Four things from the past working week that a UK board should know about, in the order I would raise them if I had ten minutes with a chair over coffee on Monday. I have left out the noise. Each item here has a decision or a question attached, which is the only reason it survived the cut.
1. The man who runs the NCSC told a room full of officials this is a contest, not a risk register
On 17 June, NCSC chief executive Richard Horne used the RUSI Annual Security Lecture to put a number on something boards tend to treat as abstract. His teams dealt with around 200 incidents affecting critical national infrastructure in the year to May, and roughly three-quarters of them were the work of nation states or actors linked to them, with Russia, China and Iran named directly. His framing matters as much as the figure: he asked his audience to stop treating cyber security as a risk to be managed down to an acceptable level, and to start treating it as an ongoing contest with capable adversaries who adapt when you do. He also singled out AI as an accelerant, noting that frontier models are already good at finding long-standing flaws in code, and that attackers will automate and scale accordingly.
For boards. A risk register implies a steady state you can reach and then maintain. A contest does not. Ask whether your security investment is sized as a one-off remediation programme or as a standing capability that has to keep pace with an adversary. Those are different budgets, different reporting lines, and different questions to your CISO.
2. The Cyber Security and Resilience Bill moved another step closer to landing on you
The Cyber Security and Resilience Bill progressed through its later Commons stages this week, the legislation that rewrites the UK's only cross-sector cyber rules by amending the Network and Information Systems Regulations 2018. The detail that should concern a board is scope. The Bill widens who counts as in scope — managed service providers and a broader set of digital and supply-chain operators — and hands the government and regulators stronger powers to set requirements and demand incident reporting. Plenty of organisations that have never thought of themselves as regulated for cyber are about to discover they are.
For boards. The question is not whether you support the Bill. It is whether you already know which side of the scope line you fall on, and whether anyone has been tasked to find out. If your firm provides managed services, sits in a critical supply chain, or underpins essential services, assume in scope until proven otherwise, and start the reporting and governance work now rather than against a commencement deadline.
3. A Splunk flaw went from theoretical to "patch by the weekend" inside the week
On 18 June, CISA added CVE-2026-20253 to its Known Exploited Vulnerabilities catalogue, confirming active exploitation of a missing-authentication flaw in Splunk Enterprise. An unauthenticated remote attacker can create or truncate arbitrary files on an affected system with no valid credentials, and US federal agencies were ordered to patch by the Sunday. The reason this belongs in a board briefing rather than a patch queue is what Splunk usually is: the place a lot of organisations send their logs. A flaw that lets an attacker corrupt or truncate log files is not just another remote-code-execution entry. It threatens the evidence you would rely on to work out what happened, which is precisely the capability an attacker wants gone before doing anything noisier.
For boards. Two questions for Monday. Is your Splunk estate patched, and if you do not run Splunk, do you know which one system in your stack holds the logs you would need in an incident, and how well it is protected? Losing your own audit trail is a governance problem, not a technical footnote.
4. A hijacked maintainer account poisoned an AI toolkit that pulls a million downloads a week
On 17 June, an attacker took over a maintainer account with publish rights across the Mastra AI framework and, in an 88-minute window, mass-published 144 malicious package versions to npm. The payload sat one level down, inside a dependency called easy-day-js — a typosquat of the popular dayjs library that copied the original's author, homepage and licence verbatim to survive a casual glance, then ran an obfuscated postinstall dropper that fetched a second-stage payload and deleted itself. Microsoft has tied the activity to the North Korea-linked actor it tracks as Sapphire Sleet. The exposure is sharp because Mastra packages tend to live in environments holding LLM API keys, cloud credentials and CI/CD tokens — exactly the secrets a credential-stealing dropper is built to harvest.
For boards. This is the AI supply-chain risk made concrete: not a model behaving badly, but the ordinary software plumbing underneath your AI projects being turned against you through a single compromised account. Ask whether any team has been building on Mastra, whether your build pipelines pin and verify dependencies rather than pulling the latest version on install, and whether the secrets your CI holds would survive a developer machine being compromised this way.
The thread that ties this together
Read together, the week describes a gap. At the top, the NCSC is describing a sustained contest with state adversaries and a Bill is working through Parliament to widen who must take cyber seriously. At the coalface, in the same five days, the actual ways in were mundane: an unpatched logging server and a hijacked npm account feeding poisoned packages to a million weekly downloads. Strategy and legislation move in quarters and years. Exploitation moves in 88-minute windows. The board's job sits in that gap — making sure the standing capability Horne is asking for actually reaches the patch queue and the build pipeline, and does not stop at the strategy deck. So the question to carry into next week is a plain one: if you were breached this morning through your logging platform or your software supply chain, would you find out from your own monitoring, or from someone else telling you?