DataBreachToday.com

Hacked Infrastructure Delivered Chinese Nation-State Group's Backdoor, Experts Warn
The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors.

Social Media Network Faces Legal Barrage From France, United Kingdom and Spain
In the space of a few hours, French authorities raided X's office in Paris, the British privacy regulator opened an investigation into X and xAI, and Spanish Prime Minister Pedro Sánchez announced legal proposals that would criminalize algorithmic manipulation and amplification of illegal content.

Class Action Stems From 2023 Ransomware Attack Affecting More Than 500,000
Capital Health, which operates hospitals and other facilities in New Jersey and Pennsylvania, agreed to pay $4.5 million to settle consolidated class action litigation involving a 2023 LockBit ransomware and data theft attack affecting more than a 500,000 patients and employees.

ITRC Report: 2025 Breach Notices Lack Critical Details as AI-Based Attacks Surge
The Identity Theft Resource Center tracked a record 3,322 U.S. data breaches in 2025, more than any previous year. Yet, only 30% of breach notices included actionable details that other defenders need. ITRC's James Lee warns that this lack of transparency puts people and businesses at greater risk.

CEO David Bellini Says Level Equity Investment Accelerates AI and Acquisitions
CyberFox has raised a nine-figure growth investment from Level Equity marking its first outside capital after years of bootstrapping. CEO David Bellini says the funding will fuel AI-driven development international expansion and acquisitions as the company builds a full cybersecurity platform.

New NSA Guidance Demands Continuous Access Checks, Implementation Overhaul
The National Security Agency's new zero trust guidance instructs agencies to move beyond login-based security by continuously assessing user behavior and app-layer activity in real time, aiming to close gaps that allow post-authentication abuse and elevate federal defenses against modern threats.

Britain will likely ban at least some types of ransom payments as it revamps the nation's cybersecurity laws, but many open questions remain, including sectors and the organizational sizes to be covered, and if all payments might be required to pass sanctions checks, said policy expert Jen Ellis.

NASCIO Agenda Focuses on AI Policy, Cyber Investment and Critical Infrastructure
State CIOs have lots on their plates, juggling multiple priorities from AI to cybersecurity. But the state IT programs don't have to go it alone. The National Association of State CIOs' 2026 agenda focuses on federal legislation - and federal funds - that could help state IT programs.

Artificial intelligence use in healthcare is only as safe and accurate as the governance and trust frameworks surrounding it, particularly in clinical environments where errors or hallucinations can directly impact patient care, said Dave Bailey, vice president at consultancy Clearwater.

CEO Rohit Ghai Emphasizes Platform Depth, Threat Intel and AI-Powered Simplicity
Rohit Ghai, the new CEO of Barracuda, is leading a push to protect midmarket and resource-constrained businesses through a deeply integrated platform powered by AI. He says ease of use, human-led threat intelligence and modular deployment are essential to meeting their cybersecurity needs.

Russian Hacking Shows Limits of Preventive Measures
Europe must step up its active defenses against cyberattacks and modernize its IT infrastructure, a leading expert has warned in the wake of a major attack on Poland's energy grid attributed to Russian hackers.

Civil Society Orgs Concerned Deal Could Tilt Cloud Security Space in Google’s Favor
A coalition of European civil society organizations is urging regulators to launch a detailed antitrust investigation into Google's proposed $32 billion purchase of Wiz. They argue the acquisition would strengthen Google's dominance in cloud security and undermine multi-cloud neutrality.

Also: Why AI Agents Are Colliding, What Good Governance Ought to Look Like
In this week's panel, four ISMG editors discussed real-time vishing attacks that are defeating MFA, the growing problem of AI agents making conflicting decisions inside of enterprises and why the next phase of AI adoption depends on governance, accountability and control.

Comstar Paid Feds $75K Last Year to Settle HIPAA Allegations in Same 2022 Breach
An ambulance billing and collections firm has agreed to pay $515,000 to Massachusetts and Connecticut regulators and implement a prescriptive information security program in the aftermath of a 2022 hacking incident affecting the sensitive information of nearly 350,000 residents in those states.

ACAMS Says Investigators Need Better Data, Architecture and AI-Based Detection
The financial system has a trust problem driven by artificial intelligence, and CIOs looking to prevent fraud and other financial crimes will only face more challenges as criminals find new ways to use AI to swindle, according to an Association of Certified Anti-Money Laundering Specialists survey.

Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads Guilty
This week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach.