DataBreachToday.com

Also: Gartner's Sydney Summit Highlights, Rising OT Security Risks
In this week's update, ISMG editors discussed X’s major DDoS outages, politically motivated cyberattacks, key takeaways from Gartner’s Security & Risk Summit in Sydney, and rising operational technology threats highlighted in recent Dragos and Gartner reports.

Threat Groups Are Mapping OT Networks for Future Targeting, Warns Dragos
A China-linked threat group called Voltzite is targeting operational technology systems at critical infrastructure organizations worldwide to steal network diagrams, OT operating instructions and information about geographic information systems, said cybersecurity firm Dragos.

IT Outages Are Affecting Patient Services, NC Practice Is 'Temporarily Closed'
A small North Carolina radiology practice and a 25-bed Pennsylvania hospital and are among the latest rural healthcare providers struggling to recover from recent cyberattacks that are disrupting their technology operations and affecting patient care services. How will this end up?

Funds Will Support Next-Gen Security Orchestration and Response, Eliminate Complexity
With $30 million in funding, Sola Security is launching an AI-driven, self-service SOAR platform designed for easy adoption across security, IT, and DevOps teams. The Israeli startup aims to disrupt traditional security automation by lowering technical barriers.

Worries Grow Over Data Privacy Framework Stability
A European official said he received assurances the U.S. is committed to preserving the legal framework underpinning commercial data flows across the Atlantic. The Data Privacy Framework already faces legal challenges in Europe, but fears of its durability compounded with the Trump administration.

Bipartisan 'Match IT Act' Aims to Reduce Risk of Medical Mistakes, Privacy Mishaps
Two Congressmen are taking another bipartisan stab at passing legislation aimed at improving patient identity matching to help reduce mistakes that put patient privacy and safety at risk. The lawmakers have introduced similar provisions in the past. Will the proposals gain traction this time?

The Edge Device Hacking Wave Hasn't Spared French Companies
France playing host to the Olympics resulted in a surge of cyberattacks requiring intervention of the state cybersecurity agency, it said in an annual report also flagging an uptick in attacks levied against network edge devices. The games went smoothly.

Series D Funding to Drive U.S. Growth and AI Advancements in Cybersecurity
Pentera has raised $60 million in Series D funding to expand its presence in the U.S. and accelerate AI-driven innovations in security validation. CEO Amitai Ratzon says the company is focused on advancing automated testing and strengthening its leadership in exposure validation.

Cyber Defense Agency Axes Funding for Key ISACs as Trump Shifts Federal Priorities
The Cybersecurity and Infrastructure Security Agency is eliminating $10 million in annual funding for two key cybersecurity hubs supporting states and local elections as agency officials tell Information Security Media Group the move is aimed at eliminating waste and realigning priorities.

Browser Isolation Protects Access Points as Remote Work Expands Attack Surface
With 92% of organizations supporting remote connectivity and phishing attacks surging to record levels, browser-based security has become essential for zero trust frameworks to protect against malware, ransomware and credential theft.

AI-Enabled Security Offers Continuous Monitoring for Distributed Enterprise Apps
As cybercriminals increasingly use AI for sophisticated attacks against cloud workloads, organizations must implement zero trust principles with continuous policy enforcement and proactive threat management to protect mission-critical applications.

Juniper Networks Urges Immediate Updating and Malware Scans to Block Attackers
Hackers have been infecting outdated Juniper MX routers with backdoor malware as part of an apparent cyberespionage campaign that traces to a Chinese-affiliated hacking team tracked as UNC 3886, warned Google's Mandiant incident response group.

Tested on Three OpenAI Models, 'Minja' Has High Injection and Attack Rates
A memory injection attack dubbed Minja turns AI chatbots into unwitting agents of misinformation, requiring no hacking and just a little clever prompting. The exploit allows attackers to poison an AI model's memory with deceptive information, potentially altering its responses for all users.

Stretched Agency Must Balance HIPAA Enforcement With Policing DEI in Healthcare
HHS investigators charged with protecting the civil rights and privacy of patients are now assigned to finding and stamping out diversity, equity and inclusion programs at universities and hospitals, with DEI deemed discriminatory under the Trump administration.

Experts Express Surprise Over Major Social Platform Falling Victim to DDoS Attacks
One of the world's biggest social networks continued to face intermittent outages Tuesday, apparently due to unsophisticated, distributed denial-of-service attacks. Experts said the attacks were traced to malware-infected devices - many based in the U.S. - and pro-Palestinian hacktivists.

Plankey Led Efforts to Engage Energy Sector in Cyber Prep During Trump's First Term
President Donald Trump has nominated a former Energy Department and National Security Council cybersecurity official to lead the U.S. Cybersecurity and Infrastructure Security Agency. National Guard and Coast Guard Veteran Sean Plankey has been tapped to replace Jen Easterly as the director of CISA.

Abuse Can Lead to Fraud, Impersonation Scams
Need a new voice? Artificial intelligence has you covered. Need to protect your own? That's another story. Some of the most widely used AI voice synthesis tools offer only superficial safeguards against misuse - if any at all, researchers found in a recent analysis.

Risk of Espionage and Disruption Key Risks, Lawmakers Warned
The British government is "extremely worried" about the Chinese and Russian cyberespionage and disruptive hacks, government officials told the U.K. Public Accounts Committee on Monday. The United Kingdom has faced a "substantial escalation in cyberthreats" in the last three years, lawmakers heard.

Getvisibility's AI Mesh Integration to Bolster Data Classification, Risk Management
Forcepoint is buying Getvisibility to integrate its AI Mesh technology, boosting data classification and risk assessment capabilities. The purchase fortifies Forcepoint's cybersecurity solutions for highly regulated industries, with full integration expected by year-end pending regulatory approval.