The acting chief of the U.S. cybersecurity agency's use of ChatGPT to upload "for official use only" documents has reignited concerns over artificial intelligence governance and leadership judgement at the nation's cyber defense agency. www.databreachtoday.com/ai-use-by-ci...

Live voice phishing attacks target single sign-on users, as researchers identify 150 targets of latest ShinyHunters campaign that aims to bypass MFA, steal corporate data and hold it to ransom, with one noting that paying the group is pointless. www.bankinfosecurity.com/social-engin...

Spillover: Hack attacks against healthcare environments often "cascade" From IT and OT environments into patient care systems. www.databreachtoday.com/report-attac...

As Europe looks for homegrown and open-source tech alternatives, France becomes the latest EU member state to say <<non>> to US technology www.databreachtoday.com/france-lates...

Telnet flaw: 800,000 servers at risk amid active attacks. Sectors with lots of legacy/embedded tech (operational technology, ICS/SCADA) are among those most at risk, experts warn. www.databreachtoday.com/telnet-flaw-...

Wiper malware targeting Poland's power grid tied to Moscow's long-active 'Sandworm' military intelligence hacking team www.databreachtoday.com/wiper-malwar...

Voice phishing Okta customers: Ransomware/extortion group ShinyHunters claims credit www.databreachtoday.com/voice-phishi...

Patch or perish: zero-day flaw in Cisco Unified Communications and Webex tools being targeted by attackers. www.databreachtoday.com/zero-day-fla...

Why is Congress gutting the nation's cybersecurity agency, cutting threat hunting and vulnerability management resources, even as foreign adversaries escalate cyber operations targeting U.S. systems? www.databreachtoday.com/congress-pro...

Attackers target freshly patched, critical flaws in Fortinet's FortiSIEM appliances, with multiple attempted exploits originating from China www.databreachtoday.com/attacks-targ...

Germany and Israel pledge cybersecurity alliance www.databreachtoday.com/germany-isra...

Europe preps revised Cybersecurity Act to eject Chinese equipment from telcos www.databreachtoday.com/europe-readi...

Data breach notifications in Europe rise, while annual GDPR fines hold steady at $1.4 billion levied in 2025, despite criticism from outside the EU www.databreachtoday.com/breach-notif...

Tudou Guarantee, the Telegram-based, third-largest illicit marketplace of all time, which processed more than $12 billion in fraud-related transactions, has shut down. www.databreachtoday.com/12b-scam-mar...

Data breach: Minnesota's Department of Human Services is notifying 300,000 individuals that someone at a healthcare provider inappropriately accessed information from an IT system managed by a vendor. www.databreachtoday.com/minnesota-ag...

Cyber-enabled fraud has overtaken ransomware as the top cybersecurity concern for CEOs heading into 2026, according to the World Economic Forum's Global Cybersecurity Outlook 2026. AI is a top emerging technology affecting both cyber risk and cyber defense. www.databreachtoday.com/fraud-tops-r...

Face-swapping tools pose elevated 'know your customer' risks as easy-to-use deepfake services for criminals continue to rapidly improve.

Ransomware "most wanted": Police raid 2 suspected members of notorious Black Basta group - tied to over 600 victims worldwide and many millions in ransom payments - in Ukraine and issue arrest warrant for Russian who's the suspected founder and ringleader. www.databreachtoday.com/ransomware-m...

European states spin wheels on cybersecurity directive, as NIS2 directive lags in adoption and implementation www.databreachtoday.com/european-sta...

Coupang and the horrible, no good, very bad data breach: Seoul accuses e-commerce giant of 'self-investigation,' impeding government probe. www.databreachtoday.com/coupang-horr...

Pentagon's use of Grok raises AI security concerns www.databreachtoday.com/pentagons-us...

Citing recent high-profile arrests of fraud rings in Minnesota, President Trump created a National Fraud Enforcement division in DOJ. Sounds nice, but will it make a difference without deeper coordination with banks, payment platforms and businesses? www.databreachtoday.com/blogs/trumps...

For-profit Monroe University, with campuses in New York and the Caribbean, is notifying nearly 321,000 individuals of a December 2024 data theft incident that compromised their personal and health information. www.healthcareinfosecurity.com/for-profit-m...

CISA and cybersecurity allies sound alarm on operational technology security exposure www.databreachtoday.com/cisa-allies-...

Take two: Trump renominates Sean Plankey to lead US cybersecurity agency CISA www.databreachtoday.com/trump-renomi...

Ransomware by the numbers: Count of victims and groups surges www.databreachtoday.com/ransomware-b...

