AI-assisted espionage campaign uncovered

Anthropic’s discovery of a large-scale, AI-assisted espionage campaign marked a turning point in modern cyber operations. A nation state threat actor successfully jailbroke Claude to automate the stages of a full breach lifecycle, from reconnaissance and vulnerability scanning to lateral movement, privilege escalation, and data exfiltration. The threat actor was able to jailbreak the model in order to carry out these controls, illustrating why guardrails are not enough for securing AI. 

The proliferation of AI agents means access vectors expand rapidly and the blast radius of any single compromise grows accordingly. A Zero Trust architecture ensures that even if an attacker succeeds in compromising an AI component, they cannot automatically traverse or abuse systems without consent, context, and continual verification. Zero Trust must be the foundation of modern enterprise security, not just for humans, but for agents and any non-human identities too. 

For a deeper look at the Anthropic incident, read our blog → 

Canadian government publishes anonymized OT incident report

The Canadian Centre for Cyber Security released anonymized reporting highlighting recent operational technology (OT) intrusions affecting critical infrastructure sectors such as power generation, water utilities, manufacturing, and transportation. Many of these incidents exploited internet-accessible OT, weak authentication mechanisms, and inadequate network segmentation, a common theme across aging industrial environments. 

As remote access tools, IIoT devices, and cloud-connected industrial equipment proliferate, the identity and access attack surface expands far beyond what traditional IT defenses can contain. Hacktivists are now actively abusing exposed ICS, not just sophisticated nation-state actors, making every organization with publicly reachable OT equipment a potential target. Defending these environments requires more than patching or perimeter firewalls: strong identity controls, segmentation, least-privilege access, and clearly defined roles and permissions across operators, vendors, and service providers are essential.

Japan METI issues OT guidance for semiconductor factories

Japan’s Ministry of Economy, Trade and Industry (METI) released a landmark set of OT security guidelines targeted at semiconductor manufacturing environments, a sector increasingly in the geopolitical spotlight. The guidance focuses on identity management, network segmentation, supply-chain integrity, and incident preparedness across production lines and factory-automation systems.

With semiconductor plants being high-value, high-availability environments, METI’s framework signals a strong move toward standardized, enforceable OT security expectations in global manufacturing. It also places responsibility not only on fabs, but on equipment vendors and integrators, recognizing that vulnerabilities often enter through the supply chain.

UK NCSC publishes OT Privileged Access Workstation guidance

The UK National Cyber Security Centre published new guidance governing the use of Privileged Access Workstations (PAWs) within OT environments. Unlike PAW deployments in IT, OT PAWs must navigate constraints such as vendor-controlled engineering tools, safety-critical systems, and maintenance workflows that rely heavily on remote access. 

The guidance provides a structured approach to isolating administrative tasks, securing engineering workstations, and reducing risk from compromised credentials or unmanaged remote sessions. For operators struggling with legacy HMIs, vendor access, or limited patch windows, the NCSC’s framework offers pragmatic, incremental steps toward stronger identity-based protections.

Logistics industry facing $35B+ annual cyber-enabled cargo theft

According to a new report by Proofpoint, the logistics and transportation sector is experiencing a surge in cyber-enabled cargo theft, driven by threat actors who infiltrate logistics platforms, compromise fleet management systems, and manipulate digital freight marketplaces. 

Attackers are using remote access tools to hijack user accounts, redirecting shipments, and executing “double brokering” scams that result in cargo being sent to fraudulent addresses. Organized theft groups now operate at global scale, blending cyber intrusion, social engineering, and physical supply-chain manipulation. With estimated losses exceeding $35 billion per year, the push to adopt secure remote access and cyber controls with identity verification into legacy operational workflows is imperative. 

CISA Orders Rapid Patch of New Fortinet RCE as 2025 KEV Count Hits Seven

On November 18 2025, CISA issued a directive requiring U.S. federal agencies to patch a newly disclosed critical remote code execution vulnerability in Fortinet products within seven days. The flaw is being actively exploited in the wild and affects multiple Fortinet devices, including firewalls and other security appliances.

This is the 7th time Fortinet has appeared in CISA’s Known Exploited Vulnerabilities Catalog (KEV) in 2025. This volume illustrates that enterprises relying on Fortinet infrastructure face a significant cumulative risk, and no matter of accelerated patching, careful configuration, and continuous monitoring stop these firedrills from becoming a significant risk. For a long term fix, organizations should seek enforcing segmentation along with strong identity and access controls.