Ransomware DataBreachToday.com

Security Leaders Face Gaps, Not in Their Org Charts, But in Their Team's Skills
Concerns about the skills and capabilities of cybersecurity teams have for the first time overtaken worries about headcount and unfilled vacancies among CISOs, according to a new SANS survey.

Why Technical Leaders Are Walking Away and What We Can Do to Fix It
Leaders are expected to deliver results, yet often lack the authority to make key decisions. The article examines how this imbalance creates friction, undermines performance and turns accountability without authority into a persistent leadership challenge.

Defendant Is Also at Center of a Civil Class Action Against His Former Employer
A federal grand jury has indicted a former Maryland hospital pharmacist, alleging he "weaponized" tech tools - including keylogging - to steal credentials and spy on nearly 200 co-workers and other individuals over an eight-year period. The defendant is also the subject of a similar civil lawsuit.

Smaller Cybersecurity Partners Get Opus 4.7 But Not Anthropic's Highest-Risk Model
Anthropic’s Project Glasswing gives CrowdStrike, Palo Alto Networks and Zscaler privileged access to Claude Mythos Preview, while smaller cybersecurity partners such as SentinelOne and TrendAI can only integrate with Anthropic's generally available Opus 4.7 model.

Cybercrime Gang Claims to Have 108-Gbyte Trove of Insurer's Files, Folders
Ransomware gang Everest Group claims to have stolen more than 108 gigabytes of data- including policyholder details - belonging to insurer Liberty Mutual. The cybercrime group began leaking the company's alleged data on Monday afternoon, saying the insurer "failed" to respond to the gang's demands.

Guidance Warns Autonomous Systems Expand Enterprise Exposure
Federal and Five Eyes cyber agencies warn that agentic AI systems - capable of autonomous action across enterprise environments - are introducing identity, visibility and control risks that could outpace existing defenses without continuous monitoring, zero trust enforcement and human oversight.

Startup Acquisition Adds Centralized Policy Control Over Agent Communications
Palo Alto Networks plans to acquire Portkey to centralize AI agent communications through a gateway that enforces runtime security, identity controls and governance, addressing rising risks from autonomous agents with broad system access and fragmented enterprise visibility.

Zero Trust Is 'Essential' - But Who Pays for It?
New guidance from the U.S. Cybersecurity and Infrastructure Security Agency on adapting zero trust security principles for operational technology is fine as far as it goes, but is pretty high-level and ignores or fudges a couple of key questions, say executives and experts.

Also: Google’s $40B AI Bet, Insights From Google Next Conference
In this week's panel, four ISMG editors discussed North Korea's use of fake video meetings to fuel crypto fraud, Google's $40 billion investment in Anthropic and what it signals for the AI race, and key takeaways from Google Next in Las Vegas on enterprise AI adoption.

Flaw Finding Model Integrated into a Slew of Cybersecurity Platforms
Claude artificial intelligence maker Anthropic announced Thursday wider availability of a model it described as its second-most powerful model for finding and patching software flaws. Anthropic is making Claude Security available as a "public beta" for enterprise customers.

Combined Platform Spans Dependencies, Extensions, Developer Tools
Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows.

Bipartisan Deal Funds DHS Components After Record 75-Day Shutdown
The House passed a bipartisan bill funding the Department of Homeland Security, ending a 75-day shutdown that forced the Cybersecurity and Infrastructure Security Agency into a reactive posture and disrupted preventive cyber operations, even as workforce losses and proposed cuts threaten long-term resilience.

Tightening Budgets and AI-Enabled Attacks Stretch State Cyber Defenses
State CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data.

Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE Flaw
This week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation targets Tibet. Exploited ScreenConnect and Windows flaws raise alarms. Minecraft gamers hit with stealer malware. A critical AI framework bug enables remote code execution.

Goal Is for Faster, Better Treatment Innovation, Drug Therapies
The U.S. Food and Drug Administration is planning to launch a pilot program aimed at advancing real-time clinical trials through the use of artificial intelligence tools and data science. The goal is to accelerate the development of promising new drugs, which often end up slowed down in bottlenecks.

Elon Musk's Lawsuit Threatens a $852B AI Empire
Elon Musk took the stand this week in a lawsuit that could unwind OpenAI's corporate structure, derail its IPO bid and transform the artificial intelligence landscape. The stakes are high for enterprise customers that bet on OpenAI's technology platform.

Federal Charges Target Recruiters, Managers in Scam Centers After Global Takedown
U.S. and international law enforcement agencies dismantled a network of overseas scam centers linked to cryptocurrency investment fraud schemes, officials said Wednesday, arresting at least 276 individuals in a crackdown across the Middle East and Southeast Asia.

Fabrix Security Buy Adds Real-Time Decisioning for Human and Machine Identities
Silverfort's acquisition of Israeli startup Fabrix Security adds AI-driven, real-time access decisioning built on a contextual knowledge graph, aiming to replace static policies and scale identity security for human, machine and agentic identities operating at machine speed.