DataBreachToday.com

Threat Actor Shifts From Targeting Exchange to Databases
A Chinese cyberespionage threat actor with a history of hacking Microsoft Exchange to spy on geopolitical events including summits in Africa, the Middle East and Asia, has shifted its attention to targeting databases, say researchers.

Medication Tech Firm Says Hacking Incident Contained to One Employee Email Account
A Florida firm that offers medication therapy management services to health plans is notifying nearly 150,000 individuals that their information was potentially compromised in a phishing attack affecting one employee's email account for only about an hour. Why do users still fall for phishing scams?

Public-Private Cyberthreat Sharing at Risk Amid Shutdown, Experts Warn
With a key cyberthreat sharing law expiring Tuesday, analysts tell Information Security Media Group legal protections enabling cyberthreat sharing across the public and private sectors will vanish, raising fears of reduced visibility into critical infrastructure just as federal resources shrink.

A Look at How the 2nd Largest Deal in Cyber History Nearly Fell Apart in the 11th Hour
The second-largest acquisition in cybersecurity history included initial outreach in 2023, the seller nearly walking away and an accelerated announcement timeline due to media leaks. Palo Alto CEO Nikesh Arora first approached CyberArk Chairman Udi Mokady about a potential deal back in May 2023.

Cognex Says It Won't Patch Flaws
Nearly a dozen serious vulnerabilities in a Cognex industrial smart camera will go without a patch because the company says the model is "too old to merit a fix." Industrial security firm Nozomi Networks uncovered nine flaws during a security assessment.

2024 Cyberattack Was One of Several on Other Blood Suppliers in US, UK
OneBlood, which provides blood supplies to 250 hospitals in Florida, Georgia and the Carolinas, will pay $1 million to settle proposed class action litigation filed against the non-profit entity in the wake of a 2024 ransomware attack that compromised the information of nearly 170,000 individuals.

Machine Identities Outpace Human Ones, But Accountability Lags Behind
Machine identities already outnumber human users in many organizations, but the answer to who owns them, who rotates their keys, audits their actions and takes the fall when something goes wrong often depends on who's responding - and the answers rarely align.

Global Cyber Agencies Call for Exhaustive OT Inventories to Combat Threats
Global cyber agencies are urging critical infrastructure owners and operators to maintain "definitive records" of their complex operational technology environments, calling for exhaustive asset visibility as regulators shift toward prescriptive mandates to counter escalating threats.

Carmaker Anticipates Phased Restart of Production
The British government will guarantee a 1.5 billion pound loan to Jaguar Land Rover as the embattled carmaker grapples with the fallout of a September cyberattack that froze production and sales across the globe. The government backed-loan shows the hack endangered "national economic security."

OpenAI, Apollo Research Find Models Hide Misalignment; Training Cuts Deception
Frontier artificial intelligence models are learning to hide their true intentions to pursue hidden agendas, said OpenAI and Apollo Research. Researchers say the risk of deception needs to be tackled now, especially as AI systems take on more complex, real-world responsibilities.

MIND Act Asks FTC to Study Exploitation Risks for Neural Data Collected by Devices
Are brain waves and similar neural data the next frontier in consumer privacy worries? A trio of U.S. senators have introduced federal legislation aiming to get ahead of risks that such brain-related data could be collected and misused by tech firms, data brokers, government agencies and others.