This Week's Top Five Stories in Cyber

Behind EU-UK Sanctions Against Russia Over Cyber Attacks
Russian state and cybercriminal proxies have been hit with a fresh wave of EU and UK sanctions.
The cyber sanctions fall on 24 individuals and entities accused of supporting the Russian state's cyber operations, election interference campaigns and anti-Ukraine disinformation efforts.
Marking the first joint UK-EU cyber sanctions package, the UK Government’s press release also includes the formal attribution of the cyber attack against Poland's energy grid to Russia's Federal Security Service (FSB) Centre 16.
“FSB’s Center 16 is home to some of the most disciplined, sophisticated actors in the cyber espionage landscape,” notes John Hultquist, Chief Analyst at Google Threat Intelligence Group.
Sophos State of Ransomware Report: A Step Ahead of Attackers
Sophos has released its annual report analysing the big time cyber disruptor of business operations – ransomware.
The State of Ransomware report by Sophos surveyed IT and cybersecurity leaders across 17 countries to assess the business preparedness against this threat and what collective defence looks like.
Accounting for four in five ransomware intrusions at 79%, identity is the biggest initial access vector (IAV), the report reveals.
Breaking the record held by exploited vulnerabilities, for the first time in four years they are no longer the most common root cause, as malicious email (26%) and phishing (24%) steal the top spots.
Yubico: Why OpenAI Mandates Hardware Passkeys for GPT-5.6
OpenAI has launched the GPT-5.6 family of models, promising frontier performance while burning through fewer tokens.
With this announcement, the frontier AI company is also clamping down on access by making hardware-backed passkeys mandatory for individual members of its Trusted Access for Cyber (TAC) programme.
From 1 September 2026, individual TAC members must enable Advanced Account Security using a hardware-backed passkey to retain access to OpenAI's most cyber-capable frontier models. Users who fail to meet the requirement will revert to default access.
“By requiring hardware-backed passkeys rather than sync passkeys or software-based alternatives, OpenAI is validating that our product is the best defence for account takeover,” says Jerrod Chong, CEO of Yubico.
Hitachi, OpenAI & Google Cloud Advance Physical AI Security
Hitachi is expanding partnerships with OpenAI and Google Cloud to address security challenges in physical AI deployments. Physical AI connects analysis and decision making to autonomous control of devices and equipment in real-world environments.
The company is deploying its Forward Deployed Engineers (FDE) model to support physical AI integrations alongside cybersecurity measures. FDEs are software specialists that embed directly with customers to provide end-to-end support.
Their work includes identifying management challenges, building proof-of-concepts and helping deploy projects into operations.
Broadcom VCF Secures Standard Chartered with Private Cloud
Joining the list of financial institutions elevating their security game is Standard Chartered, having entered into a long-term partnership with Broadcom to deploy a private cloud infrastructure centred on threat protection and Zero Trust architecture.
The agreement demonstrates how global financial institutions are embracing security-first design in response to ever-escalating cyber threats.
The collaboration uses VMware Cloud Foundation (VCF) to standardise the bank's technology infrastructure across 54 markets.
It was back in 2023 that Broadcom acquired VMware, and has since positioned the platform as a core component of its enterprise private cloud approach.








