DataBreachToday.com

Critical Vulnerability in Drivers Affects Multiple Canon Printers
The office printer could mete out more than ordinary frustration now that researchers discovered a vulnerability in drivers for Canon printer enabling attackers to execute arbitrary code. The flaw is an out-of-bounds vulnerability in Enhanced Metafile Recode processing.

Customer Credentials Possibly Compromised at EHR Vendor Acquired by Oracle in 2022
Oracle is dealing with a hacking incident involving legacy patient data of Cerner electronic health record customers. Oracle, which acquired Cerner in 2022, is reportedly telling clients the hack involved compromised credentials for systems scheduled to migrate to the cloud.

Letter to Bankruptcy Trustee Says 23andMe's Privacy Promises Must Carry Over
The Federal Trade Commission has sent a letter to 23andMe's bankruptcy trustees saying that any sale of the genetic testing firm or its assets will be subject to the company's previous pledges to consumers involving the privacy and security of their sensitive information and biological samples.

Hackers Claim on BreachForums to Have Stolen 'Highly Sensitive' Data
Israeli cybersecurity firm Check Point rejected Monday a hackers' assertion that he stole "highly sensitive" information offered for sale on an online marketplace for illicit data. The incident "doesn’t pose and risk or has any security implications to our customers or employees."

New Turing Institute Report Urges Government to Create AI Crime Task Force
British law enforcement agencies are ill-equipped to tackle artificial intelligence-enabled cybercrime, a report by The Alan Turing Institute says, pointing to an "enormous gap" between police technical capabilities and the growing sophistication of threat actors.

Jason Costain on Ways Traditional and Digital Banks Could Learn from Each Other
Digital-only banks promise speed and sleek digital experiences but are not the best places to handle scam victims. Without branches to visit, victims find themselves stuck in a loop of chatbots, said Jason Costain, former head of fraud analytics and threat management at NatWest Group.

Private Details of Top Trump Officials Found Online Amid Growing Security Scandal
Private contact details of top Trump officials, including their phone numbers, emails and even some passwords, have been leaked online through commercial databases and hacked data dumps, raising security concerns over potential foreign access to Cabinet members' private accounts and communications.

Palo Alto Networks CTO Nir Zuk predicts Google's security push through its $32 billion buy of Wiz won't succeed, as customers are reluctant to buy multi-cloud tools from cloud vendors. Zuk details how adversaries use LLMs at scale and how Palo Alto is unifying SOC tools under its Cortex platform.

C-Suite Strategies for AI Risk Management, Data Protection
Shadow artificial intelligence has shifted from being an outlier to a workplace staple, bringing risks of data breaches, regulatory violations and expanded attack surface on corporate networks. Shadow AI doesn't just introduce unapproved software: it consumes corporate data to function.

Incident Spotted in March 2024 Is Yet Another Attack Against Medical Billing Firms
A Nebraska-based firm that provides revenue cycle management and billing services to healthcare firms is notifying tens of thousands of people and an undisclosed number of companies that their personal, health and financial information was compromised in a March 2024 hack.

Also: Rapid7's Boardroom Shake-Up, China's Tactical Cyber Shift
In this week's update, ISMG editors unpacked stealth vs. spectacle in ransomware attacks, Rapid7's boardroom shake-up led by activist investors and China's shift from cyberespionage to infrastructure sabotage - driving key shifts in global cybersecurity strategy and resilience.

Jason Costain on Ways Traditional and Digital Banks Could Learn from Each Other
Digital-only banks promise speed and sleek digital experiences but are not the best places to handle scam victims. Without branches to visit, victims find themselves stuck in a loop of chatbots, said Jason Costain, former head of fraud analytics and threat management at NatWest Group.

Startup Hits $4.8B Valuation After Series E as It Disrupts VDI, Web Filtering Tools
Island's enterprise browser platform is gaining traction as a replacement for SASE and legacy VDI and web filtering tools. Backed by $250 million in Series E funding, the startup plans to scale up globally and enhance R&D to support secure, simplified digital work environments.

Max Payout for Bug Bounty Program Up From $20,000 to $100,000
OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000.

State and Local Election Offices Face Growing Cyber Threat Amid Federal Budget Cuts
Top-ranking current and former security officials warned Thursday that President Donald Trump's budget cuts to the Cybersecurity and Infrastructure Security Agency and other election security efforts have left U.S. election infrastructure vulnerable to escalating cyber threats.

Outdated Systems Putting AI Adoption in the Public Sector at Risk, Report Says
Outdated IT systems and poor data-sharing practices between public offices could undermine the U.K. government's plans to deploy artificial intelligence capabilities to increase public sector efficiencies, a parliamentary committee said.

NAB's Anthony Hope on How Banks Are Preparing for the March 2026 Deadline
Australia's anti-money laundering and counter-terrorism financing legislation is undergoing its first major revision since 2006. Anthony Hope, group head of AML, CTF and fraud risk at NAB, explains what this "generational change" means for financial institutions.

Dennis Giese on Reverse Engineering, Flawed Authentication, Poor Threat Modeling
IoT security flaws expose users and businesses to serious risks. Weak authentication methods allow attackers to manipulate devices, leading to data breaches and privacy violations. Reverse engineering highlights these weaknesses, said Dennis Giese, IoT security and privacy researcher.

Newcomer VanHelsing and a Supposedly Revitalized LockBit Enter Victim-Hunting Fray
While the vast majority of ransomware attacks lately trace to relatively long-running groups, researchers see new operators entering the fray, lately including a ransomware-as-a-service group calling itself VanHelsing, as well as a fresh version of LockBit.

Also: The Treasury Department Lifts Tornado Cash Sanctions
This week, Abracadabra hack, updates on Tornado Cash and Bybit, $7M scam money recovery, man faces prison for stabbing crypto CEO, movie director charged for swindle, Ripple-SEC case wrap-up, Grinex is the new Garantex, Gotbit plea deal, Coinbase in supply chain hack and Binance insider risk threat.