DataBreachToday.com

Operator Cannot Yet Reliably Perform Complex, Customized Tasks
OpenAI introduced an AI agent capable of independent action with the launch of Operator, an general-purpose AI tool that interacts with websites to perform tasks. The agent can navigate menus and complete forms to do tasks such as travel booking, ordering takeout, buying stuff or scheduling tasks.

Fraud Expert Ken Westbrook on Successful Ways to Stop Fake Investment Sites
According to the FBI, losses from investment scams surged 38% between 2022 and 2023. Fraudsters are using highly effective tactics, including sending text messages to lure victims to fake cryptocurrency platforms, said Ken Westbrook, founder and CEO of Stop Scams Alliance.

The EU-US Data Privacy Framework Requires a Functional PCLOB
A Trump administration move to gut a key oversight body meant to guarantee European data rights in the United States could endanger the legal basis underpinning commercial data flows across the Atlantic. The board is charged with overseeing U.S. surveillance practices.

Under the Trump administration, the proposed update to the HIPAA Security Rule - issued in the final weeks of the Biden administration - is likely to get trimmed but not totally cut, predicts regulatory attorney Sharon Klein of the law firm Blank Rome. What else should the health sector expect?

Also: US Prosecutors Charge Suspected North Korean IT Worker Collaborators
This week, researchers spied Palo Alto firewall flaws, a North Korean IT worker conspiracy, ChatGPT as DDoS vector. Chinese hackers targeted a VPN maker, a fake PyPI package and a Russian threat actor shifted tactics. BreachForums' admin faces prison, and scammers used the release of Ross Ulbricht.

APIs are the backbone of modern applications, enabling connectivity and functionality across diverse systems. However, the growing complexity of API ecosystems introduces vulnerabilities that attackers exploit to disrupt operations, steal data or launch other malicious activities. Without real-time visibility and robust threat detection, businesses face significant risks.

Hackers Unlikely to Exploit Flaws in the Wild
Security researchers found an unpatchable flaw in the system that prevents commercial aircraft from crashing into each other, the U.S. federal government said in a Tuesday advisory that called the likelihood of its exploitation "unlikely" outside of a laboratory setting.

California User's Class Action Suit Says LinkedIn Violated Contract, Privacy Regs
A LinkedIn user has sued the company for flouting privacy requirements by allowing third-party companies to access user data - including Premium users' private messages - to train their artificial intelligence models. A LinkedIn spokesperson called the lawsuit "false claims with no merit."

The pace of change including the rise of artificial intelligence and a sense of accelerating chaos can make cybersecurity professionals feel like "things are kind of everything, everywhere, all at once," said Black Hat conference founder Jeff Moss. How should they respond?

Fortinet's Vincent Hwang on Addressing Security, Compliance Gaps
According to Fortinet's 2025 State of Cloud Security Report, 76% of organizations have a shortage of cloud security expertise, compounding cloud adoption and security challenges. How should organizations address the skills gap? Vincent Hwang of Fortinet shares analysis and advice.

Exploring New Ways to Deliver and Measure Cybersecurity Awareness Programs
Regulations such as GDPR, HIPAA and CMMC have made security awareness training a staple of corporate security programs. But compliance is only part of the story. Organizations face an even deeper challenge: influencing employee behavior in ways that create a truly secure workplace.

7 Texas Health and Human Services Workers Fired in Incident Affecting 61,000 people
Authorities in Texas are investigating an insider incident at the Texas Health and Human Services Commission that led to the firing of seven employees, an investigation into hundreds of thousands of dollars in stolen funds and notification of a breach of personal information affecting 61,000 people.

HHS' Privacy Rule Update Limits Use, Disclosure of Reproductive Health PHI
A Biden administration HIPAA Privacy Rule, which went into effect last June to restrict the disclosure of reproductive health information, is being challenged in federal court by the attorneys general of 15 states. The AGs are asking a Tennessee federal court to overturn the rule.

House Committee on Homeland Security Mulls Response to Volt Typhoon, Future of CISA
The United States needs to respond more aggressively to nation-state hacking, members of Congress heard Wednesday against a backdrop of changes - actual and planned - at the primary federal civilian cyber defense agency. "We need to call them out for this," said Rep. Michael McCaul, R-Texas.

Rao Replaces Bryan Palma, Who Combined McAfee Enterprise, FireEye to Form Trellix
Symphony Technology Group tapped Vishal Rao to take over as CEO of Trellix while continuing to serve as chief executive of sister company Skyhigh Security. The San Jose, California-based security vendor tasked longtime Cloudera and Splunk leader Rao with accelerating Trellix's market share.

President Fulfills Campaign Promise to Pardon Ross Ulbricht, Blames DOJ Abuse
On his second day in office, U.S. President Donald Trump pardoned Ross Ulbricht, founder of Silk Road, an online marketplace tied to over $200 million in illegal bitcoin transactions. Ulbricht has been in federal prison since 2015, sentenced to life with no possibility of parole.

Murdoc Botnet Uses Over 100 Distinct C2 Servers to Manage Infected Devices
A new variant of the Mirai malware is exploiting vulnerabilities in cameras and routers to infiltrate devices, download payloads and integrate them into an expanding botnet. Qualys tracked over 1,300 active internet protocol addresses linked to the Murdoc Botnet since its emergence in July 2024.

'Humphrey' Set to Help Civil Servants Streamline Work Across Whitehall
The British government on Tuesday launched artificial intelligence-powered tools intended to help civil servants offer improved public service in a first step toward implementing a plan meant to transform the United Kingdom into a world AI leader.