Ransomware DataBreachToday.com

Conduent Gets Sued; US Government's Cyber Shutdown Woes; Hacktivist Hits Rise
The latest ISMG Editors' Panel tackles: post-hack legal fallout for Conduent after it suffered the year's biggest health data breach, the U.S. government's shutdown complicating its response to the breach of vendor F5 and the rise in attacks targeting Western critical national infrastructure.

Nation-State Actor Suspected in Breach of Congressional Budget Office
The Congressional Budget Office has been the subject of an apparent cyber incident, officials confirmed Friday, raising concerns that adversaries may have gained access to sensitive data used to inform U.S. legislative decisions amid ongoing federal cyber staffing shortages.

OT Security 'a Generation Behind Traditional IT'
For those charged with the cyber defense of OT and industrial control systems, one challenge towers above all others: Data. Specifically, its scarcity. Most operators simply don't capture it, in stark contrast with their IT counterparts.

Senate HELP Committee Chair Seeks to Secure Data in Smart Watches, Health Apps
Sen. Bill Cassidy, R-La., a physician and chair of the Senate health committee, has proposed legislation that aims to create parallel HIPAA-like privacy protections to more types of health data - such as data collected by consumer wearable devices and health apps - not currently covered under HIPAA.

Central Jersey Medical Center Runs Health Centers for Schools in Newark
Central Jersey Medical Center, a federally qualified health center that partners with public schools in Newark, New Jersey, is notifying an undisclosed number of people of a data breach related to an August ransomware attack. The incident is latest to hit a resourced-stretched healthcare provider.

Audit Issues, Policy Debt and Limited Project Scope Are Hampering Adoption
Microsegmentation has long been touted as the gold standard for restricting lateral movement by hackers. It helps lock down network traffic and reduces the blast radius of a breach. Vendors say it's transformative, but if you walk into most large enterprises, you'll will find it half-implemented.

CISA Argues None of 54 Fired Workers Fall Under Union Protections
The Cybersecurity and Infrastructure Security Agency told a federal court it complied with an injunction blocking shutdown-related layoffs by sending reduction-in-force notices only to non-union staff within a unit vital to coordination with state, local and private-sector defenders.

OTsec India Steering Committee Discuss Cyberthreats, Compliance and Innovation
Featuring some of the most prominent voices in Indian operational technology cybersecurity, the steering committee for the inaugural OTsec India Summit shares insights on a range of topics including OT threats, regulatory imperatives and the latest innovations.

Learn the Business, Be Intentional, Find a Mentor and Build Non-Technical Skills
New to cybersecurity? Start by learning how organizations work - their people, processes and priorities - before diving deep into technical stacks. Understanding how to translate technical findings into business risk differentiates a professional from a technician.

DOJ: Suspects Hit 5 Firms, Including 3 in Healthcare, Netted $1.3M in Ransom Money
Three former employees of two cybersecurity firms stand accused of using BlackCat ransomware in a conspiracy to extort five U.S. companies, including three in the healthcare sector. One of the victim companies paid nearly $1.3 million to the attackers, U.S. federal prosecutors said.

DHS Plans to Expand SAVE Database Use to Raise Privacy, Accuracy, Security Concerns
A Department of Homeland Security move to broaden an immigration verification database into a voter verification tool could expose sensitive information to security threats. Critics caution it accelerates a pattern of data being repurposed by the Trump administration for surveillance.

Chinese Hackers Target European Diplomats With LNK File Flaw
Chinese nation-state hackers are exploiting a Windows vulnerability to hack European diplomatic outposts, say security researchers - but operating system giant Microsoft says the flaw doesn't merit a patch. Hackers used a flaw already compromised by North Korea and Russia.

Funding Round Led by Goldman Sachs Boosts Valuation to $6.1 Billion
Another cybersecurity vendor is planning to dive into the still waters of an initial public offering. Cyber exposure management firm Armis dipped its toe in the market Wednesday, announcing a pre-IPO funding round of $435 million that boosted the company's valuation to $6.1 billion.

Google Details How Attackers Could Use LLMs to Mutate Scripts
Malware authors are experimenting with a new breed of artificial intelligence-driven attacks, with code that could potentially rewrite itself as it runs. Large language models are allowing hackers to generate, modify and execute commands on demand, instead of relying on static payloads

German Payment Processor Insiders Accused of Laundering Fake Subscription Proceeds
Police have arrested 18 suspects as part of a global crackdown targeting fraud and money laundering networks tied to the theft of $345 million by using 4.3 million cardholders' stolen data to sign them up to fake dating, pornography or streaming sites that billed monthly.

AI's Impact on Productivity and Employment Demands Proactive Policy Action
The future of work is no longer speculative, it is already being coded. From automated writing assistants to robotic warehouse employees, artificial intelligence is entering every part of the modern workforce faster than regulations or social frameworks can adapt.

Joint Platform to Offer Human-Led, Automated Application Security in One Place
Bugcrowd acquired Mayhem Security to integrate automated application testing with human-led testing capabilities. The company plans to embed Pittsburgh-based Mayhem's reinforcement learning tech and AI models into its broader platform to speed up vulnerability detection.

Largest Breach of 2025 Hits 10.5M People, Multiple Insurers, State Agencies
Proposed federal class action litigation and various investigations are piling up against Conduent Business Solutions following its recent public disclosure that an October 2024 hacking incident potentially compromised personal and health information of more than 10.5 million people.

Officials Say Major Staffing Cuts and Furloughs Undercut Response to F5 Cyberattack
Current and former federal officials tell Information Security Media Group furloughs and leadership gaps across the federal cyber ecosystem have hindered the U.S. government's ability to coordinate response efforts after a nation-state actor exploited flaws in F5’s BIG-IP systems amid the shutdown.