BankInfoSecurity.com

Implantable brain devices introduce a new and significantly more complex class of cybersecurity risk and critical privacy concerns, compared with traditional medical devices, given the sensitivity of neural data, says Professor Kevin Fu of the Archimedes Center at Northeastern University.

Also: AI-Driven Deception, Cyber Deterrence and Resilience
In the latest weekly update, ISMG editors reflected on the accelerating use of AI in cyber deception in 2025, geopolitical tensions and nation-state threats, and a growing shift from prevention to resilience as attacks increasingly targeted critical infrastructure and exploited human trust.

Little Progress Made to Mandate Customer Reimbursement for Financial Scams
Financial scams and synthetic identity fraud showed no signs of slowing in 2025, as regulators focused on fraud prevention over reimbursement for victims. But some countries joined the United Kingdom in advancing new anti-scam measures that focus on prevention and industry accountability.

Healthcare sector mergers and acquisitions dramatically amplify cybersecurity and data privacy exposure for potential buyers and sellers, said attorney Jonian Rafti of law firm Proskauer. But there are critical steps entities can take to reduce those risks, he said.

AI is changing cybercrime in a big way. Autonomous AI agents could soon carry out entire attacks on their own -scanning servers, testing vulnerabilities, refining exploits and even launching phishing campaigns from start to finish, said David Sancho, senior threat researcher at Trend Micro.

Also: Trader Loses $50M in USDT in Address Poisoning Scam
This week, the U.K. FCA mapped a path to U.K. crypto regulation, iComTech promoter sentenced in Ponzi case, the U.S. SEC sought public company bans for former FTX and Alameda executives, a trader lost $50M in USDT in an address poisoning scam and a Brooklyn man indicted over $16M Coinbase phishing scam.

Also: SudamericaData Leak, RaccoonO365 Arrest and Nefilim Conspirator Pleads Guilty
This week: Spotify metadata scraped, Nissan disclosed third-party breach, millions of Argentines exposed to data leak, African police arrested hundreds in a cybercrime sweep, Nigeria nabbed a phishing operator, the U.S. DOJ charged ATM jackpotting ring and Nefilim ransomware affiliate pleaded guilty.

Job Seekers Need to Demonstrate Good Judgement and Trust - Not Just Skills
Cybersecurity job interviews function much more like risk assessments. Hiring managers are not searching for perfection. They are working to reduce uncertainty about how someone will think, decide and behave when systems fail, pressure mounts and information is incomplete.

Third-party security threats remain one of the most critical risks facing the healthcare sector. But now the increasing use of artificial intelligence by vendors adds a new layer of third-party concerns, said independent consultant Rick Doten, former healthplan CISO at Centene Corp.

Experts Predict AI-Driven Scams Will Soon Outpace Human-Led Tactics
Despite $442 billion in scam losses across 42 countries last year, 73% of people still believe they can recognize scams. Jorij Abraham, managing director of the Global Anti-Scam Alliance, reveals why this confidence gap is costing billions and what fraud practitioners should expect in 2026.

New Report Says DOE Cyber and AI Governance Is Lagging Behind Rapid Deployment
An inspector general report warns the Department of Energy's rapid expansion of artificial intelligence and decentralized cybersecurity controls has outpaced governance, limiting enterprise visibility and exposing critical infrastructure to persistent threats from state-backed and criminal actors.

International Coalition Highlights Security Risks in OT’s Rush to AI
Hurriedly integrating AI into industrial systems isn't the wisest idea, the U.S. Cybersecurity and Infrastructure Security Agency and its domestic and international partners warned earlier this month. "We don't want [operators] treating AI like a magical black box," explained a CISA official.

Acquisition Streamlines Security Operations From Asset Discovery to Remediation
AI software company ServiceNow has entered into an agreement to buy cyber exposure management and security company Armis for $7.75 billion in cash. The deal will bolster ServiceNow's cybersecurity offerings at a time when many larger technology vendors are choosing to expand their security portfolios.

Healthcare data breaches are becoming more frequent but smaller in scale, targeting smaller entities and high-value credentials and records - and AI is reshaping both the attack landscape and fraud patterns, said Jim Van Dyke, senior principal of innovation at TransUnion.

Full Scope of Clop Ransomware Group's Oracle E-Business Suite Hits Still Emerging
The University of Phoenix is notifying 3.5 million individuals that their personal information was compromised in a data breach. The theft traces to the Clop ransomware group's supply-chain campaign against users of Oracle E-Business Suite, in which it wield two zero-day vulnerabilities.

AI Firm Discovers New Prompt Injection Attack Class
OpenAI faces a years-long battle to secure its ChatGPT Atlas web browser against prompt injection attacks, a threat the company says will require continuous defense strengthening much like the arms race against online scams targeting humans.

Preparing a healthcare workforce to responsibly engage with AI tools without over relying on automation or undermining human oversight will require awareness training akin to phishing exercises, said Skip Sorrels, field CTO and CISO at security firm Claroty.