DataBreachToday.com

Gartner: Security Service Edge Market Is Experiencing Evolution, Not Revolution
Pure-play security service edge specialists Zscaler and Netskope were once again joined by platform behemoth Palo Alto Networks atop Gartner's rankings of SSE vendors. The SSE market is experiencing evolution rather than revolution, with commoditization prevalent in legacy security technologies.

After Hours-Long Disruption, XDR Vendor Promises Full Root Cause Analysis of Outage
Cybersecurity vendor SentinelOne suffered a major, global outage for about six hours on Thursday that disrupted its monitoring of managed response service customers' endpoints and networks, interrupted software updates and kept administrators from accessing consoles for troubleshooting purposes.

As Visa and Mastercard Deploy AI Agents, Experts Ask: Who Holds the Receipt?
When AI assistants order groceries or book flights, who's responsible when something goes wrong? That question is no longer hypothetical. As Visa and Mastercard enable AI agents to perform transactions on behalf of cardholders, experts weigh the legal, security and privacy stakes.

Also: Deepfake Dangers with Veo 3; Claude Opus 4's Manipulative Edge
In this week's update, Information Security Media Group editors questioned whether we’re less secure today despite agentic AI and platformization, examined Veo 3’s alarming leap in deepfake realism, and dug into Anthropic’s powerful yet problematic Claude Opus 4.

US, Australian Cyber Agencies Say Visibility Gaps Threaten Detection and Response
The Cybersecurity and Infrastructure Security Agency issued new guidance urging organizations to streamline Security Information and Event Management platform integration by prioritizing impactful log data and reducing blind spots that continue to plague even mature security operations centers.

Apex Security Detection Tools Help Tenable Spot Accidental and Malicious AI Misuse
Tenable is acquiring Israeli startup Apex Security to extend AI security features that go beyond asset discovery. With user-level controls and risk mitigation for AI usage, Tenable aims to accelerate its exposure management roadmap by integrating Apex into Tenable One later this year.

Retailers Report a Spurt in Breaches
Jewelry retailer Tiffany & Co. said hackers stole South Korean customers' data from a third-party vendor's platform, a disclosure that came shortly after sister brand Dior announced a similar breach. Hackers stole the personal information of South Korean shoppers.

Palo Alto Networks on How to Construct a Defense for Modern Threats
The rapid evolution of cyber threats, amplified by the integration of AI into adversarial tactics, calls for a shift in defensive strategies. Traditional approaches are no longer sufficient to address the sophistication, scale, and speed of modern attacks.

Things to Include on Your CV When Your Job Focuses on Keeping Systems Running
If you're a junior SOC analyst, a GRC specialist or someone working in ICS environments, the idea of a cyber portfolio might seem irrelevant. It's not. Employers need tangible proof of your skills, and a well-constructed portfolio does just that - whether your job touches logs or legal frameworks.

Huang Says Rules Shut Nvidia Out of $50B China Market, Gives Rivals Long-Term Edge
CEO Jensen Huang says new U.S. chip restrictions on China forced Nvidia to write down $4.5 billion in AI inventory and will hurt American leadership in global infrastructure as Chinese firms gain momentum. The rules fuel China’s rise and jeopardize U.S. infrastructure dominance, according to Huang.

APT31 Compromised the Czech Foreign Affairs Ministry in 2022
The Czech government on Wednesday said Chinese state hackers stole sensitive declassified information from the republic's foreign ministry as part of a years-long espionage campaign. Czech Ministry of Foreign Affairs attributed the hack to a Chinese nation-state group tracked as APT31.

Stealthy Malware Installs Cryptomining Software
A botnet targeting Internet of Things devices works by brute forcing credentials and downloading cryptomining software. Researchers call the botnet "PumaBot," since its malware checks for the string "Pumatronix," the name of a Brazilian manufacturer of surveillance and traffic camera systems.

'It's Just Totally Destabilizing,' Staffers Say Amid CISA's Leadership Exodus
An ongoing exodus of top officials and senior leadership at the Cybersecurity and Infrastructure Security Agency's regional offices has left staffers increasingly worried about a potential major shift in mission and continued cuts to staff and spending.

Researcher Analyzes System Prompts to Show How New Claude Models Work
System-level instructions guiding Anthropic's new Claude 4 models tell it to skip praise, avoid flattery and get to the point, said independent AI researcher Simon Willison, breaking down newly released and leaked system prompts for the Claude Opus 4 and Sonnet 4 models.

Framework for Moving From Scattered Tools to Unified AI Security Strategies
As CISOs grow confident with standard cybersecurity tools, AI security remains a grey area. By systematically breaking down AI security into seven key pillars - rather than waiting for a comprehensive solution - organizations can embed security by design to proactively address emerging cyberthreats.

Google Is Getting Accolades for Veo 3, But the AI Video Tool Has a Darker Side
AI enthusiasts are saying Veo 3 is one of Google's best products. The mind-blowing AI constructs cinematic video clips from text prompts, and the results look real. Veo 3 pushes deepfake capabilities into uncharted territory and introduces new threats to truth, trust and authenticity.

CISA Advisory Says Threat Actors Stole App Secrets in Azure-Hosted Backup Platform
A suspected Chinese state hacking group linked to last year’s telecom intrusions breached Commvault’s Microsoft Azure environment, exposing sensitive Microsoft 365 credentials and reigniting fears over U.S. cloud infrastructure vulnerabilities and default security settings.

Open Garden Strategy, Automated Risk Remediation to Get a Boost With Veriti Buy
Check Point will fold Israeli firm Veriti into its Quantum suite following an acquisition aimed at streamlining automated security response across endpoints, firewalls and cloud environments. Veriti’s patented technology is seen as critical to reducing misconfigurations without business disruption.

A RobbinHood Attack Against Baltimore Cost City $19 Million
An Iranian national behind a spate of ransomware attacks against U.S. municipalities including an attack that cost the city of Baltimore $19 million to rectify pleaded guilty in U.S. federal court Tuesday afternoon. Sina Gholinejad, 37, admitted to deploying Robinhood ransomware.