Ransomware DataBreachToday.com

Salesloft Says Hackers Broke Into Its GitHub Repository
Cybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft.

Observo Buy Gives Customers Real-Time SIEM Ingestion and Vendor-Agnostic Options
SentinelOne’s Observo AI buy gives customers a flexible, AI-powered data pipeline for faster detection and SIEM freedom. The acquisition bolsters its AI-native SIEM vision and offers a lower-cost, real-time alternative to traditional solutions such as Splunk.

From MechaHitler to Islamic Chatbots, AI Engines Are Writing the Script for Reality
AI sovereignty is the new data sovereignty, except now we’re arguing not just about who owns your data, but who gets to define reality. From MechaHitler to Islamic chatbots, AI is less about objective truth and more about who gets to write the script.

Suits Filed After Researcher Found 1 Million Patient Records With No Password Setup
An Ohio firm that assists individuals in obtaining physician-certified medical marijuana cards is facing at least six proposed federal class action lawsuits so far involving the recent discovery by a security researcher of a database exposing nearly one million sensitive patient records on the web.

White House Kick Off School Year With AI Education Efforts, Public-Private Collabs
The Trump administration is rolling out its Presidential Artificial Intelligence Challenge with a series of high-profile White House events and public-private sector commitments - just as the Federal Trade Commission reportedly prepares to investigate AI systems' impact on child mental health.

Also: Software Supply Chain Risks, Cato's AI Security Buy
In this week's update, four ISMG editors discussed the Pentagon's review of Microsoft's use of Chinese nationals on U.S. military cloud systems, renewed concerns over software supply chain risks and Cato Networks' first-ever acquisition to boost AI security.

Series E Funding at $2B Valuation Fuels Fraud Defense, Identity Tech Buildout
Washington D.C.-area identity verification provider ID.me has raised $340 million to develop fraud-fighting technology and prepare for long-term expansion. The investment supports product innovation to stop AI threats such as deepfakes and fake businesses.

HexStrike-AI Connects LLMs to Over 150 Existing Security Tools
A red-team framework released for penetration testing has become a weapon in the wild, repurposed by hackers to accelerate exploitation of newly disclosed Citrix vulnerabilities. Check Point Research observed chatter suggesting n-day attacks may unfold in minutes, shrinking defender response time.

Also, Disney Pays $10M to Settle Child Privacy Case, Spain Scraps Huawei Deal
This week, Jaguar hack, Disney settled a child privacy case, Texas sued PowerSchool and federal prosecutors sued a toy maker. Spain voided a Huawei contract, Pennsylvania AG confirmed a ransomware attack. U.S. immigration enforcement resumed a spyware contract and Baltimore lost $1.5 million to BEC.

Startup to Expand Dual-Use Tech, Tackle GPS Jamming Threats With Series C Funding
With a $75 million Series C raise, Shift5 plans to scale its operational intelligence platform across military and commercial transportation. Its focus includes enhanced threat detection, predictive maintenance and data-driven safety measures amid rising cyberthreats to infrastructure.

Feds Ramp Up Enforcement of 21st Cures Act Regs Including Fines up to $1 Million
The Department of Health and Human Services says it's "cracking down" on healthcare providers, health IT developers and health information networks that "block" the exchange, access and use of patients' electronic health data. Info blocking regulations have been on the books for years, so why now?

ACI Worldwide's Cleber Martins on Why Banks Need to Lead on AI Identity Governance
The rise of agentic commerce is forcing the financial sector to reconsider traditional fraud controls. Automated transactions may follow all technical authorizations, but agentic AI tools lack an understanding of user intent. That disconnect could lead to a surge in first-party fraud.

Structured Approach to Mitigate Vulnerabilities and Risks in Synthetic Biology Labs
Advances in synthetic biology promise breakthroughs, such as engineered bacteria and microbes for pollution cleanup and medicine production. But this promise brings new risks: cyberthreats that intersect with biosecurity. Threat modeling provides a critical framework to anticipate these risks.

Elevate OT Cyber Skills Through Training, Collaboration and Practice
Operational technology incidents can have physical as well as digital consequences, from halting plant production to endangering lives. Training tailored to OT security is essential for protecting critical systems while maintaining operational continuity.

Claude Creators Ride Wave of AI Momentum With Updated Valuation
Anthropic raised $13 billion in fresh capital, bringing its post-money valuation to $183 billion. A Series F round was co-led by Iconiq, Fidelity Management & Research Company and Lightspeed Venture Partners, with participation from a slew of institutional investors and sovereign wealth funds.

Intel Chief Tulsi Gabbard Will Ax a Cyberthreat Sharing Hub, Citing Redundancy
Director of National Intelligence Tulsi Gabbard said the decision to eliminate the Cyber Threat Intelligence Integration Center was meant to remove redundancies and save taxpayer money, though analysts warn the move could leave a major gap in federal threat information sharing.

The EU General Court Gives Victory to Backers of Trans-Atlantic Data Flows
The European Union General Court on Wednesday dismissed a plea by a French politician to annul the legal framework underpinning commercial data flows across the Atlantic, rejecting claims that a U.S. intelligence agency oversight body is not independent of the federal government.

Ransomware Gang Nova Poised to Leak Patient Data, Lab Stays Mum on Negotiations
With ransomware gang Nova threatening to leak patient data on the darkweb, a Dutch laboratory that performs cervical cancer tests for a government screening program is mum about the ransom negotiations, but it says the cyberattack in July has affected 941,000 patients.

Company Says No Evidence of Customer Data Exfiltration
British carmaker Jaguar Land Rover shut down its Liverpool assembly line Tuesday following a cyberattack. "At this stage, there is no evidence any customer data has been stolen, but our retail and production activities have been severely disrupted," the company said.

Acquisition Targets Business Email Compromise, Impersonation and Spear-Phishing
Varonis has acquired SlashNext to strengthen detection of phishing and social engineering attacks. The integration will help prevent identity compromises via email, SMS and collaboration tools while enhancing Miami-based Varonis’ AI-driven data protection.