniques like differential privacy and federated learning for sensitive operations

🤔 The Bigger Picture:

As smart buildings rely increasingly on AI for predictive maintenance and automated responses, compromised AI models could cause incorrect temperature controls, faulty fire safety responses, or manipulated energy management. For facility managers implementing AI-driven systems, verify data sources, implement access controls for AI training datasets, and maintain audit trails for AI decisions affecting critical building operations.

Read the full article

⚡ Nova Scotia Power Confirms Ransomware Attack

Canadian electric utility Nova Scotia Power has confirmed it was targeted in a sophisticated ransomware attack that compromised personal information of approximately 280,000 customers. The utility, which serves 550,000 customers, disclosed the breach nearly one month after the initial attack and confirmed it has not paid the ransom demand.

• No disruption reported to electricity generation, transmission, or distribution facilities

• Attackers have published stolen data, though specific ransomware group and leak site remain unidentified

• Company stated no payment made to threat actors, citing sanctions laws and law enforcement guidance

🤔 The Bigger Picture:

This attack demonstrates how ransomware groups target critical infrastructure for both financial gain and operational disruption potential. The month-long disclosure timeline highlights the complexity of ransomware investigations in utility environments. For critical infrastructure operators, this emphasizes the importance of incident response plans that balance transparency requirements with operational security during active investigations.

Read the full article

Further Alerts & Insights