DataBreachToday.com

Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System Compromise
Attackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.

CISOs Grapple With AI Blind Spots, Excessive Permissions and Governance Issues
Machine identities continue to multiply as organizations push automation, cloud services and AI-driven initiatives deeper into core operations. This rapid growth creates new vulnerabilities, especially when non-human identities lack governance or are completely invisible to security teams.

Also: $7M Saga and $5M Makina Finance Exploits
This week, South Korea dismantled a $102 million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win ethereum transaction auctions for free.

Also, CIRO Phishing Breach, Ingram Micro Ransomware and CVE Surge
This week, DOGE posted sensitive data on an outside server. A phishing attack affected 750,000 Canadians. A hacktivism warning from the U.K. NCSC. An Ingram Micro breach. CVEs surged in 2025. SK Telecom challenged a fine. Researchers disclosed Chainlit flaws. North Korean hackers abused VS Code.

Corporate Hiring Practices Risk Shutting Down the Talent Supply Line
In cybersecurity hiring, many organizations have quietly removed entry-level jobs from the workforce altogether. While it may meet immediate corporate goals to hire more experienced practitioners, these extremely limited on ramps for cybersecurity jobs risk cutting off the talent pipeline.

More Dry Powder Will Help Cloud Security Sweepstakes Against Palo, CrowdStrike, Wiz
Upwind is in talks with Bessemer Venture Partners and Picture Capital to raise more than $250 million at a valuation of $1.2 billion to $1.5 billion, Calcalist reported. Upwind in December 2024 closed a $100 million Series A round and tripled its valuation over the prior 15 months to $900 million.

Nearly $270M Cut From CISA Despite Mounting Foreign Cyberthreats
Congress is proposing cuts of nearly $270 million from the Cybersecurity and Infrastructure Security Agency's budget for fiscal year 2026, reducing funding for threat hunting and vulnerability management as officials warn foreign adversaries are escalating cyber operations targeting U.S. systems.

Breach Affected More Than a Dozen Healthcare Clients, 2.5M Patients
Electronic health records vendor Veradigm agreed to pay $10.5 million to settle consolidated class action litigation involving a December 2024 hacking incident discovered in mid-2025 that affected more than a dozen healthcare provider clients and about 2.5 million of their patients.

Decentralization and Sprawl Complicate University IT Programs
Several Ivy League universities - including Harvard and Princeton - experienced hacks in 2025 through unpatched enterprise software and sophisticated social engineering campaigns, showing that even the nation's wealthiest universities are vulnerable.

Acting Director Says Agency Has Stabilized After Major Staff Losses Throughout 2025
After a year of internal upheaval and budget strain, CISA's acting director told Congress the agency is now stabilized and will launch targeted 2026 initiatives, even as lawmakers weigh steep funding cuts that could limit its cyber defense capabilities across federal networks.

IBM Survey Finds AI Strategy Now Hinges on Integration and Differentiation
The thriving enterprise of 2030 will be AI-first, not just AI-enabled, said IBM's latest Institute for Business Value. The company surveyed more than 2,000 C-suite executives in the second half of 2025. The results paint a picture of the future of digital transformation dominated by AI technology.

Berlin Readies Legislation Authorizing More Aggressive Stance in Cyberspace
Germany wants to drastically step up defenses against cyberattacks from foes such as Russia, China, Iran and North Korea, and it's looking to key ally Israel for lessons and cooperation.

CEO Nadav Zafrir Discusses Lakera and Veriti Buys, Wiz Pact and AI Strategy Shift
Check Point Software is doubling down on AI security through the acquisitions of Lakera and Veriti and platform integration with Wiz. CEO Nadav Zafrir explains how the firm is shifting from point products to a holistic approach and why it's investing heavily to stay ahead in the AI security race.

State Monitoring Incident Involving a Health Entity Worker for Potential Fraud
The Minnesota Department of Human Services is notifying nearly 304,000 people of data breach involving someone at a healthcare provider who inappropriately accessed information from an IT system managed by a vendor. State officials are monitoring the incident for potential fraud.

Findings From WEF's 2026 Report Show Shifting Cyber Priorities as AI Reshapes Risk
Cyber-enabled fraud has overtaken ransomware as the top cybersecurity concern for CEOs heading into 2026, according to the World Economic Forum's Global Cybersecurity Outlook 2026, released ahead of the Davos meeting. AI is a top emerging technology affecting both cyber risk and cyber defense.

Telegram-Based Marketplace Closes After Prince Group Founder's Arrest
Telegram marketplace Tudou Guarantee, which processed over $12 billion in fraud transactions, has ceased operations following the arrest of Prince Group chairman Chen Zhi, who was extradited to China in January. Elliptic said it was the third-largest illicit marketplace of all time.

Crackdown Targets Multiple Members of Cybercrime Group, Including 'Hash Crackers'
Police raided two suspected members of the notorious Black Basta ransomware group - tied to over 600 victims worldwide and many millions in ransom payments - in Ukraine and issued an international arrest warrant for the Russian national suspected of being the operation's founder and ringleader.

Feds Pushing HIPAA Regulated Entities to Bolster Security Risk Management
Federal regulators are advising regulated healthcare firms and their third-party vendors to harden systems, software and medical devices to better safeguard protected health information. Hardening is a necessary measure for protecting data privacy security - but also in protecting patient safety.