DataBreachToday.com

Structured Approach to Mitigate Vulnerabilities and Risks in Synthetic Biology Labs
Advances in synthetic biology promise breakthroughs, such as engineered bacteria and microbes for pollution cleanup and medicine production. But this promise brings new risks: cyberthreats that intersect with biosecurity. Threat modeling provides a critical framework to anticipate these risks.

Claude Creators Ride Wave of AI Momentum With Updated Valuation
Anthropic raised $13 billion in fresh capital, bringing its post-money valuation to $183 billion. A Series F round was co-led by Iconiq, Fidelity Management & Research Company and Lightspeed Venture Partners, with participation from a slew of institutional investors and sovereign wealth funds.

Intel Chief Tulsi Gabbard Will Ax a Cyberthreat Sharing Hub, Citing Redundancy
Director of National Intelligence Tulsi Gabbard said the decision to eliminate the Cyber Threat Intelligence Integration Center was meant to remove redundancies and save taxpayer money, though analysts warn the move could leave a major gap in federal threat information sharing.

The EU General Court Gives Victory to Backers of Trans-Atlantic Data Flows
The European Union General Court on Wednesday dismissed a plea by a French politician to annul the legal framework underpinning commercial data flows across the Atlantic, rejecting claims that a U.S. intelligence agency oversight body is not independent of the federal government.

Ransomware Gang Nova Poised to Leak Patient Data, Lab Stays Mum on Negotiations
With ransomware gang Nova threatening to leak patient data on the darkweb, a Dutch laboratory that performs cervical cancer tests for a government screening program is mum about the ransom negotiations, but it says the cyberattack in July has affected 941,000 patients.

Researcher: Internal Data Belonging to World’s Largest Lender Exposed on AWS
Navy Federal, the world’s largest credit union, left hundreds of gigabytes of internal backup files exposed on Amazon’s cloud storage service, says cybersecurity researcher Jeremiah Fowler. Exposed data included email addresses, hashed passwords and what appeared to be internal system data.

Acquisition Targets Business Email Compromise, Impersonation and Spear-Phishing
Varonis has acquired SlashNext to strengthen detection of phishing and social engineering attacks. The integration will help prevent identity compromises via email, SMS and collaboration tools while enhancing Miami-based Varonis’ AI-driven data protection.

Orthopedic Group, Medical Imaging Centers, Home Healthcare Provider Report Breaches
Specialty healthcare providers know what they're about when it comes to an irregular heartbeat or a wheezing lung. Cybersecurity, not so much. Hacks on specialty medical entities easily result in tens of thousands, if not hundreds of thousands, or even millions, of patient records being compromised.

Gap in Microsoft Blocklist Exploited, ValleyRAT Runs Undetected
A Chinese nation-state cyber group is exploiting a Microsoft-signed driver to shut down Windows security protections. The attackers deployed the driver through a custom loader. The core weakness that Silver Fox relied on remained exploitable even after patching.

'Widespread Data Theft Campaign' Compromised Many Drift OAuth Tokens, Warn Experts
Threat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for applications integrated with Salesloft's AI chatbot Drift, then exfiltrating data. Victims include Salesforce customers Zscaler and Palo Alto Networks.

Cyber Extortion Campaign Automated Efforts to 'Unprecedented' Degree, Says AI Giant
Artificial intelligence giant Anthropic said it's disrupted a cybercrime operation that tapped its large language models, including Claude Code, to an "unprecedented" extent to help automate a data theft and extortion campaign that targeted more than a dozen critical infrastructure organizations.

No Law Enforcement Information or Austrian Personal Data Compromised, Officials Say
The Austrian government said a "targeted and professional" hack attack breached about 100 government email accounts in its interior ministry, which is chiefly responsible for public safety. Attackers also stole data, although officials said no law enforcement or personal data was exposed.

FBI Seizes Domains; Dutch Police Analyzing Seized Data to Identify Admin and Users
An international law enforcement operation involving the FBI and Dutch police has shuttered VerifTools, a "key" platform for generating fake identification documents cops have tied to multiple help desk fraud, cryptocurrency theft and other cybercrime cases.

Also: Netskope's High-Stakes IPO, How AI Sovereignty Threatens Our Shared Reality
In this week's update, four ISMG editors discussed explosive whistleblower claims about alleged mishandling of Americans' sensitive U.S. Social Security data, Netskope's push for an initial public offering and the global fight over the geopolitical sovereignty of artificial intelligence platforms.

Absolute Dental Says Breach Involved Third-Party Managed Services Firm
A Nevada dental practice is notifying more than 1.2 million individuals of a hacking incident that compromised sensitive health and personal information. The incident involved "inadvertent execution of a malicious version of a legitimate software tool," said Absolute Dental.

Defense Department Suspends, Reviews Microsoft 'Digital Escorts' Program
The Pentagon is reviewing Microsoft's decade-long use of "digital escorts" - U.S.-based staff who review code from Chinese engineers - into military cloud systems, a workaround now deemed a "breach of trust" that may have exposed sensitive but unclassified government data.