DataBreachToday.com

Identity Experts Adam Preis and Troy Leach
As enterprises deploy AI-powered systems, legacy identity frameworks struggle to keep up, leaving gaps in visibility, control and accountability. Adam Preis and Troy Leach joined editors at ISMG to discuss how AI agents and machine identities are redefining identity security.

Gigamon 2025 Survey: 17% Increase in Attacks as Public Cloud Vulnerabilities Mount
AI is transforming enterprise landscape, organizations report a 17% jump in cyber breaches over the past year. Security teams struggle with visibility gaps while adversaries weaponize AI to strike harder and faster, according to the Gigamon 2025 Hybrid Cloud Security Survey.

Deal Aims to Target Identity and AI Risks, SaaS Blind Spots With Unified Security
By acquiring Suridata, Fortinet plans to introduce SaaS Security Posture Management to its SASE platform. The update provides end-to-end visibility into SaaS apps, identity threats and AI plugin misuse, making SSPM a vital control plane in cloud-first security strategies.

Also: Signal Blocks Recall, Europe Sanctions Stark Industries
This week, Qakbot leader indicted, Signal blocked Recall and a judge said Trump illegally removed watchdogs. Ivanti and Palo Alto hacks linked, Stark Industries sanctioned, Marks and Spencer's hack costs 300M pounds. Pro-Ukraine hackers hit a Russian clinic and an outbreak of PureRAT in Russia.

Hacker Demanded $20M Ransom to Delete Stolen Personal, Financial Information
A months-long data breach led to the theft of personal and financial information of nearly 70,000 Coinbase customers. Coinbase said the breach dates back to December and was aided by bribery schemes targeting the company's overseas customer support agents.

DanaBot Used to Steal and to Spy
A top figure in the Russian cybercrime gang behind DanaBot infected his own computer with the malware, allowing an FBI agent to search an image of his system, U.S. federal prosecutors disclosed Thursday in indictments and an announced disruption of the malware's infrastructure.

Also: Charges in Unicoin Case, Jury Convicts SafeMoon Ex-CEO
This week, charges in $263 million theft and Unicoin cases, a jury convicted ex-CEO of SafeMoon, U.S. SEC X account hacker sentenced, Hong Kong police arrested dozens for money laundering, Russian police arrested the Blum co-founder. Israeli police arrested an alleged Nomad Bridge money launderer.

Cyber Education Needs to Go Beyond the Checklist to Prepare Future Professionals
AI is redefining how organizations work, learn and defend themselves. But while the tech is moving fast, training strategies meant to prepare security professionals often lag far behind. That gap is persistent, pervasive and reshaping the very nature of cybersecurity careers.

'Hazy Hawk' Behind a Rash of Domain Hijackings
A hacking group with apparent access to a commercial domain name system archiving service is on the hunt for misconfigured records of high-reputation organizations in order to blast links to scammy domains. It checks the CNAME field of DNS records to see if it points to an abandoned cloud service.

Auto Lending Sector Is Hardest Hit by Scammers Using Synthetic Identities
Synthetic identity and credit washing fraud have hit another record high and are showing no signs of slowing down, according to a new report by TransUnion. Unscrupulous credit repair companies are adding to the problem by convincing people in debt to create new identities.

Experts Pointing a Finger at Interlock Ransomware Gang for Kettering Health Attack
Ohio-based Kettering Health is in its second day responding to a cyberattack that's disrupted patient care services and downed its IT systems, including its patient portal and phones. Some cybersecurity insiders say Interlock ransomware is responsible.

Western Governments Publish Warning Over Unit 26165 Activities
A slew of Western cybersecurity agencies warned Wednesday that Russian intelligence is targeting logistics and technology companies in a prolonged hacking campaign that includes an emphasis on internet-connected cameras situated along border crossings and military installations.

User Panels and Command and Control Domains Seized
Law enforcement and Microsoft struck a blow against malware used to steal login credentials and financial data, seizing the central command structure and thousands of online domains used to control the Lumma Stealer. Lumma first appeared on Russian-language speaking cybercriminal forums in 2022.

Akamai Researchers Flag 'BadSucessor' in Windows Server 2025
An unpatched flaw in Windows Server 2025 that is "trivial" to exploit and present in the default configuration is full domain compromised, warns new research from Akamai. The flaw is present in a new account type known as delegated managed service accounts, or dMSA.

FIs Must Invest in AI-Fueled Behavioral Biometrics to Go Beyond Static Credentials
Scammers are increasingly turning to account takeover fraud, as financial institutions ramp up their defenses. Instead of luring victims into making authorized transactions, cybercriminals are bypassing them altogether, hijacking their digital identities and draining accounts from within.

Homeland Security Secretary Says Trump Budget Strengthens Cybersecurity
Senate Democrats Tuesday pushed Homeland Security Secretary Kristi Noem on the Trump administration's cuts to the cybersecurity component of the U.S. federal department she leads. Noem told senators the U.S. Cybersecurity and Infrastructure Agency will "continue to fulfill" its statutory obligations.

Scattered Spider Stole Tata Consulting Services Employee Login Details for Hack
British retailer Marks & Spencer was reportedly compromised by cybercrime group Scattered Spider using stolen employee credentials from a third-party IT company. Citing an unidentified source, Reuters reported hackers used the M&S login credentials of two Tata Consulting Services employees.

Georgia Court Allows Claims of Fraud, Trespass Over Falcon Software Update
Delta can proceed with its lawsuit against CrowdStrike over a July 2024 update that allegedly bypassed Microsoft safeguards and crashed thousands of systems. The judge found that Delta sufficiently alleged fraud, computer trespass and gross negligence, allowing key claims to move forward.

Acquisition Enhances Privileged Session Visibility, Session Replay, Granular Access
JumpCloud’s acquisition of VaultOne enhances its ability to offer secure, auditable privileged access management. With session recording, credential isolation and future integration into JumpCloud’s compliance ecosystem, the move reflects a broader identity and access strategy.