Weekly Cryptohack Roundup —U.K. crypto exchanges linked to Iranian sanctions evasion —NodeCordRAT malware spread via npm —FBI alert on North Korean QR-code phishing —Illicit crypto flows hit $154 billion in 2025 —Trump says he won't pardon Sam Bankman-Fried www.databreachtoday.com/cryptohack-r...

Weekly Data Breach Roundup: —Verizon outage was a botched software update —U.S. forces tied to cyberattack against Venezuela —Website publishes identities of thousands of U.S. immigration enforcement (ICE) agents —Dutch man sentenced for hacking port www.databreachtoday.com/breach-round...

Court axes investor lawsuit over CrowdStrike software update-triggered outage www.databreachtoday.com/court-axes-i...

A Verizon outage has been felt across the United States. Status: Now resolved. Cause? Unknown. But many previous outages due to software misconfiguration. www.databreachtoday.com/verizon-outa...

Cyber policy analysts told lawmakers that US cyber deterrence efforts are failing, allowing China and others to embed in critical infrastructure networks with minimal cost, while calling for faster, coordinated offensive actions across federal agencies. www.databreachtoday.com/lawmakers-ur...

Cancer center: Hackers stole research files, encrypted data www.databreachtoday.com/cancer-cente...

Magecart hits continue, as attackers turn their e-skimming sights to WooCommerce platforms w/ Stripe enabled. Separately, cloud-based ConnectPOS point-of-sale software left code repositories publicly exposed, placing customers at supply-chain attack risk www.databreachtoday.com/magecart-hit...

SAP defense in focus as new CEO Jesper Zerlang takes over at SecurityBridge www.databreachtoday.com/sap-defense-...

Britain's NCSC has published new guidance setting out new secure connectivity principles for operational technology (OT) environments: www.ncsc.gov.uk/blog-post/de...

SAP defense in focus as new CEO Jesper Zerlang takes over at SecurityBridge www.databreachtoday.com/sap-defense-...

NIST calls for public to help better secure AI agents www.databreachtoday.com/nist-calls-f...

California fines and bans data broker in privacy crackdown www.databreachtoday.com/california-f...

UK probes social platform X (formerly Twitter) over AI deepfake porn generation that let users virtually undress people, including minors. www.govinfosecurity.com/uk-probes-x-...

"Social media accounts posing as Scottish independence supporters has fallen silent once again ... reinforcing evidence that parts of the online constitutional debate are being manipulated from outside the UK." ukdefencejournal.org.uk/iranian-link...

Instagram confirms users got hit with a password-reset spam flood, but denies any data breach. Coincidentally , a threat actor leaked "17M Global Users - 2024 Leak" pertaining to Instagram users—but threat intel firm Kela tells me it's a recycled 2022 leak. www.databreachtoday.com/instagram-co...

Illinois says "incorrect privacy settings" left in place for several years exposed online data pertaining to Medicare, Medicaid and rehabilitation services recipients. www.databreachtoday.com/illinois-not...

Healthcare chatbots: AI governance analysts ask if they're good for your health. www.databreachtoday.com/healthcare-c...

OpenAI promises that a new iteration of ChatGPT dedicated to health will "securely" connect users' medical records and wellness apps, to better personalize its responses. What could go wrong? www.databreachtoday.com/chatgpt-heal...

Weekly Cryptohack Roundup —Alleged fraud kingpin deported to China —Bitfinex hacker Ilya Lichtenstein gains early release —Unleash Protocol's $3.9M hack —TRM ties ongoing crypto thefts to the 2022 LastPass breach —Trust Wallet's link to the Sha1-Hulud attack www.databreachtoday.com/cryptohack-r...

No patch/perish rest in 2026 as vulnerability alerts amass for Cisco, HPE and n8n www.databreachtoday.com/no-rest-in-2...

Weekly Data Breach Roundup: —Moody's predicts firewall obsolescence —Romanian critical infrastructure hacked —Sedgwick data breach —D-Link DSL router flaw —Finland seizes the Fitburg —Microsoft says Direct Send not to blame for Exchange phishing www.databreachtoday.com/breach-round...

Government, secure thyself: Britain has debuted an early revamp of its Cyber Action Plan for the government's own IT estate. In response, experts salute the urgency, refinements and direction of travel, but question funding and enforcement. www.govinfosecurity.com/britain-debu...

Poisoner's Handbook for AI: Researchers develop defense mechanism that poisons proprietary knowledge graph data, making such stolen information worthless to thieves who attempt to deploy it in unauthorized artificial intelligence systems. www.databreachtoday.com/poison-pill-...

Our Proof of Concept series asks: "Is it a bot or a buyer?" Here's why the retail sector is facing an "identity" crisis.