DataBreachToday.com

Credential Stuffing Breaches Affected Nearly 200,000 Warby Parker Customers
Federal regulators have levied a $1.5 million HIPAA civil monetary penalty against eyeglass maker and retailer Warby Parker over credential stuffing hacks that affected about 200,000 people. The HIPAA enforcement action is the first disclosed in the second Trump administration.

EIT Oxford's Dr. Laura Gilbert on AI Accountability and Responsible AI Adoption
AI adoption demands a balance between ethics, regulation and compliance. Dr. Laura Gilbert, head of AI for government at EIT Oxford and Tony Blair Institute for Global Change, and AI expert advisor for the British government, discusses how AI can enhance decision-making in public and private sectors.

Both Ransomware Operations Remain Active and Pose a Threat, Experts Warn
Ransomware business moves: Attacks tied to BlackLock have been surging, likely bolstered by the group's custom-built malware, while the long-running Black Basta operation remains a threat, even as it looks set to disband due to core members facing "fatigue," report cybercrime experts.

Demand for Cloud Security Skills Is Growing, Offering Good Pay and New Challenges
Cloud services support a wide range of applications from finance to healthcare systems and have become prime targets for cybercriminals, making cloud security a major concern for cybersecurity organizations. The need to secure the cloud is driving demand for skilled cloud security specialists.

New Pentagon CISO Appointed as Pentagon Budget Cuts Loom
The White House appointed a Trump ally and former Department of Defense cybersecurity official as DOD CISO, an unexpected return to the Pentagon for an official previously removed under a cloud of security concerns. Arrington returns to the Pentagon just as it faces budget cuts.

DOJ Says Contractor Falsely Claimed to Meet Critical Cyber Requirements
A military health benefits administrator has agreed to pay $11.2 million to settle allegations that the company falsely certified compliance with cybersecurity requirements - including patch management - for three years in a contract with the U.S. Department of Defense.

Regulators Cite Privacy Concerns Over DeepSeek's Data Collection Practices
The Personal Information Protection Commission, South Korea's data protection regulator, has directed Chinese artificial intelligence company DeepSeek AI to withdraw its chatbot application from official app stores pending an inquiry into the chatbot's compliance with data protection rules.

Private Equity Firm Says It'll Take Several Weeks to Pinpoint Scope of Jan. 16 Hack
An unauthorized third-party accessed certain information systems last month from Insight Partners through a sophisticated social engineering attack. Insight said it'll take the next several weeks to determine the scope of the Jan. 16 incident with the support of third-party cybersecurity experts.

Thinking Machines Lab Looks to Build Multimodal, Safe AI
Former OpenAI CTO Mira Murati launched a new artificial intelligence startup with an aim to bridge the gap between rapidly advancing AI technologies and the public's understanding of them. The startup is an attempt to create AI systems that can adapt to individual user needs.

Tokenization Goes Beyond Fraud Prevention, Boosting Profits and Customer Experience
Fighting fraud is a compelling reason for network tokenization. But the business case now goes well beyond security. Tokenization can also boost authorization rates and drive sales, ultimately improving merchants' bottom lines - if card issuers can overcome the hurdles to implement it.

Mustang Panda Uses MAVInject to Evade Antivirus Detection
A Chinese state-sponsored hacking group is abusing a legitimate Microsoft tool to evade security and install backdoors on government systems in the Asia-Pacific region. The threat actor uses MAVInject.exe to inject malware into waitfor.exe.

Google Expects Tactics to Spread; Global Targets and Other Services at Risk
Russian nation-state hackers are using phishing attacks to target Ukrainian users of the chat app Signal, say security researchers. Rather than circumventing Signal's end-to-end encryption via a cryptographic attack, attackers use malicious prompting to prod victims into exposing messages.

Researcher Says Firm Failed to Secure Sensitive Health Data From Survey Forms
An unsecured database containing 2 terabytes of data allegedly exposed more than 1.6 million clinical research records to the internet, including sensitive personal and medical information of patients, said the security researcher who discovered the lapse. Why does this keep happening?

'Marstech1' Malware Targets Developers Through GitHub Repository
New North Korean malware is targeting crypto wallets with an unconventional command-and-control infrastructure and through malware embedded into a GitHub repository that's apparently the account of a Pyongyang hacker. The implant appears to have emerged late last December.