Ransomware DataBreachToday.com

MCP Server Paused for Days After Bug Risked Data Leakage Between Users
Asana patched a vulnerability in an artificial intelligence integration feature that could have allowed users to view data from other organizations. The time management company paused the use of Asana Model Context Protocol for nearly two weeks to apply the fix.

Analysts Say CYBERCOM Likely Played a Major Role in Strike on Iranian Nuclear Sites
The United States' "Midnight Hammer" missile strike that hit three key Iranian nuclear sites likely involved significant support from U.S. Cyber Command, analysts told Information Security Media Group, after officials credited the unit for taking part in the military operation.

Frustrations Over Preauthorization Denials Have Led to 'Violence in Streets'
A dozen health insurance giants that provide coverage for about 80% of Americans with Medicare, Medicaid and commercial plans have agreed to work the U.S. Department of Health and Human Services to voluntarily streamline and improve their preauthorization processes.

Proxies Prioritize Psychological Effects Over Real Life Effects in Cyberspace
Warnings about Iranian hacking following the United States' Saturday bombing of Iranian nuclear weapon development sites ratcheted sharply upward even after weeks of admonitions that Iran could respond to ongoing missile strikes with virtual assaults.

Ruling: HHS Has No Authority to Distinguish Different Types of PHI for Restrictions
A Texas federal court has vacated 2024 changes to the HIPAA Privacy Rule made by the Biden administration to shield reproductive healthcare information from law enforcement. The court's ruling could potentially make it easier for state investigators to obtain information about abortions and gender treatments.

Experts Suspect Scattered Spider Is Behind Rash of Recent Insurer Breaches
Aflac is the latest insurance company dealing with a cyberattack. The company is investigating a cyber incident that did not involve ransomware encryption of its IT systems, but did potentially compromise data. Experts suspect Scattered Spider is behind the recent rash of insurance incidents.

Merger Strengthens AdaCore’s Reach in C and C++ Static Testing for Embedded Systems
The merger between New York-based AdaCore and Washington D.C.-area CodeSecure fills a strategic gap in static analysis for C and C++ programming, giving embedded software developers a more complete suite of security and safety verification tools in high-stakes industries.

Also: CISA's Leadership Crisis; Why AI's Confident Errors Demand Urgent Oversight
In this week's update, four editors with ISMG discussed Anubis ransomware's puzzling shift to data wiping malware, the leadership vacuum and budget uncertainty at CISA and growing concerns about how artificial intelligence tools are making confident mistakes that demand human oversight.

Experts Debunk Legitimacy of Data Sets With 16 Billion Credentials Being Circulated
News broke this week that a "colossal" set of data comprising 16 billion stolen login credentials has been circulating on the cybercrime underground, making it "the largest data breach in history." Don't believe the hype: experts say the numbers simply don't add up, and see little if any risk.

While Exceptions Apply, Such Efforts Often Only Amount to Psychological Operations
Missile exchanges over the skies of Israel and Iran entered their eighth day, wreaking death and destruction. Hacktivists are taking that as their cue to join the fray, although whether their efforts function as anything more than psychological operations is unclear.

Iranian OT Hacking Team Has Gone Quiet … Too Quiet
Armed exchanges between Iran and Israel and the prospect of U.S. armed intervention against Tehran has cyber defenders warning about hacking risks to critical infrastructure. Iran's CyberAv3ngers doesn't possess the sophistication of Chinese or Russian actors but it's still a persistent threat.

High-Severity Flaw in LangChain's AI Tooling Hub Now Patched
A flaw in the LangSmith platform, an open-source framework that helps developers build LLM-powered applications, can enable hackers to siphon sensitive data, said Noma Security. Dubbed AgentSmith, the flaw can allow attackers to embed malicious proxy configurations into public AI agents.

Government Says Bill Will 'Pump 10 Billion Pounds' Into Economy
The U.K. government passed the Data Use and Access Bill that will introduce a host of privacy changes intended at making data processing more lenient with a motive to promote economic growth. Whether the EU will continue to find British law adequate is an open question.

Also, Researchers Exploit Tesla Wall Connector Via Charging Cable
This week: Chinese Salt Typhoon hackers hit Viasat, researchers hacked a Tesla charger, Sitecore CMS flaws, Krispy Kreme disclosed hacking damage, Archetyp Market taken down. Episource disclosed a ransomware hack and Spain ruled out cyberattack for the April Iberian blackout.

Erie Insurance and Philadelphia Insurance Still Recovering From Separate Attacks
Statements by Erie Indemnity Co. and Philadelphia Insurance Companies indicate that voluntary decisions to disconnect their systems from the network - not ransomware encryption - have disrupted operations over the past 10 days since the carriers were hit with separate cyberattacks.

Passengers' Nuisance Claim Against CrowdStrike Barred by Airline Deregulation Act
A judge dismissed a suit against CrowdStrike over its 2024 outage, ruling the claims by airline passengers are preempted by the Airline Deregulation Act. The plaintiffs claimed damages for negligence and public nuisance. But the court found those claims were inseparable from the airlines' services.

Government Says Bill Will 'Pump 10 Billion Pounds' Into Economy
The UK government passed the Data Use and Access Bill that will introduce a host of privacy changes intended at making data processing more lenient with a motive to promote economic growth. Whether the EU will continue to find British law adequate enough is an open question.

Global Tensions Are Driving Demand for Cybersecurity Jobs
Cybersecurity professionals are finding themselves on the front lines of a different kind of battlefield - one that spans global networks, targets civilian infrastructure and operates continuously across borders. Follow these steps to prepare for a career in cyber defense.

Shanghai Firm Bets on Open-Source Strategy, Efficiency Claims
Shanghai artificial intelligence startup MiniMax released a new open-source large language model, positioning it as a direct competitor to American and other Chinese models. MiniMax says its model performs competitively on benchmark tests against leading proprietary and open models.

Crime Gang Begins Leaking Stolen Freedman HealthCare Data
Cybercriminal gang World Leaks - formerly Hunters International - reportedly claims to have stolen 52.4 gigabytes of data containing 42,204 files from Massachusetts-based Freedman HealthCare, a contractor that provides data integration and analytics services to state health agencies.