Ransomware DataBreachToday.com

Portable KYC Remains Elusive Despite Digital Identity Growth in UAE, Europe, Asia
The United Arab Emirates recently launched a national digital Know Your Customer platform under the oversight of the UAE Central Bank, aiming to standardize customer onboarding, streamline compliance checks and strengthen anti-money laundering enforcement.

ARPA-H Program Aims to Speed Up Disease Breakthroughs Using AI-Enabled Ecosystem
Biomedical research breakthroughs for complex diseases and chronic illnesses can take years to achieve. The U.S. Department of Health and Human Services is hoping to speed that up ten-fold by creating an artificial intelligence-enabled interoperable research ecosystem.

Mythos Found ‘Tens of Thousands’ of Unpatched Flaws With Months to Fix Them
Anthropic CEO Dario Amodei warned that Claude Mythos has found tens of thousands of unpatched software vulnerabilities, with a six-to-12 month window before Chinese AI models catch up. The disclosure came alongside a major financial services push including an investor-backed firm and 10 new AI agents.

Allianz Retains Risk Exposure While Outsourcing Cyber Insurance Operations
Allianz will transition operational control of its standalone commercial cyber insurance business to Coalition, combining the insurer's global distribution and balance sheet with Coalition's cyber underwriting, monitoring and incident response capabilities in a long-term strategic partnership.

Litigation Initiated by the US FTC Leads to Settlement Restricting Data Broker
The Federal Trade Commission has banned an Idaho-based data broker from selling sensitive location data gathered from "hundreds of millions" of individuals' mobile devices without their knowledge or consent. The proposed order ends several years of legal sparring between Kochava and the FTC.

BlueVoyant Seeks to Expand Beyond MDR Clients Into Firms With Mature In-House SOCs
BlueVoyant named John Hernandez - the former leader of Quest's Microsoft security business - as its next CEO to drive an agentic AI SaaS platform that expands the vendor beyond managed services and helps customers accelerate detection, response and supply-chain risk management.

Applied Quantum's Kawin Boonyapredee, SpeQtral's Cyril Tan on Hybrid Security
Hybrid cryptography is emerging as a practical path to quantum safety. Kawin Boonyapredee from Applied Quantum and Cyril Tan from SpeQtral said combining QKD and PQC builds resilience against future threats while balancing performance and security needs.

Security Leaders From Equifax, Rapid7 on Identity Security and Visibility Failures
In part one of the Anatomy of a Breach series, Equifax's Jeremy Koppen and Rapid7's Christiaan Beek examine why familiar security gaps still lead to breaches. Experts discuss ways to improve readiness in the face of identity-driven attacks, visibility failures and governance weaknesses.

Mythos a Turning Point, Say Lawmakers in Missive to European Commission
Dozens of European lawmakers are pressing the European Commission to act quickly to protect the continent's cybersecurity, due to the advent of new AI models that have considerable hacking prowess.

Security Leaders Face Gaps, Not in Their Org Charts, But in Their Team's Skills
Concerns about the skills and capabilities of cybersecurity teams have for the first time overtaken worries about headcount and unfilled vacancies among CISOs, according to a new SANS survey.

Why Technical Leaders Are Walking Away and What We Can Do to Fix It
Leaders are expected to deliver results, yet often lack the authority to make key decisions. The article examines how this imbalance creates friction, undermines performance and turns accountability without authority into a persistent leadership challenge.

Defendant Is Also at Center of a Civil Class Action Against His Former Employer
A federal grand jury has indicted a former Maryland hospital pharmacist, alleging he "weaponized" tech tools - including keylogging - to steal credentials and spy on nearly 200 co-workers and other individuals over an eight-year period. The defendant is also the subject of a similar civil lawsuit.

Smaller Cybersecurity Partners Get Opus 4.7 But Not Anthropic's Highest-Risk Model
Anthropic’s Project Glasswing gives CrowdStrike, Palo Alto Networks and Zscaler privileged access to Claude Mythos Preview, while smaller cybersecurity partners such as SentinelOne and TrendAI can only integrate with Anthropic's generally available Opus 4.7 model.

Cybercrime Gang Claims to Have 108-Gbyte Trove of Insurer's Files, Folders
Ransomware gang Everest Group claims to have stolen more than 108 gigabytes of data- including policyholder details - belonging to insurer Liberty Mutual. The cybercrime group began leaking the company's alleged data on Monday afternoon, saying the insurer "failed" to respond to the gang's demands.

Guidance Warns Autonomous Systems Expand Enterprise Exposure
Federal and Five Eyes cyber agencies warn that agentic AI systems - capable of autonomous action across enterprise environments - are introducing identity, visibility and control risks that could outpace existing defenses without continuous monitoring, zero trust enforcement and human oversight.

Startup Acquisition Adds Centralized Policy Control Over Agent Communications
Palo Alto Networks plans to acquire Portkey to centralize AI agent communications through a gateway that enforces runtime security, identity controls and governance, addressing rising risks from autonomous agents with broad system access and fragmented enterprise visibility.

Zero Trust Is 'Essential' - But Who Pays for It?
New guidance from the U.S. Cybersecurity and Infrastructure Security Agency on adapting zero trust security principles for operational technology is fine as far as it goes, but is pretty high-level and ignores or fudges a couple of key questions, say executives and experts.

Also: Google’s $40B AI Bet, Insights From Google Next Conference
In this week's panel, four ISMG editors discussed North Korea's use of fake video meetings to fuel crypto fraud, Google's $40 billion investment in Anthropic and what it signals for the AI race, and key takeaways from Google Next in Las Vegas on enterprise AI adoption.

Flaw Finding Model Integrated into a Slew of Cybersecurity Platforms
Claude artificial intelligence maker Anthropic announced Thursday wider availability of a model it described as its second-most powerful model for finding and patching software flaws. Anthropic is making Claude Security available as a "public beta" for enterprise customers.

Combined Platform Spans Dependencies, Extensions, Developer Tools
Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows.