Cyber Risk Brief: Decoding Today’s Top Cyber Threats

Welcome to MMRMA’s Cyber Risk Brief on the latest threats in cyber security.

Cybersecurity threats are evolving rapidly, with AI-driven attacks and sophisticated ransomware posing serious risks to municipalities. Are your defenses ready?

In this episode of Cyber Risk Brief we dive into the latest threats, including state-sponsored hackers using AI, multimillion-dollar ransomware incidents in Nevada and Pennsylvania, and the continued rise of social engineering. We’ll also discuss the impact of delays in the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).

It isn’t just about the risks—it’s about solutions. Learn actionable strategies like adopting zero-trust architecture, accelerating patching cycles, implementing MFA, and running tabletop exercises.
Resources and References:

• Chinese Hackers Automate Cyber-Attacks With AI-Powered Claude Code – Anthropic report on AI-driven espionage campaign (80–90% automated)
  Infosecurity Magazine [infosecuri…gazine.com]
• AI Cyber Attack Statistics 2025 – Global rise in AI-enabled attacks (+47%), phishing success rates, ransomware families using AI
  SQ Magazine [sqmagazine.co.uk]
• AI-Powered Cyberattacks Are Here – How AI supercharges ransomware and phishing campaigns
  JD Supra [jdsupra.com]
• CISA Delays Cyber Incident Reporting Rules Until May 2026 – Details on reporting timelines (72 hours for incidents, 24 hours for ransom payments)
  Davis Wright Tremaine [dwt.com]
• CISA pushes final cyber incident reporting rule to May 2026 – Regulatory context and compliance implications
  CyberScoop [cyberscoop.com]
• Washington Post Data Breach Exposes Thousands In Oracle Cyberattack – Nearly 10,000 employees impacted, Clop ransomware group suspected
  TechWorm
• DoorDash Confirms Data Breach – Social engineering attack exposed customer and merchant contact info
  TechCrunch [techcrunch.com]
• Social Engineering Attacks Surge in 2025 – 36% of intrusions caused by social engineering; AI-powered deepfakes driving multimillion-dollar scams
  TechRepublic [techrepublic.com]
• Social Engineering Statistics 2025 – BEC losses $2.77B, phishing dominates initial access vectors
  DeepStrike [deepstrike.io]
• Nevada Cyberattack After-Action Report – Initial compromise via spoofed admin tool, 60 agencies impacted, $1.3M recovery cost
  GovTech
  BleepingComputer
  KTNV [govtech.com][bleepingcomputer.com][ktnv.com]
• Pennsylvania Attorney General Ransomware Attack – INC Ransom gang stole 5.7TB of data, exploited Citrix Bleed vulnerability
  SecurityWeek
  BleepingComputer [securityweek.com][bleepingcomputer.com]
• Municipal Ransomware Statistics – Average downtime 27.8 days, $83,600 per day, $2.2M average ransom demand
  Comparitech
  Tripwire [comparitech.com][tripwire.com]
• Digital Frontlines: The Escalating Cyber War on Municipalities – $1.09B in downtime losses since 2018, critical infrastructure targeted
  CyberProof [cyberproof.com]
• Economic Impact of Cyber Attacks on Municipalities – $18.88B in downtime and recovery costs in 2020 alone
  FQM Report [fqm.ca]