DataBreachToday.com

Full Scope of Clop Ransomware Group's Oracle E-Business Suite Hits Still Emerging
The University of Phoenix is notifying 3.5 million individuals that their personal information was compromised in a data breach. The theft traces to the Clop ransomware group's supply-chain campaign against users of Oracle E-Business Suite, in which it wield two zero-day vulnerabilities.

AI Firm Discovers New Prompt Injection Attack Class
OpenAI faces a years-long battle to secure its ChatGPT Atlas web browser against prompt injection attacks, a threat the company says will require continuous defense strengthening much like the arms race against online scams targeting humans.

International Coalition Highlights Security Risks in OT’s Rush to AI
Hurriedly integrating AI into industrial systems isn't the wisest idea, the U.S. Cybersecurity and Infrastructure Security Agency and its domestic and international partners warned earlier this month. "We don't want [operators] treating AI like a magical black box," explained a CISA official.

Acquisition Streamlines Security Operations From Asset Discovery to Remediation
AI software company ServiceNow has entered into an agreement to buy cyber exposure management and security company Armis for $7.75 billion in cash. The deal will bolster ServiceNow's cybersecurity offerings at a time when many larger technology vendors are choosing to expand their security portfolios.

Preparing a healthcare workforce to responsibly engage with AI tools without over relying on automation or undermining human oversight will require awareness training akin to phishing exercises, said Skip Sorrels, field CTO and CISO at security firm Claroty.

Report: China, Russia Exploiting US Cyber Policy Gaps to Gain Strategic Advantage
A new McCrary Institute report urges Washington to adopt a more offensive cyber strategy, warning that the current reactive approach leaves the U.S. unable to counter China and Russia’s persistent campaigns to gain asymmetric leverage in cyberspace.

Scans Count 117,000 Unpatched Firewalls Running Vulnerable Version of Fireware OS
Attackers are actively attempting to exploit a now patched, zero-day vulnerability in WatchGuard Firebox firewalls, tracked as CVE-2025-14733, that can be used to remotely execute code. Scans show that over 115,000 of these edge devices remain internet-connected, unpatched and at risk.

Browser Tools Capture Chatbot Data, Sell to Data Broker: Koi Security
A browser extension promising a free clientless VPN for Chrome users has been harvesting conversations from artificial intelligence chatbot platforms and selling the data to third-party brokers. The data collection operates independently of the VPN functionality itself.

Smart eyewear such as Meta-AI Ray Ban glasses - which sport microphones, cameras and can connect to artificial intelligence - pose emerging patient privacy and other risks especially when worn in healthcare settings, said Garrett Zickgraf of consulting firm LBMC.

Top Lawmaker Urges White House to Review Foreign Influence in Open-Source Code
A top Republican in the U.S. Senate warned the White House that foreign adversaries are exploiting trusted open-source software used across federal networks and defense systems, urging the National Cyber Director to lead efforts to monitor contributors and reduce supply chain risk.

Europe Faces Barriers No Legal Rewrite Can Fix
An assumption propelling a proposed recalibration of European tech regulation is that red tape is holding back the trading bloc from gaining ground in a global race for artificial intelligence dominated by the United States and China. But Europe's problem isn’t merely regulatory drag.

Landmark Cybersecurity Deal Embeds Prisma AIRS in Google Cloud for AI Protection
Palo Alto Networks is deepening its partnership with Google Cloud in a multibillion-dollar deal aimed at fortifying AI security. The collaboration includes native integrations of Prisma AIRS and Vertex AI, addressing security across hybrid multicloud environments.

Also: Cyber Insurers Brace for AI Risk, Shopping Agents Rewrite E-commerce
In this week's ISMG Editors' Panel, four editors examine how artificial intelligence is quietly reshaping trust, risk and decision-making, from identity verification and cyber insurance to the rise of AI agents in online shopping. The ISMG Editors' Panel runs weekly.

Machine-Written Pull Requests Contain 70% More Bugs
CodeRabbit analyzed 470 GitHub pull requests and found AI-generated code introduces more defects than human-written code across logic, security, maintainability and performance categories, with severity spiking higher as well. The use of AI code generation has expanded across the industry.

Former Unilever CISO to Lead Department of Defense IT
A former Unilever executive is officially the next U.S. Department of Defense CIO. The Pentagon CIO is the principal technology advisor to Pentagon leadership and manages the department's information management and IT, and many other critical systems.