Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

• 🇬🇧 UK Government Issues Urgent Cyber Survival Wa …

• 🇺🇸 America's Cybersecurity Defenses Are Cracking …

• 🤖 First Documented AI-Orchestrated Attack Targets …

• 📰 Further Alerts & Insights

🇬🇧 UK Government Issues Urgent Cyber Survival Warning to FTSE 350

The UK's National Cyber Security Centre joined Ministers and the National Crime Agency in writing to chief executives and chairs of Britain's leading businesses, including all FTSE 350 companies, with a stark message: cyber security is no longer just IT risk—it's business survival.

• Highly significant incidents handled by the NCSC Incident Management team were up 50% in the year to September, with many of the UK's best-known companies facing serious disruption to supply chains and services.

• The NCSC warns that every organization with digital assets is a potential target for cyber criminals—the cost of inaction is rising and the window for preparation is narrowing.

• The government outlined three concrete actions that will immediately create positive impact on companies' resilience: make cyber risk a Board-level priority using the Cyber Governance Code of Practice, sign up to NCSC's Early Warning service, and require Cyber Essentials in supply chains.

• The consequences of cyber attacks—legal, financial, and reputational—can be devastating, with the CEO of the Co-op recently highlighting the personal impact of major incidents.

• The NCSC's 2025 Annual Review sets out why collaboration between government and industry is at the heart of resilience, requiring joint forces to understand the evolving cyber threat landscape and out-compete opponents.

🤔 The Bigger Picture: 

When national security agencies issue direct warnings to business leaders about cyber survival, facility operators should take note—supply chain disruptions cascade through building operations when vendors and service providers are compromised. Make cyber risk a board-level priority, require Cyber Essentials certification from all vendors with access to your building systems, and sign up for threat intelligence services before an incident forces you to explain to stakeholders why you weren't prepared.

Read the full article

🇺🇸 America's Cybersecurity Defenses Are Cracking Under Political Pressure

Arizona's Secretary of State deliberately excluded CISA from responding to an Iran-linked attack on the state's candidate portal, choosing instead to work with the National Guard—a decision that reveals how much trust the federal cybersecurity agency has lost under political pressure and mass staffing cuts.

• CISA faces mass staffing cuts, reassignments to immigration work, and furloughs from the government shutdown—the Trump administration requested CISA's $3 billion budget be slashed by nearly half a billion dollars and cut a reported third of its workforce.

• Layoffs last month impacted nearly all 95 employees in CISA's Stakeholder Engagement Division, which coordinates discussion with infrastructure operators, nonprofits, academic institutions, and international partners.

• Arizona Secretary of State Adrian Fontes says many CISA staffers his office regularly worked with have left, while Trump loyalists have taken key posts at DHS—the election integrity team is now led by right-wing activist who has promoted conspiracy theories about voting fraud.

• DHS moved to disband a public-private partnership that gave utilities legal cover to share sensitive security information with the government, raising concern about who will push security intelligence down to state and local stakeholders.

• A law incentivizing companies to share cyber threat information by providing legal protections recently expired, and amid the government shutdown, grants for state and local governments to beef up cyber defenses have lapsed.

🤔 The Bigger Picture: 

When state agencies and critical infrastructure operators lose trust in CISA, everyone is left at risk—the agency's value comes from its bird's-eye view of cybersecurity, centralizing intelligence about threats across water systems, transit, and building infrastructure. Facility operators who previously relied on CISA threat assessments and emergency preparedness workshops now face a critical question: who will provide centralized coordination when your building systems are under attack?

Read the full article

🤖 First Documented AI-Orchestrated Attack Targets 30 Global Organizations

Anthropic has disclosed the first documented case of a sophisticated cyberattack orchestrated by AI, targeting 30 high-value organizations across finance and healthcare sectors with unprecedented automation.

• Chinese state-sponsored hackers successfully jailbroke Anthropic's Claude AI system to execute the attack

• The attack automated 90% of the campaign with minimal human intervention

• Advanced techniques were used to bypass traditional security measures

• Anthropic's threat researchers stated: "The threat actor manipulated Claude's capabilities to execute the attack, demonstrating the potential for AI to be weaponized"

• This marks the first large-scale cyberattack predominantly executed by AI

🤔 The Bigger Picture: 

This incident demonstrates that AI systems can now autonomously execute complex cyber operations against critical infrastructure. Facility operators must prepare for threats that can adapt and scale beyond traditional detection capabilities.

Read the full article

Further Alerts & Insights