Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

• 🤔 AI Employees Arriving Soon?

• 🔴 Ivanti Zero-Day Deploys RAT

• ⚠️ Lazarus Exploits Patch Speed

• 🤖 Oklahoma Deploys Autonomous AI

• 📰 Further Alerts & Insights

🤔 AI Employees Arriving Soon?

The concept of AI as a tool is quickly evolving, with predictions that fully autonomous AI "employees" are just around the corner.

• Anthropic predicts fully autonomous AI "virtual employees" could be integrated into corporate networks within the next year.

• Unlike current limited agents, these AI identities would have 'memories,' defined roles, and their own corporate accounts and passwords.

• This creates significant, unresolved security challenges related to identity management, network access control, and accountability for AI actions.

• AI companies are actively exploring and investing in this area.

• Security vendors are beginning to release solutions for managing non-human identities.

🤔 The Bigger Picture:

The arrival of autonomous AI employees will fundamentally change the concept of an "identity" on your network, moving beyond human or simple service accounts. CSOs and directors need to start strategically planning for this now, considering how to secure these new digital workers, define their access, and establish frameworks for monitoring and accountability. Proactive security design is crucial before these entities become widespread.

Read the full article

🔴 Ivanti Zero-Day Deploys RAT

Threat actors are moving fast to exploit critical vulnerabilities, even those that have been patched. This recent activity targeting Ivanti devices is a prime example.

• A zero-day vulnerability (CVE-2025-0282) in Ivanti Connect Secure (ICS) was exploited in attacks against Japanese organizations around December 2024.

• Exploitation led to the installation of DslogdRAT malware and a web shell.

• Ivanti patched the critical flaw, which allows unauthenticated remote code execution, in early January 2025.

• Suspected China-nexus groups like UNC5337 and UNC5221 have exploited this and related Ivanti flaws to deploy various malware families.

• Recent scanning activity targeting Ivanti ICS and Pulse Secure (IPS) appliances has surged significantly, potentially indicating preparation for future attacks.

🤔 The Bigger Picture:

Hackers are using the time between finding a security hole and fixing it to attack. Even patched systems remain targets if updates aren't applied immediately. Organizations using Ivanti products must ensure patches are deployed urgently and scan for signs of compromise, especially given the recent surge in scanning activity.

Read the full article

⚠️ Lazarus Exploits Patch Speed

State-sponsored threat actors like Lazarus are accelerating their attacks by weaponizing newly released patches within hours. This changes the game for vulnerability management.

• The North Korean state-sponsored Lazarus APT group is targeting critical infrastructure and financial organizations globally.

• Their latest campaign, active since January 2025, focuses on rapidly exploiting recently patched ("one-day") vulnerabilities.

• Lazarus weaponizes these flaws, like CVE-2025-1234 in a widely used VPN solution, within hours of patch release.

• Initial access via internet-facing applications is followed by deployment of customized malware for persistence.

• The campaign has resulted in significant financial impact, estimated at over $14 million across disclosed incidents.

🤔 The Bigger Picture:

This campaign drastically shrinks the effective patching window, turning a disclosed vulnerability into a high-speed race against state-sponsored attackers. It underscores the urgent need for organizations, particularly in critical sectors, to achieve near-real-time patching velocity for all internet-facing assets. A strong patch management process isn't just about applying updates; it's about doing it faster than the bad guys can weaponize them.

Read the full article

🤖 Oklahoma Deploys Autonomous AI

Facing limited resources and an increasing threat volume, one state government is betting on highly autonomous AI to level the playing field.

• The Oklahoma state government is using autonomous AI agents (specifically Darktrace's Cyber AI Analyst) for network defense.

• These AI agents are granted the autonomy to make certain defense decisions independently, within defined limits.

• The AI is estimated to provide a cybersecurity defense capacity equivalent to several hundred human analysts.

• This adoption is driven by the necessity to counter AI-fueled attacks and limitations in staffing and budget.

• Challenges include the initial apprehension of relying on AI for critical decisions and the ongoing need for careful governance and guardrails.

🤔 The Bigger Picture:

This provides a compelling, real-world example of how autonomous AI is being implemented for defense today, not just in theory. It illustrates the potential for AI to dramatically scale defensive capabilities against increasingly AI-powered threats, creating an "AI vs. AI" dynamic. However, it also highlights the critical organizational and technical hurdles related to trust, oversight, and control when integrating highly autonomous systems into security operations.

Read the full article

Further Alerts & Insights