With regulators tightening reimbursement and liability rules, financial institutions are facing increased pressure to justify not only how they fight fraud, but how much residual risk they're willing to carry. www.databreachtoday.com/understandin...

Weekly Cryptohack Roundup —Banking Trojan (remember those?) TCLBanker targets crypto platforms —3 people indicted in a violent digital assets-related robbery —Kelp DAO restarts services after $292 million hack —U.S. Treasury tightens oversight of Binance. www.databreachtoday.com/cryptohack-r...

Rotating a compromised credential is supposed to end an attack, but a new proof-of-concept targeting Claude Code shows how it restarted one. Hackers would require one malicious npm package installation and a configuration file to carry out the attack. www.databreachtoday.com/claude-code-...

Weekly Data Breach Roundup —Flaw: BitLocker bypass privilege-escalation exploits unlock Windows 11 and Server 2025 —Breached: Škoda, GeForce NOW, telehealth firm OpenLoop —Ransomware: Nitrogen claims Apple and Nvidia-linked data theft from Foxconn www.databreachtoday.com/breach-round...

Utah appears to be the first state that has rolled out AI-enhanced efforts allowing prescription renewals. www.databreachtoday.com/utah-moves-a...

The British government announced plans to update cybersecurity legislation aimed at strengthening the country's digital defenses - while overhauling cybercrime authorities that officials and security researchers warn are no longer fit for modern threats. www.databreachtoday.com/uk-plans-ove...

Today's ethical dilemma discussion question: Is it ever OK to pay criminals in return for receiving their assurance that they'll delete every piece of data they stole? And what if children's data/comms are involved? www.databreachtoday.com/blogs/instru...

Mass supply-chain attack slams npm and PyPi, with downstream impact affecting Mistral AI and others, as latest Mini Shai-Hulud worm steals credentials and includes wiper functionality. Worm creators TeamPCP, also dumped the code online for anyone to use. www.databreachtoday.com/mass-supply-...

Two prominent cybersecurity vendors disclosed widespread layoffs last week, axing a significant percentage of their workforce. www.databreachtoday.com/cloudflare-c...

Britain's privacy watchdog fines major water supplier over $1.3M after finding utility left longstanding security gaps unaddressed across its corporate network, allowing a ransomware intrusion to expose personal information affecting customers and employees www.databreachtoday.com/hackers-hid-...

An unidentified hacker used Claude and Chat GPT in a cyberattack against a municipal water and sewage utility's operational technology systems in Mexico in January, according to forensic analysis by OT security firm Dragos. www.databreachtoday.com/water-system...

Nine out of 10 autonomous artificial intelligence agents deployed in production environments are vulnerable to a class of attack that standard safety testing cannot detect, shows research from an academic and enterprise consortium. www.databreachtoday.com/autonomous-a...

A growing body of reporting and law enforcement activity shows that many large-scale fraud operations, particularly those targeting Western enterprises, are run from compounds in parts of Southeast Asia where much of the workforce is not there by choice. www.databreachtoday.com/blogs/cyberc...

Cops shutter rebooted German-language cybercrime market, as Spanish police bust the suspected administrator of relaunched 'Crimenetwork' cybercrime forum, who's been accused of living in Mallorca under false identities. www.databreachtoday.com/cops-shutter...

Missouri regulators are widening an investigation into a 2024 hacking incident at Conduent Business Services, alleging that the company is stonewalling the state's attempts to obtain info about the data breach, affecting an etimated 25 million Americans. www.databreachtoday.com/missouri-all...

Top US senator presses US cybersecurity agency CISA on election security rollbacks www.databreachtoday.com/us-senator-p...

I thought more people entering the workforce might eventually decide that typing really fast with a computer keyboard is a good skill to master. Now, not so sure: www.wsj.com/tech/typing-...

'Dirty Frag' gives root on Linux distros; no patches yet available, after third party published vulnerability details www.databreachtoday.com/dirty-frag-g...

Instructure has restored access to the paid version of its Canvas e-learning tool offline after hackers exploited it to steal data. The company said attackers exploited a flaw in the free version, which remains offline as it responds to the intrusion. www.databreachtoday.com/canvas-e-lea...

Allianz hands commercial cyber insurance unit to Coalition www.databreachtoday.com/allianz-hand...

Florida financial technology giant FIS partners with Anthropic to deploy an AI agent that automates money laundering investigations, aiming to reduce casework from days to minutes. www.databreachtoday.com/fis-anthropi...

Anthropic CEO Dario Amodei warned that Claude Mythos has found tens of thousands of unpatched software vulnerabilities, with a six-to-12 month window before Chinese AI models catch up. www.databreachtoday.com/anthropic-so...

A critical vulnerability in firewalls built by Palo Alto Networks is under active exploitation - and the flaw has no patch. Here’s how to mitigate it, ahead of the vendor promising some patches on May 13, and the rest on May 28. www.databreachtoday.com/palo-alto-fi...

The U.S. cyber defense agency is launching an effort to better prepare the nation's critical infrastructure sectors for major cybersecurity attacks, calling for operators to sever operational technology networks from business networks at a moment's notice. www.databreachtoday.com/cisa-ci-fort...

Hybrid cryptography is moving from concept to deployment as organizations prepare for quantum-safe communications. Two experts detail the need to combine quantum key distribution with post-quantum cryptography to create more layered and resilient protection. www.databreachtoday.com/masterclass-...

An Idaho data broker accused by federal regulators of selling precise location data culled from hundreds of millions of smartphones without consumer consent pledged to stop doing so in order to resolve a federal lawsuit. www.databreachtoday.com/kochava-will...

A North Korean hacking group has been spying on a Korean ethnic enclave in China by infiltrating the Android apps of a regional gaming platform that hosts digital card and board games. www.databreachtoday.com/north-korean...

Two frontier artificial intelligence models from competing labs have essentially the same offensive cyber capability level, with consistent reasoning failures that the cyber scores alone do not capture, independent evaluations show. www.databreachtoday.com/gpt-55-mytho...

Batten down the hatches: European lawmakers push for stronger defenses in a post-Mythos cybersecurity landscape www.govinfosecurity.com/european-mep...

Former Maryland hospital pharmacist indicted by federal grand jury; he allegedly "weaponized" technology - including keylogging and cookie managers - to steal credentials and spy on nearly 200 co-workers and other individuals over an eight-year period. www.databreachtoday.com/feds-indict-...

Ransomware-wielding attackers target cPanel and WHM software. Critical authentication bypass flaw also tied to cyberespionage efforts and Mirai infections. www.databreachtoday.com/ransomware-w...

Grinex collapse: Russian sanctions busters won't be too fazed by the collapse of a cryptocurrency platform that facilitated billions of dollars' worth of transactions and whose main attraction was a ruble-pegged stablecoin. www.databreachtoday.com/feds-indict-...

I'd be less worried about Europe not getting early access to American AI models with strong bug-finding/exploiting skills if the US government - which it seems will now get that access - was still a reliable partner. Lack of trust means danger in this case. www.govinfosecurity.com/european-mep...

Ransomware group Everest begins leaking data allegedly stolen from insurance underwriter Liberty Mutual www.databreachtoday.com/everest-grou...

Warning from cybersecurity agencies: the rapid adoption of autonomous agentic artificial intelligence systems is introducing a new class of security risks that could outpace existing defenses if left unchecked. www.databreachtoday.com/five-eyes-so...

Ransomware defenses appear to be holding, with attackers having to work harder to earn less. But big challenges loom, in the US as federal cybersecurity funding declines, and worldwide ahead of criminals eventually gaining access to Mythos-class AI models. www.databreachtoday.com/ransomware-d...

Europe glides toward mandatory online age verification www.databreachtoday.com/europe-glidi...

Good riddance: FBI-backed takedown hits crypto scam centers www.databreachtoday.com/fbi-backed-t...

The U.S. Food and Drug Administration will test real-time clinical trials using artificial intelligence tools and data science. www.databreachtoday.com/us-fda-pilot...

Learn from cloud computing monopolies when navigating AI cost models and vendor lock-in, recommends nuclear industry cybersecurity expert Elizabeth McAndrew-Benavides.

It's quite remarkable that some of Germany's top politicians fell for Russia's Signal phishing ruse despite experts around the world warning about it for a whole year www.govinfosecurity.com/germany-caug...

Medical device maker Medtronic says it's been hacked, as cybercrime gang ShinyHunters claims to steal 9 million records www.databreachtoday.com/medical-devi...

Crypto-targeting North Koreans wield fake Zoom and Teams meetings, populated by video of real industry figures, captured in previous attacks and used to lure future victims www.databreachtoday.com/crypto-targe...

Home security firm ADT breach: 5.5M customers' data exposed, as prolific ShinyHunters extortion group issues 'pay or leak' threat to victim www.databreachtoday.com/home-securit...

Soldier won $410K in Polymarket bets on timing of Maduro capture, US alleges arstechnica.com/tech-policy/...

Weekly Cryptohack Roundup —Grinex halts trading after $15m crypto hack —KelpDAO hacker launders $80M ETH via cross-chain swaps —Circle sued over delayed response to $280m Drift hack —Armed robbers invade home of French family —$3.5m Volo Protocol exploit www.databreachtoday.com/cryptohack-r...

The Trump administration will have to look again to find someone to permanently lead the U.S. Cybersecurity and Infrastructure Security Agency now that nominee Sean Plankey withdrew from consideration after a year of no action taken by the Senate. www.databreachtoday.com/trumps-top-c...

UK officials say Russian hacking has reached new levels of hostility. Nation-state hits tied to the "big 4" now comprise majority of serious incidents probed by the government, intelligence officials said at this week's CyberUK conference in Glasgow. www.databreachtoday.com/uk-russian-h...

How Iran has excelled at 'threat projection' using cyber: no one wants to test Tehran's actual ability to execute, says Yelisey Bohuslavskiy, in this deep-dive look at how cyber operations are/n't being used in the conflict. Watch our full discussion here: www.databreachtoday.com/how-iran-has...

Maximizing vulnerability management utility and returns from Mythos, or any other models big and small, is about the system, not the models. Think of it as an AI-driven cybersecurity pipeline, says Ondrej Vlcek, CEO of Aisle. www.databreachtoday.com/maximizing-m...