BankInfoSecurity.com

Also: SudamericaData Leak, RaccoonO365 Arrest and Nefilim Conspirator Pleads Guilty
This week: Spotify metadata scraped, Nissan disclosed third-party breach, millions of Argentines exposed to data leak, African police arrested hundreds in a cybercrime sweep, Nigeria nabbed a phishing operator, the U.S. DOJ charged ATM jackpotting ring and Nefilim ransomware affiliate pleaded guilty.

Job Seekers Need to Demonstrate Good Judgement and Trust - Not Just Skills
Cybersecurity job interviews function much more like risk assessments. Hiring managers are not searching for perfection. They are working to reduce uncertainty about how someone will think, decide and behave when systems fail, pressure mounts and information is incomplete.

Third-party security threats remain one of the most critical risks facing the healthcare sector. But now the increasing use of artificial intelligence by vendors adds a new layer of third-party concerns, said independent consultant Rick Doten, former healthplan CISO at Centene Corp.

Experts Predict AI-Driven Scams Will Soon Outpace Human-Led Tactics
Despite $442 billion in scam losses across 42 countries last year, 73% of people still believe they can recognize scams. Jorij Abraham, managing director of the Global Anti-Scam Alliance, reveals why this confidence gap is costing billions and what fraud practitioners should expect in 2026.

New Report Says DOE Cyber and AI Governance Is Lagging Behind Rapid Deployment
An inspector general report warns the Department of Energy's rapid expansion of artificial intelligence and decentralized cybersecurity controls has outpaced governance, limiting enterprise visibility and exposing critical infrastructure to persistent threats from state-backed and criminal actors.

International Coalition Highlights Security Risks in OT’s Rush to AI
Hurriedly integrating AI into industrial systems isn't the wisest idea, the U.S. Cybersecurity and Infrastructure Security Agency and its domestic and international partners warned earlier this month. "We don't want [operators] treating AI like a magical black box," explained a CISA official.

Acquisition Streamlines Security Operations From Asset Discovery to Remediation
AI software company ServiceNow has entered into an agreement to buy cyber exposure management and security company Armis for $7.75 billion in cash. The deal will bolster ServiceNow's cybersecurity offerings at a time when many larger technology vendors are choosing to expand their security portfolios.

Healthcare data breaches are becoming more frequent but smaller in scale, targeting smaller entities and high-value credentials and records - and AI is reshaping both the attack landscape and fraud patterns, said Jim Van Dyke, senior principal of innovation at TransUnion.

Full Scope of Clop Ransomware Group's Oracle E-Business Suite Hits Still Emerging
The University of Phoenix is notifying 3.5 million individuals that their personal information was compromised in a data breach. The theft traces to the Clop ransomware group's supply-chain campaign against users of Oracle E-Business Suite, in which it wield two zero-day vulnerabilities.

AI Firm Discovers New Prompt Injection Attack Class
OpenAI faces a years-long battle to secure its ChatGPT Atlas web browser against prompt injection attacks, a threat the company says will require continuous defense strengthening much like the arms race against online scams targeting humans.

Preparing a healthcare workforce to responsibly engage with AI tools without over relying on automation or undermining human oversight will require awareness training akin to phishing exercises, said Skip Sorrels, field CTO and CISO at security firm Claroty.

Browser Tools Capture Chatbot Data, Sell to Data Broker: Koi Security
A browser extension promising a free clientless VPN for Chrome users has been harvesting conversations from artificial intelligence chatbot platforms and selling the data to third-party brokers. The data collection operates independently of the VPN functionality itself.

Report: China, Russia Exploiting US Cyber Policy Gaps to Gain Strategic Advantage
A new McCrary Institute report urges Washington to adopt a more offensive cyber strategy, warning that the current reactive approach leaves the U.S. unable to counter China and Russia’s persistent campaigns to gain asymmetric leverage in cyberspace.

Scans Count 117,000 Unpatched Firewalls Running Vulnerable Version of Fireware OS
Attackers are actively attempting to exploit a now patched, zero-day vulnerability in WatchGuard Firebox firewalls, tracked as CVE-2025-14733, that can be used to remotely execute code. Scans show that over 115,000 of these edge devices remain internet-connected, unpatched and at risk.

Smart eyewear such as Meta-AI Ray Ban glasses - which sport microphones, cameras and can connect to artificial intelligence - pose emerging patient privacy and other risks especially when worn in healthcare settings, said Garrett Zickgraf of consulting firm LBMC.