DataBreachToday.com

Prompt Injection, HTML Output Rendering Could Be Used for Exploit
Hackers can exploit vulnerabilities in a generative artificial intelligence assistant integrated across GitLab's DevSecOps platform to manipulate the model's output, exfiltrate source code and potentially deliver malicious content through the platform's user interface.

Findings Follow Warnings About Other Frontier AI Models' Ability to Scheme
Toggling a misbehaving device's power button to forcibly turn it off and on again remains a trusted IT tactic since the dawn of the digital age. Enter a new challenge: artificial intelligence tools that refuse to comply with shutdown requests when they conflict with goals they've set.

'Laundry Bear' Has Been Active Since 2024
Dutch intelligence agencies and Microsoft say a novel Russian state intelligence hacking group is likely buying stolen credentials from criminal marketplaces to gain entry to North American and European networks. It has "a specific interest in European Union and NATO member states."

German Court Rebuffs Consumer Group Bid for Injunction
Meta can use the public posts of European Instagram and Facebook users to train its artificial intelligence models starting Tuesday after a German court rejected an injunction against the company. The court said Meta has a "legitimate interest" in processing the data.

Mandiant Says Malware Spread Through Fake AI Video Ads Seen by Millions
Online scammers are converting excitement over generative artificial intelligence into fraudulent sites that infect victims with malware, says threat intel firm Google Mandiant in a report exposing a year-long campaign to distribute infostealers and backdoors.

Watch this On Demand Webinar and gain critical insights, actionable strategies and learn how Unit 42 can help you stay ahead in 2025 and beyond.

Emerging artificial intelligence and machine learning technologies being applied in the health and wellness space that are not necessarily covered by HIPAA but instead fall under a variety of tough new state privacy laws that are being enacted, said attorney Lily Li of Metaverse Law.

Latest AI Model Improves Coding Capabilities But Has a Penchant for Blackmail
Startup Anthropic has birthed a new artificial intelligence model, Claude Opus 4, that tests show delivers complex reasoning and code-writing capabilities, but it also has a Machiavellian streak for solving office problems and a penchant for whistleblowing in response to perceived wrongdoing.

Teenager Charged With Stealing K-12 Student and Faculty Data, $3 Million Extortion
Massachusetts teenage college student Matthew Lane has been accused of hacking into K-12 student information system platform provider PowerSchool and holding stolen student and faculty data for ransom. Prosecutors said Lane has agreed to plead guilty to multiple charges tied to two hack attacks.

Police Take Down 300 Servers Worldwide, Neutralize 650 Domains
Law enforcement in a European-led operation against malware often used as a precursor to ransomware took down 300 servers worldwide, police said Friday. The crackdown is the latest action under Operation Endgame targeting ransomware and botnet ecosystem.

Malicious Packages Hide Scripts for Mapping Enterprise Networks
A hacking campaign is spreading malicious reconnaissance scripts already downloaded more than 3,000 times from the JavaScript runtime environment npm repository, warn researchers. The reconnaissance script is likely a harbinger of worse things to come.

Police Take Down 300 Servers Worldwide, Neutralize 650 Domains
Law enforcement in a European-led operation against malware often used as a precursor to ransomware took down 300 servers worldwide, police said Friday. The crackdown is the latest action under Operation Endgame targeting ransomware and botnet ecosystem.

Did Marlboro-Chesterfield Pathology Pay Cybercrime Gang Safepay a Ransom?
A North Carolina pathology practice is notifying nearly 236,000 patients of a hacking incident discovered in January. Marlboro-Chesterfield Pathology says it "took steps" to ensure the hackers deleted its stolen data. Newcomer ransomware group Safepay is apparently the culprit in the attack.

Buyout Targets Deeper US Penetration, Digital Risk Intel, Ransomware Defense
Cognyte’s $4 million buy of GroupSense boosts its North America strategy, enhancing its investigative analytics platform with deep and darkweb threat insights and access to U.S. government and enterprise customers. The deal will enhance Cognyte’s analytics platform and threat protection offerings.

Labour Government Blames Tories
British law firms representing low-income criminal defendants and civil litigants are having to work for free for weeks or decline new cases as the fallout of a cyberattack against the U.K. Legal Aid Agency forced the agency to yank its online portal offline.

Global Collaboration Leads to Drug, Firearm Bust
U.S. and European officials Thursday touted a global operation to disrupt the criminal darkweb, announcing the arrest of 270 accused darkweb vendors and buyers across 10 countries. "Operation RapTor" resulted in the confiscation of more than $200 million and more than two metric tons of drugs.

Also: Privacy on the Line in 23andMe Sale; Google Leads Cyber Aid Charge
In this week's update, ISMG editors unpacked CrowdStrike's escalating legal troubles following its global outage, the fate of consumer DNA data as 23andMe's assets hit the auction block, and why tech giants are banding together to pressure Washington for faster, smarter foreign cyber aid.