DataBreachToday.com

Defunct Ransomware Group's Diaspora Includes Hackers With Focus on Microsoft Teams
Based on intelligence gleaned from the leak of Black Basta ransomware messages, researchers are warning organizations to beware phishing attacks launched via Microsoft partner domains and via Teams, as well as the targeting of personal Google accounts accessed via corporate devices.

Ocuco and Episource Breaches Affect Health Sector Clients, Patients
An Ireland-based provider of eye care practice software and a California-based medical coding services firm have reported separate hacking incidents to U.S. and state regulators that have likely affected dozens of their clients and hundreds of thousands of people.

Analysts Warn US Infrastructure May Be Next as Iran Plans Missile Strike Response
Israel’s strike on Iranian military and nuclear targets has triggered fears of retaliatory cyberattacks, with analysts warning that Tehran may escalate disruptions against U.S. and Israeli critical infrastructure through proxy campaigns, brute-force attacks or coordinated DDoS strikes.

Startup Boosts AI-Driven Detection, MSP Channel Outreach and Hiring With Series B
Guardz has secured $56 million to deepen AI-powered threat detection and enhance automation for MSPs. The Series B funding will support platform engineering, channel marketing and operational scaling as Miami-based Guardz targets a simplified and consolidated cybersecurity future.

NCC Group's Katharina Sommer on Why Nations Are Turning Inward on Cyber Defense
Geopolitical shifts are reshaping how countries approach cyber resilience. Katharina Sommer, group head of government affairs and analyst relations at NCC Group, explains why governments are turning inward and focusing on sovereign cybersecurity strategies as cross-border collaboration weakens.

Also: Trump's Rollback of Cyber Rules, 23andMe's Privacy Backlash
In this week's update, four editors with ISMG unpack the sharp rise in software supply chain cyberattacks, U.S. President Donald Trump's sweeping cybersecurity executive order, and the data privacy backlash over 23andMe's bankruptcy and sale to the highest bidder.

Huione-Linked Crypto Activity Continues Despite Takedown Efforts
Huione's apparent shutdown was cosmetic, not operational. Transaction volumes increase since the crypto laundering network's announced closure, with services reemerging under new domains and continuing illicit operations.

Opaque Decision-Making, Lack of Guardrails, Poor Auditability are Risks
The dream of replacing burned-out SOC analysts with autonomous AI agents is as premature as it is persistent. Cybersecurity leaders are finding that deploying such tools inside security operations centers may do less to eliminate toil than to shift it.

Australian Securities Commission Says HSBC Ignored Repeated Internal Warnings
Some lessons come with a price. The recent lawsuit against HSBC by the Australian Securities and Investments Commission claims the bank prioritized profits over customer safety. Despite repeated internal warnings from its own fraud experts, HSBC failed to act.

Hackers Use TeamFiltration Penetration Testing Tool
A threat actor is using the password spraying feature of the TeamFiltration pentesting tool to launch attacks against Microsoft Entra accounts - and finding success. The threat actor has targeted more than 80,000 user accounts across roughly 100 cloud tenants.

300-Person Acquisition Expands Managed Services, Adds Legal and Forensics Expertise
The acquisition of Aon’s 300-person cyber unit enhances LevelBlue’s incident response and managed security services. It brings legal experience, global coverage and new law firm partnerships to strengthen its channel strategy and customer support, said CEO Bob McCullen.

Multi-Line Insurance Company Warns Customers of Potential Scams
Erie Indemnity Corp., which offers a wide range of insurance including Medicare supplements and cyber coverage, has notified the U.S. Securities and Exchange Commission that it has been responding to a cyber incident since last weekend. The company is also warning customers of potential scams.

WhatsApp CEO Says UK Request Sets "Dangerous Precedent"
Instant messaging app WhatsApp is seeking to join Apple's legal battle with the U.K. government over end-to-end encryption. Apple is challenging a Home Office order requiring the device maker to provide law enforcement with unencrypted copies of customer data.

Andrea Isoni of AI Technologies on Certifications, Deepfakes and ISO 42001
AI misuse - from deepfakes to cyber incidents - continues to outpace regulation. Andrea Isoni, chief AI officer at AI Technologies discusses why stronger cyber laws, certification frameworks like ISO 42001 and risk-based prioritization are necessary to manage AI risks safely and compliantly.

VulnCheck's Garrity on the Uncertainty of the CVE Ecosystem and EUVD's Limitations
Funding shortages and incomplete coverage in critical vulnerability databases are increasing the risk for defenders. Patrick Garrity, security researcher at VulnCheck, discusses how data gaps and scoring confusion hinder response strategies for potential cyberattacks.

NextJenSecurity Founder Calls for Global Policy Shifts to Reduce Vulnerabilities
Governments worldwide are shifting from reactive responses to preventive strategies to tackle ransomware attacks. Jen Ellis, founder of NextJenSecurity, stresses the need for vulnerability accountability and secure-by-design policies to tackle systemic cybersecurity flaws.

Also: 5 Guilty Pleas in Cambodia-linked $36.9 Million Scam
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, charges against a crypto firm founder in a $530M sanctions evasion and money laundering case, guilty pleas in a $36.9M scam, an $8.3M exploit of Alex Lab, and Cetus Protocol relaunched after a $223M hack.

Agentic AI Is Creating New Risks, New Career Opportunities for Cyber Professionals
If your AI agent decided to act on its own tomorrow, would your systems know who it was, what it did, and whether it had the right to do it? If the answer is no, it's time to give your new coworker a badge and a policy framework. These non-human identities are creating new career opportunities.

Group's Advisory Follows an Updated Joint Alert from US, Australian Agencies
The American Hospital Association is warning hospitals and other healthcare sector organizations of rising double-extortion attack threats involving the Play ransomware group. The AHA alert follows an updated joint government advisory issued last week about Play's latest tactics.

Check Point: 'Stealth Falcon' Exploited WebDAV Flaw
Microsoft on Tuesday patched a zero-day vulnerability in WebDAV that was exploited by UAE-linked threat actors as part of an espionage campaign in the Middle East and Africa. Check Point attributed the campaign to the Emirates APT group Stealth Falcon.