Ransomware DataBreachToday.com

AI Assistant Executes Hidden Commands Embedded in Docker Image Labels
A vulnerability in Docker's Ask Gordon AI assistant allows attackers to execute malicious commands by hiding them in the container application development platform's image metadata, said security researchers. Dubbed DockerDash, the vulnerability exploits a failure across Docker's AI execution chain.

Database Misconfiguration Exposed 1.5 million API Tokens
A misconfigured database at Moltbook, the viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 email addresses and private messages. Security researchers discovered unauthenticated read and write access to all platform data within days of launch.

Experts Advise Moving From Verifying Identities to Knowing Agent Intentions
Financial institutions are rushing to deploy AI agents capable of autonomously initiating transactions, approving payments and freezing accounts in real time. But AI agents are creating a "dual authentication crisis" that traditional security frameworks cannot address.

Terminated Employee Accused of Stealing 1 Million Patient Records
A former Nuance Communications IT worker is facing additional federal charges in an ongoing criminal case alleging he downloaded and stored on a personal hard drive with more than 1 million patient records of a Nuance client two days after he was terminated from his job in 2023.

Varonis CEO Yaki Faitelson Warns Misconfigured AI Is an Accident Waiting to Happen
Varonis has acquired AllTrue.ai to close visibility gaps in AI security. CEO Yaki Faitelson said enterprises are deploying AI agents that access vast datasets at high speed without understanding permissions identity context or abnormal behavior creating urgent demand for data-first AI security.

Also, Active Exploits Hit SolarWinds, Ivanti as APT28 Targets EU, Ukraine
This week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office. Russia's APT28 ramped up attacks in Ukraine, supply chain attacks, regulators probed major breaches and a U.S. judge sentenced the operator of a darkweb drug marketplace.

Global Cyber Alliance: as AI Fuels Cybercrime, Outcomes Keep Getting Worse
Security teams report stronger controls and broader collaboration each year. Yet cybercrime outcomes continue to worsen. Brian Cute of the Global Cyber Alliance says artificial intelligence-based attacks are tipping the scales against cyber defenders.

Terminated Employee Accused of Stealing 1M Patient Records
A former Nuance Communications IT worker is facing additional federal charges in an ongoing criminal case alleging he downloaded and stored on a personal hard drive with more than 1 million patient records of a Nuance client two days after he was terminated from his job in 2023.

As the compliance deadline quickly approaches for changes to align the federal rules for the confidentiality of substance use disorder records with HIPAA, entities that participate in so-called Part 2 programs still face critical unanswered questions, said attorney Aleksandra Vold of BakerHostetler.

Leaked Financial and Admissions Data Includes Contact Details for 'Top Donors'
Harvard University has been named as a victim and doxed by hack-and-leak group ShinyHunters, apparently as a result of the cybercrime group's ongoing "live phishing" attacks that often attempt to trick IT help desks into giving attackers direct access to a victim's network and cloud-based data.

Acquisition Adds Okta and Ping Coverage to Semperis' Identity Security Platform
Semperis has acquired MightyID to extend its identity-first security and cyber resilience strategy beyond Active Directory and Entra ID into Okta and Ping. CEO Mickey Bresman says the deal addresses customer demand for multi-identity provider protection backup recovery and migration.

Southern Connecticut State University CIO Tom Armstrong on Modernization Priorities
Like other schools, Southern Connecticut State University is under pressure to modernize legacy systems, strengthen security and adopt AI. CIO Tom Armstrong must balance expanding research ambitions, student expectations and operational efficiency in an increasingly complex risk environment.

Funding at $1B Valuation Targets AI-Driven Investigations and Compliance Tools
TRM Labs has secured $70 million in Series C funding led by Blockchain Capital reaching a $1 billion valuation. CEO Esteban Castano says the money will boost AI-powered investigations, compliance automation and intelligence as criminals use AI to scale cybercrime faster than defenders can respond.

Analysts Warn of Patchwork Federal Assurance Standards After Rollback
The White House rescinded two key software security policies requiring vendors to attest to secure development practices, citing excessive compliance burdens - but analysts warn the move risks weakening federal software assurance without strong, agency-level replacements.

Experts: Problems Are Frequent Weaknesses Across Healthcare Sector Entities
Security weaknesses in web-facing apps used at a large U.S. hospital could leave the facility's IT systems and sensitive patient information vulnerable to cyberattacks, found federal auditors. Those same problems also haunt many other healthcare entities, experts said.

San Francisco-Based Startup Eyes AI Adjacencies and Supply Chain Risk Reduction
Software supply chain security firm RapidFort has raised $42 million in Series A funding to expand sales operations and build out its platform. Founder and CEO Mehran Farimani says the company will focus on reducing developer lift while addressing emerging risks tied to AI-enabled workloads.

New Study Shows AI Agents Can't Work Without Humans in the Loop, But Give Them Time
AI agents are quickly moving from experimental demos to enterprise pilots, and they're already being used for tasks such as financial analysis, document review and drafting. But as AI gains momentum, one question goes largely unanswered: How can we measure the effectiveness of AI agents?

Hacked Infrastructure Delivered Chinese Nation-State Group's Backdoor, Experts Warn
The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors.

Social Media Network Faces Legal Barrage From France, United Kingdom and Spain
In the space of a few hours, French authorities raided X's office in Paris, the British privacy regulator opened an investigation into X and xAI, and Spanish Prime Minister Pedro Sánchez announced legal proposals that would criminalize algorithmic manipulation and amplification of illegal content.