Key Takeaways:

• Former NSA cybersecurity chief Anne Neuberger says US infrastructure lacks resilience against serious cyberattacks

• Cuts to CISA under the Trump administration cited as a major contributing factor

• AI, including digital twins and automated analysis, pitched as essential to filling growing security gaps

At the AI Expo for National Competitiveness last week, former Deputy National Security Advisor and NSA Cybersecurity Director Anne Neuberger issued a stark warning: if the US were hit with a significant cyberattack targeting critical infrastructure, the fallout could be catastrophic.

Speaking candidly, Neuberger said she lacks confidence in the nation’s ability to withstand a coordinated attack. Her concern stems not only from outdated technology and weak security practices on operational systems but also from cuts to federal cybersecurity personnel and programs — especially at the Cybersecurity and Infrastructure Security Agency (CISA).

“There’s old tech, there’s tech that wasn’t built to be connected to the internet… and there’s still less cybersecurity for operational systems than there are for IT systems,” she said during her keynote. “It’s never a good time to lose talented cyber defenders.”

Neuberger suggested that recent workforce reductions under the Trump administration have made it harder to maintain readiness. CISA has been particularly affected, she noted, with layoffs pushing out experienced staff and contributing to a potential “brain drain” at a time when cyber threats are accelerating.

The former official’s remarks come as the Trump administration proposes an additional 17% budget cut to CISA, totaling approximately $491 million. That reduction could result in the agency shedding nearly one-third of its staff.

As a solution, Neuberger proposed a more targeted cybersecurity approach centered on artificial intelligence. She emphasized the potential of AI-driven assessments to identify and mitigate vulnerabilities in legacy systems, and pointed to digital twin simulations as a method for preemptively addressing security risks.

“Let’s approach national cyber defense differently… using AI to close the holes in the most critical infrastructure,” she said.

CISA’s App Security Program Faces Shutdown

In a separate but related development, CISA is under scrutiny for its decision to terminate its Mobile App Vetting (MAV) program, which has provided security evaluations for apps used on government-managed devices. Representative Andrew Garbarino (R-NY) sent a letter to Homeland Security Secretary Kristi Noem, requesting an explanation for the move.

Garbarino argued that discontinuing the program could expose government systems to unnecessary risks — especially amid ongoing threats like the Salt Typhoon breaches, which saw Chinese state actors infiltrate US infrastructure and telecom providers.

“Terminating mobile device security programs sends the wrong signal,” Garbarino wrote. “CISA can hardly afford to abandon such a critical program.”

Secretary Noem has until June 13 to respond.

New Threats: ConnectWise Exploit and Botnet Resurgence

The cybersecurity landscape continues to evolve quickly. CISA recently added CVE-2025-3935 — a deserialization vulnerability in ConnectWise’s ScreenConnect software — to its Known Exploited Vulnerabilities (KEV) catalog. This follows a security advisory from ConnectWise warning that a nation-state actor had breached its systems and potentially accessed customer environments.

Other high-risk vulnerabilities disclosed this week include:

• CVE-2021-32030 (CVSS 9.8): Authentication bypass in ASUS and Lyra Mini routers
• CVE-2024-56145 (CVSS 9.3): Remote code execution vulnerability in Craft CMS
• CVE-2025-21480 and CVE-2025-21479 (CVSS 8.6): Memory corruption flaws in Qualcomm chipsets

Additionally, the FBI issued an alert about the resurgence of the Badbox 2.0 botnet, which has infected Android-based streaming devices and other consumer electronics. These devices are either shipped pre-infected or compromised through third-party app stores.

Meanwhile, researchers at Kaspersky identified a new Mirai botnet variant exploiting a command injection vulnerability (CVE-2024-3721) in DVRs made by vendor TBK. Approximately 50,000 vulnerable devices remain exposed online despite available patches.

Healthcare Hit: Kettering Breach Linked to Ransomware Group

In healthcare, Kettering Health confirmed that ransomware gang Interlock was behind the leak of 941 GB of patient data. The compromised data includes ID cards, payment records, and sensitive information on both patients and staff. Kettering said it has since removed Interlock from its systems.

Doxxing Gang Members Sentenced

Lastly, two cybercriminals tied to the “ViLE” doxxing gang have been sentenced to prison. Sagar Steven Singh (“Weep”) and Nicholas Ceraolo (“Convict”) received 27 and 25 months, respectively, for their roles in accessing law enforcement databases using stolen credentials and threatening victims with exposure of personal information.

According to the Department of Justice, the pair used their unauthorized access to collect nonpublic police records, which they then used for extortion.

Learn how AI Agents can supercharge your company’s profits and productivity at TMC’s AI Agent Event in Sept 29-30, 2025 in DC.

Rich Tehrani serves as CEO of TMC and chairman of ITEXPO #TECHSUPERSHOW Feb 10-12, 2026 and is CEO of RT Advisors and is a Registered Representative (investment banker) with and offering securities through Four Points Capital Partners LLC (Four Points) (Member FINRA/SIPC). He handles capital/debt raises as well as M&A. RT Advisors is not owned by Four Points.

The above is not an endorsement or recommendation to buy/sell any security or sector mentioned. No companies mentioned above are current or past clients of RT Advisors.

The views and opinions expressed above are those of the participants. While believed to be reliable, the information has not been independently verified for accuracy. Any broad, general statements made herein are provided for context only and should not be construed as exhaustive or universally applicable.

Portions of this article may have been developed with the assistance of artificial intelligence, which may have contributed to ideation, content generation, factual review, or editing.