Cyberattacks target US infrastructure, and other cybersecurity news

A new joint advisory from US agencies has said that cyber activity targeting critical infrastructure has escalated in recent weeks amid the conflict in the Middle East, highlighting how geopolitical tensions are increasingly playing out in cyberspace.

Hackers are exploiting internet-exposed operational technology (OT) devices — which are connected to the internet for remote monitoring, exposing infrastructure to attacks — used across sectors including energy, water and local government systems. The advisory notes that the widespread use of these devices and their frequent exposure to the public internet make them an attractive target for hackers.

In several cases, these events have already caused operational disruption and financial loss, with attackers manipulating data on industrial control interfaces and extracting sensitive system files.

Organizations are being urged to assume they could be targeted and to review their systems for vulnerabilities, particularly where industrial devices are directly exposed to the internet. Basic mitigations, such as removing public-facing access, implementing multi-factor authentication and monitoring for unusual network activity, are highlighted as critical first steps.

The targeting of industrial control systems reflects a broader shift in cyber warfare. Rather than focusing solely on data theft or espionage, threat actors are increasingly aiming to interfere with physical infrastructure.

The developments reinforce findings from the Forum’s Global Cybersecurity Outlook 2026, which identified geopolitics as the leading factor influencing cyber risk mitigation strategies. The report found that 64% of organizations are now factoring geopolitical tensions into their cybersecurity plans.

A coordinated law enforcement operation across the United States, Germany and Canada has dismantled infrastructure behind four major botnets that infected more than 3 million devices worldwide.

The botnets targeted Internet-of-Things (IoT) devices including webcams, routers and digital video recorders. The compromised devices were then used to launch large-scale distributed denial-of-service (DDoS) attacks, with targets including US defense department systems.

Authorities say the networks enabled hundreds of thousands of attacks worldwide and also operated on a “cybercrime-as-a-service” model, selling access to compromised devices to other actors, while in some cases extorting victims and causing significant financial losses.

German police have identified two suspected administrators, with searches conducted in Germany and Canada leading to the seizure of data and "cryptocurrencies worth tens of thousands of dollars".

The takedown underscores the ongoing risks posed by insecure connected devices. Experts warn that weak passwords and unpatched systems continue to provide an entry point for attackers, turning everyday hardware into tools for large-scale disruption.

Cambodia passes cybercrime law targeting scam centres: New legislation in the country introduces prison terms of up to 10 years and fines for online fraud, money laundering and related offences amid mounting international pressure over Southeast Asian scam compounds. In parallel, the UK has sanctioned operators of a major Cambodia-based fraud network and a cryptocurrency platform used to trade stolen data, as part of efforts to disrupt transnational online scam operations.

Microsoft to invest $10 billion in Japan's AI and cyber expansion: The package is intended to expand AI infrastructure and strengthen cybersecurity cooperation with the government, including partnerships with domestic firms to build local cloud and computing capacity. "We are bringing the world’s best technology, building secure and reliable infrastructure on Japan’s terms, and helping equip its workforce to accelerate productivity and innovation across its economy," said Brad Smith, Vice Chair and President, Microsoft. The plan also includes training 1 million engineers and developers by 2030.

Anthropic launches AI cybersecurity initiative with big tech partners: The organization has unveiled "Project Glasswing", a cybersecurity initiative allowing partners including Amazon, Microsoft, Apple, Google, Nvidia, CrowdStrike and Palo Alto Networks to preview and test its unreleased AI model "Claude Mythos Preview" for defensive security work. The company says the model has already identified thousands of vulnerabilities across software systems and will be made available to selected organisations alongside support for open-source security groups.

Hasbro hit by cyberattack: The organization behind Peppa Pig, Transformers and Monopoly has confirmed it suffered a cyberattack after unauthorized access to its network was identified, prompting parts of its websites to go offline and raising the possibility of delays to product deliveries. The company said it has taken systems offline as a precaution and is working to maintain order fulfilment, though some disruption could last for weeks while the investigation continues.

How AI is fuelling global cyber fraud and what to do about it.

AI-enhanced fraud is now four and a half times more profitable than traditional cybercrime, according to Interpol. As digital deception scales industrially, it erodes trust across financial and corporate systems. In fact, 73% of leaders reported cyber-enabled fraud in their networks last year. This threat is now more urgent than ransomware, combining social engineering with automation to exploit digital trust. Here's how sustained public-private collaboration can help scale cyber fraud solutions.

Why leaders must transform cyber resilience measurement.

Recognizing cyber risk is increasingly seen by leaders across the world as a core business, operational and governance issue. Cyber resilience has traditionally been measured at the point of recovery, on how quickly systems can be restored, how effectively crisis teams can respond and how well organizations can contain damage after an incident. However, AI-enabled attacks now mean that cyber resilience should be measured upstream and in terms of mitigation and preparedness instead, explains one expert.

Why organizations need to practice for the worst.

Cybersecurity has long focused on prevention, but in today’s fast-moving threat landscape, resilience determines outcomes. When systems are disrupted and data integrity is uncertain, leadership, legal, finance and communications must act in alignment, often before full clarity is restored. The organizations that navigate crises best are not those with perfect defences but those that have practised operating under pressure. Here's why building true resilience means testing decision-making, coordination and continuity across the whole enterprise.