BankInfoSecurity.com

Vendor Combines AI Attack Agents, Human Experts to Simulate Real-World Cyberattacks
Offensive security startup Armadin secured nearly $190 million in funding to expand a platform that uses AI agents to automate red-team operations. The technology enables companies to continuously test defenses and uncover attack paths that traditional consulting engagements often miss.

Segmentation Mandates Make One-Way Data-Flow Architectures Essential
Data diodes are re-emerging as a preferred control as IT-OT convergence expands the industrial attack surface and regulators tighten segmentation mandates. Hardware-enforced, one-way data flow offers provable isolation for critical infrastructure and growing executive accountability.

Many healthcare sector organizations are delaying to even begin contemplating - let alone strategizing - how to mitigate post-quantum risk - but procrastination is a major mistake, said Ali Youssef, director of emerging tech security, at Henry Ford Health.

To help strengthen the health ecosystem's overall incident response preparedness, the Health Sector Coordinating Council in coordination with the Health Information Sharing and Analysis Center will in July host a first-ever nationwide virtual cyber exercise, said Greg Garcia, of the HSCC.

CRM-Obsessed ShinyHunters Gang Exploits Misconfigured Customer Experience Portals
A prolific and noisy cybercrime gang with a penchant for stealing Salesforce customers' data and holding it ransom is taking advantage of misconfigured guest accounts meant to provide public access to services meant to remain private, using a Google scanning tool to identify vulnerable accounts.

Gartner's Apeksha Kaushik on Why Detection Alone Can't Stop ID Impersonation
Organizations facing deepfake-driven impersonation attacks must move beyond traditional detection strategies and build stronger identity resilience. Security leaders should adopt layered defenses that combine detection, prevention and broader risk signals to disrupt attackers.

Startup Exits Stealth Targeting Insider Risk, Shadow AI and GenAI Data Exposure
Cybersecurity startup Jazz has raised $61 million with an AI-driven approach to data loss prevention. Its platform deploys agent investigators that analyze data context, users, systems and processes to detect insider threats and risky AI usage more accurately than legacy rule-based tools.

Why SOCs Must Move Beyond Alerts and Adopt Identity-Aware Defense Models Today
Security operations centers are overwhelmed by alerts, fragmented identity data and tool sprawl. As identity-based attacks rise, CISOs are shifting toward identity-aware detection, automation and outcome-driven security operations to reduce risk and improve resilience across hybrid environments.

How Silos Drain Time, Money and AI Value Across Modern Enterprises
Silos are draining organizations more than leaders realize. From duplicated work and stalled decisions to fragmented AI adoption and shadow tools, internal barriers are eroding productivity and digital transformation. The cost is measurable and preventable for those willing to act.

Healthcare CISOs and their teams often contemplate the benefits of going passwordless in their organizations but face pushback from clinicians concerned that the new tech will slow down their access to critical patient care systems or disrupt their workflow.

Similar Fraud Rates Across Documents Reveal Weaknesses in Verification Workflows
One in 16 documents processed across financial institutions last year showed signs of manipulation, fabrication or misrepresentation. Most fraud teams want better document detection and tighter review queues. But financial institutions may be looking in the wrong place.

Top European Court Advisor Says Policy Should Be 'Refund Now, Sue Later'
Banks must promptly refund phishing victims when the scams lead to unauthorized transactions, an advisor to the European Union’s top court has said. The case in question involves an unnamed Polish woman who got duped on an online auction platform.

Company Says Limits Triggered Federal Retaliation, Which Violate Free Speech Rights
AI developer Anthropic sued the U.S. government alleging retaliation after it refused to allow its Claude models to support lethal autonomous warfare or mass surveillance of Americans. The suit claims federal agencies unlawfully banned the firm's technology and labeled it a national security risk.

AI Shutdown Risk Exposes Governance Gaps and Vendor Dependency Concerns
The federal government's recent decision to designate Anthropic, maker of the Claude AI platform, as a "supply-chain risk" should raise alarm bells for technology leaders who are tasked with embedding AI systems across the enterprise. Going all-in with a single AI vendor can be risky.

HIPAA Settlement Small Compared to Many Others
U.S. federal regulators fined a dental practice software vendor with a seemingly lowball financial penalty for a high-stakes 2020 hack affecting 15 million individuals that the company failed to report. Maryland-based MMG Fusion agreed to $10,000.

Researchers Tie UAT-9244 Intrusion to Famous Sparrow and Tropic Trooper
A China-linked cyberespionage group has been targeting telecommunications providers in South America since 2024 using a set of newly discovered malware tools designed to maintain persistent access to critical communications infrastructure, Cisco Talos researchers found.

Vendors Cite Global Teams as Iran War Raises Travel Questions From Israel
Several Israeli cybersecurity firms say they still plan to attend RSAC 2026 despite the Iran war. Companies including Orca Security, Check Point, Cyera and Radware say their global workforce structure allows them to maintain conference participation even if travel from Israel remains difficult.

Trump Signs Executive Order and Publishes Cyberspace Strategy
U.S. President Donald Trump signed Friday afternoon an executive order directing federal prosecutors, cyber defense officials and diplomats to ramp up efforts to combat cybercriminal gangs. Trump signed the order in tandem with publishing a five-page cybersecurity strategy.