Ransomware DataBreachToday.com

As uncertainty mounts about the range of cyber resources the federal government will continue to offer healthcare and other critical infrastructure sectors during the Trump administration, states will need to step up their support, said Mike Hamilton, field CISO of cybersecurity firm Lumifi Cyber.

Largest Security Deal Ever Aims to Boost AI-Driven Multi-Cloud Solutions
Google Cloud plans to acquire cloud security leader Wiz for $32 billion, integrating its AI-powered security capabilities to better protect companies across multiple cloud environments. The deal reinforces protections across multi-cloud environments, including AWS, Microsoft Azure and Google Cloud.

Researchers Detail AI's Fabricated Facts in Healthcare, Discuss Solutions
Hallucinations in artificial intelligence foundation models are pushing healthcare professionals and technologists to rethink how practitioners can safely use AI. Hallucinated lab result or an erroneous diagnostic recommendation could lead to harmful interventions or missed treatments.

Doppelganger Unsuccessfully Attempted to Distort Election, UK Minister Said
A Russian government-directed foreign influence campaign unsuccessfully attempted to disrupt the 2024 U.K. elections, a British security minister told a parliamentary committee. The government identified disinformation networks linked to Russian influence campaign widely tracked as Doppelganger.

Agency Official Says Ex-DOGE Staffer's Data Breach Violated Security Policy
An ex-Department of Government Efficiency staffer violated Treasury rules by sending unencrypted personal data to two senior Trump administration officials without approval, raising concerns about the task force’s apparent disregard for or lack of knowledge about critical data security policies.

Agency Places Probationary Employees on Administrative Leave Pending Court Decision
The Cybersecurity and Infrastructure Security Agency announced plans to rehire probationary employees that had been ousted amid an ongoing federal workforce purge, following a temporary court restraining order. Those employees will be immediately placed on administrative leave, a spokesperson said.

NetWitness Is RSA's 4th Divestiture Since STG Purchased the Identity Giant in 2020
Clearlake Capital and Symphony Technology Group offloaded another RSA business unit, selling threat detection, investigation and response vendor NetWitness to PartnerOne. PartnerOne said it'll help NetWitness boost its technology, fuel its capabilities and solidify its position as a market leader.

Ransomware Attack in 2023 Affected More Than 6 Million People
Indian IT services giant Infosys said its U.S. subsidiary Infosys McCamish Systems agreed to pay $17.5 million to settle six class action lawsuits related to a cybersecurity incident that compromised the personal information of more than 6 million people.

Regulators Say FIIG Lacked Basic Security Measures to Prevent 2023 Breach
The Australian financial regulator has filed a lawsuit against FIIG Securities Limited, accusing the leading investment and financing company of having inadequate cybersecurity controls to stop a threat actor from stealing the confidential personal information of 18,000 customers.

Over 23,000 Code Repositories at Risk After Malicious Code Added to GitHub Actions
Attackers subverted a widely used tool for software development environment GitHub, potentially allowing them to steal secrets from thousands of private code repositories as well as compromise other widely used "open source libraries, binaries and artifacts" that use the tool, experts warned.

Carnegie Mellon CERT's Dan Costa on Addressing Root Causes of Insider Risk
As layoffs and AI-driven workflows reshape workplace security, insider risk is becoming more complex. Dan Costa, technical manager for the CERT division at Carnegie Mellon University's Software Engineering Institute, outlines proactive strategies to manage insider risk effectively.

AI Giants Also Like 'Fair Use' Exemptions for Copyrighted Material
OpenAI and Google laid out visions for regulation in response to the Trump administration's AI Action Plan, which aims to help the United States maintain technological lead over China. Both companies want Biden-era export controls lightened.

CPA Says Clients' Employee Benefit Plan Information Compromised in 2024 Incident
A certified public accounting firm that provides services to labor unions, non-profits and other organizations for employee benefit plans is notifying nearly 217,000 people of a 2024 hack. The firm is already facing at least five proposed federal class action lawsuits related to the breach.

DeepSeek Comes Very Close to Producing a Keylogger and Ransomware
Security researchers used the Chinese DeepSeek-R1 artificial intelligence reasoning model to come close to developing ransomware variants and keyloggers with evasion capabilities. The model needs prompt engineering and its output requires code editing.

Investment to Scale Engineering, Expansion from Data Deletion to Threat Reduction
Executive digital protection firm 360 Privacy raised $36 million to expand its engineering team and boost its ability to remove sensitive data from brokers. The company is shifting from a data deletion focus to broader threat mitigation, tackling risks from digital tracking and location data leaks.

Texas Incident is Largest Breach Reported by a Health Plan So Far in 2025
A Texas-based insurance firm is notifying more than 335,500 people of a December hack involving their sensitive personal and health information. The breach affects many - but not all - of the company's policyholders, agents and insurance carrier partners in multiple states.

Restraining Order Allows Dismissed Cyber Defense Agency Employees to Return to Work
A temporary restraining order against the Trump administration's efforts to shrink the size of the federal workforce will allow thousands of probationary employees to return to work as experts warn the purge threatens national cybersecurity.

Threat Groups Are Mapping OT Networks for Future Targeting, Warns Dragos
A China-linked threat group called Voltzite is targeting operational technology systems at critical infrastructure organizations worldwide to steal network diagrams, OT operating instructions and information about geographic information systems, said cybersecurity firm Dragos.

IT Outages Are Affecting Patient Services, NC Practice Is 'Temporarily Closed'
A small North Carolina radiology practice and a 25-bed Pennsylvania hospital and are among the latest rural healthcare providers struggling to recover from recent cyberattacks that are disrupting their technology operations and affecting patient care services. How will this end up?