DataBreachToday.com

Ransom Threats to Be Reported Under New Australian Legislation
Australian organizations have 40 days to prepare for a new law requiring mandatory reporting of ransomware payments to authorities. The law covers about 6.5% of registered businesses which, starting May 30, must report ransomware payments within 72 hours to the Australian Signals Directorate.

Series B Investment to Boost AI, Expand Coverage Across IaaS, PaaS, SaaS, On-Prem
Data security startup Sentra has raised $50 million to expand its AI-powered classification, labeling and enforcement capabilities. With enterprise interest in secure AI adoption and risk mitigation rising, the firm will grow its team and expand support for cloud, SaaS and on-prem data governance.

Security First Framework Approach Focuses on Isolating Untrusted Inputs
Chatbots' popularity has been tempered from the start by the prospect of prompt injection attacks. Google DeepMind's CaMeL aims to address the issue by reframing the problem, and applying proven security engineering patterns to isolate and track untrusted data.

Model Context Protocol's Adopters Include OpenAI, Google
Artificial intelligence developers including OpenAI, Google and Microsoft are adopting rival Anthropic's open standard to speed up the capabilities of their chatbots by allowing them to access daily-use software. Dubbed "Model Context Protocol," the open standard aims to make chatbots more useful.

In Other Cybercrime Market Drama, BreachForums Marketplace Reboot Branded a Fake
Just three months after being disrupted by an intelligence law enforcement operation, the notorious online cybercrime marketplace called Cracked appears to have patched itself up and restarted operations. The recently disrupted BreachForums also claims to be back - although experts remain skeptical.

Top Democrat Sounds Alarm Over Whistleblower Report of DOGE's Master Database
A top Democrat on the House Oversight Committee sounded the alarm after a whistleblower provided information to Congress warning that staffers for the Department of Government Efficiency violated federal data laws while building a "master database" of sensitive information across federal agencies.

Despite Last-Minute Reprieve, Fresh Approach and Ownership Required, and Soon
This week's near-disruption in funding for the Mitre-administered Common Vulnerabilities and Exposures Program shows that the U.S. government no longer wants to be footing the tab. Many experts say this is an opportunity to redesign the CVE Program to be more neutral, sustainable and international.

With highly sensitive information and disruptions to medical care at stake during cyberattacks on healthcare organizations, it's vital for these entities to carefully consider details of their communications plans well in advance of suffering a serious incident, said Tom Bolitho of FTI Consulting.

Safety Concerns Emerge Amid o3, o4-mini and GPT-4.1 Launches
OpenAI's mid-April announcements include its most advanced reasoning models o3 and o4-mini, with a biorisk monitor, the quietly released GPT-4.1 coding family and the upcoming retirement of its costliest model, GPT-4.5. OpenAI's partners warn that the company's rushed evaluations have left gaps.

BitNet b1.58 2B4T Focuses on Speed, Efficiency, Open Access
Microsoft released what it describes as the most expansive 1-bit AI model to date, BitNet b1.58 2B4T. Unlike traditional large language models that depend on GPUs and massive infrastructure, the model is built to operate efficiently on CPUs including Apple's M2 chip.

DOGE Staffers Allegedly Violated Federal Cyber Best Practices and Data Privacy Laws
A whistleblower complaint made public this week provides the most in-depth look yet at the Department of Government Efficiency's many alleged cybersecurity failures, from violating federal best practices to seemingly ignoring data security laws in an apparent bid to shrink the government.

EVP Muhi Majzoub Outlines Integration of TDR, Generative AI Across Core Platforms
OpenText is embedding threat detection, identity protection and generative AI across its cloud and on-premises platforms. EVP Muhi Majzoub says the threat detection and response system will integrate with Microsoft Defender, CrowdStrike and others to identify anomalies and stop attacks in real time.

Canadian Cyber Agency Warns of Rising Chinese Cyberthreats.
The Canadian Center for Cybersecurity on Tuesday said it has observed "increasing levels" of malicious cyberactivity from China-linked hackers, including the group tracked Salt Typhoon. Exposed edge devices are at risk of attacks can be detected through mass scanning.

Researchers Say Chinese Mobile Route Firms Dominate Global Interconnect Industry
A report warns U.S. allies and countries across the globe are using Chinese-owned and controlled mobile routing firms in a move that could risk national security interests and potentially expose billions of users to passive and active surveillance from Beijing.

Case Resolves HHS OCR Scrutiny of Two Security Incidents
A Guam public hospital has agreed to pay federal regulators $25,000 and implement a corrective action plan to settle potential HIPAA violations - including a failure to conduct a comprehensive risk analysis - identified during an investigation into two security incidents.

Australia-Based Firm Adds Cloud, Red/Blue Team Skills to Infosys' Cyber Arsenal
With a planned $63 million acquisition of The Missing Link, Infosys deepens its cybersecurity capabilities and strengthens its global cloud and risk assessment services. The acquisition adds to its cyberdefense centers and enhances red/blue team capabilities and digital transformation support.

Exaforce's AI-Powered Automation Aims to Streamline Security Ops for Enterprises
SOC automation startup Exaforce closed a $75 million in Series A financing round to enhance its AI model purpose-built for cybersecurity. The company plans to expand support for SaaS and cloud platforms and deploy agentic features to speed analyst workflows.

Project Management Skills Can Be Your Career Force Multiplier in Cybersecurity
While technical expertise is foundational in cybersecurity, organizational and project management skills have become critical differentiators for career advancement. Learn practical strategies to develop these capabilities, even if you don't consider yourself naturally detail-oriented or organized!

Landmark Admin Compromise Affects More Than a Dozen Insurance and Annuity Carriers
Landmark Admin, a third-party vendor that provides administrative services to life insurance and annuity companies, said 1.6 million people are potentially affected by 2024 ransomware and data exfiltration incidents that compromised a wide range of personal, financial and health information.