Five things from the past working week that a UK board should know about, in the order I would raise them with a chair over coffee on Monday. A heavy week: Whitehall credentials turned up for sale, the Bank named AI as a financial stability problem, and Number 10 asked British business to sign a promise. Each item survived the cut because there is a decision attached to it.

1. Whitehall logins are on sale, and the door was a firewall without MFA

The FortiBleed story broke in the UK press on Sunday 5 July and ran all week. Credentials belonging to the Foreign, Commonwealth and Development Office, several local councils and NHS bodies have been stolen and listed on dark web markets, including privileged firewall and VPN logins tied to British embassies in Thailand and Mauritius. A broker operating as SantaAd has reportedly been pricing tranches at up to $60,000. SOCRadar puts the verified working-credential count above 86,000, drawn from more than 80,000 compromised Fortinet devices across 194 countries.

The mechanism should sting more than the headline. This was not an exotic zero-day. The attackers took credentials leaked in earlier breaches and sprayed them at internet-facing Fortinet appliances until they found the ones where the password still worked and MFA was not switched on. CISA had already urged organisations to harden Fortinet devices on 18 June.

For boards. Ask a question with a yes or no answer: is MFA enforced on every administrative and VPN account on every internet-facing security appliance we own, with no exceptions for service accounts or break-glass logins? If the honest answer contains the word "mostly", you are in the population this campaign harvested.

2. Number 10 asked business to sign a pledge, and most of the FTSE stayed home

On Tuesday 7 July, Technology Secretary Liz Kendall launched the Cyber Resilience Pledge at a Downing Street reception, with around 70 founding signatories including M&S, Nationwide, ITV, Vodafone, Microsoft UK and Cloudflare. The three commitments are modest and sensible: board-level oversight of cyber risk, enrolment in the NCSC's Early Warning service, and a risk-based approach to Cyber Essentials across the supply chain. Government put the annual cost of cyber attacks to the UK economy at £14.7 billion. The Record's read was less flattering, noting the pledge drew only a handful of the country's largest firms despite direct ministerial lobbying. Hold that alongside the other thing happening this month: the Cyber Security and Resilience Bill has its second reading in the Lords on 14 July. A voluntary pledge that lands quietly is usually the prelude to a statutory duty that does not.

For boards. Signing costs nothing and the commitments are things you should already be doing. Treat the pledge as a checklist and see whether you can honestly tick all three today — particularly the supply chain one, which nobody can evidence. If you cannot, you have found next quarter's work, a year before the Bill makes it compulsory.

3. The Bank of England named frontier AI as a financial stability risk

Also on 7 July, the Financial Policy Committee published its July record and Financial Stability Report, and the cyber section is unusually blunt. The FPC's position is that more capable AI systems can find and exploit vulnerabilities at greater scale and speed, and that firms and authorities must revisit whether existing deep cyber recovery capabilities, coordination arrangements and the resilience of key technology providers remain sufficient. It builds on the May joint statement from the Bank, FCA and HM Treasury on frontier AI models and cyber resilience, which went further: the cyber capabilities of current frontier models already exceed what a skilled practitioner can achieve, at higher speed, greater scale and lower cost. The Treasury followed in the same week with its own report on the value of resilience in financial services.

For boards. When your regulator says recovery capability may be insufficient against an AI-accelerated attacker, the question is not "are we patched" but "how long would it take us to restore the business, and when did we last prove it under adversarial conditions rather than a tabletop". If the last full recovery test was a slide deck, you do not have an answer.

4. Microsoft closed a Defender zero-day, 29 days after the exploit went public

On 9 July Microsoft shipped a fix for RoguePlanet, CVE-2026-50656, a flaw that lets an authenticated user win a race condition in Defender's quarantine pipeline and land a SYSTEM shell on a fully patched Windows 10 or 11 machine. The fix arrived out of band, through Malware Protection Engine 1.1.26060.3008, and should reach most estates automatically.

The context matters more than the bug. Working exploit code had been public for roughly 29 days before the patch shipped, dropped by a researcher operating as Nightmare Eclipse — their seventh public zero-day proof of concept since April, each timed to Patch Tuesday, as part of an openly adversarial campaign over Microsoft's disclosure and bounty practices. That is a new category of exposure: your patch window is now set partly by a grudge you are not party to.

For boards. Confirm Defender engine updates are actually applying across the estate, including servers and anything outside the normal patch cycle. Then the harder question: when a vendor's disclosure dispute produces a live exploit weeks before a fix, what is our compensating control?

5. npm is about to break your build, and that is the point

Reporting on 8 July confirmed that npm v12 ships this month with the biggest security change in the registry's sixteen-year history: install scripts, Git dependencies and remote URL sources blocked by default. It answers a brutal year — the hijack of the Axios maintainer account in March, three poisoned versions of node-ipc in May, and malicious packages abusing dependency confusion to profile developer machines. Researchers noted the change does not stop account takeovers, which is how the worst of those attacks started. The same theme surfaced on 7 July when CISA added three actively exploited flaws to its catalogue, including CVE-2026-55255, an authorisation bypass in Langflow — an AI application-building tool plenty of organisations have quietly let their developers install.

For boards. Someone will shortly tell you the build pipeline broke because of an npm upgrade. Be pleased. Ask instead which production dependencies rely on install scripts, because those are the ones needing an explicit exemption — and each exemption is a decision to keep running arbitrary vendor code on your build servers.

The thread that ties this together

Every story this week is a version of the same sentence: the control you did not enforce is the one that got used. FortiBleed did not need a zero-day, it needed an account without MFA. The npm change is an admission that a convenient default was a liability for a decade. The Bank is warning that AI has shortened the time between a weakness existing and someone finding it. And the Cyber Resilience Pledge is the government asking, politely and for now, whether you would mind closing the obvious gaps before it has to legislate them.

The pattern is the gap between knowing and doing. CISA warned about Fortinet exposure three weeks before the FCDO's credentials reached the front pages. Everyone already knew install scripts were dangerous. So the question for next week is not what new threat has emerged. It is this: of the risks we have already accepted in writing, which one would we be unable to defend in front of a regulator if it went wrong on Monday?