DataBreachToday.com

Also, O Canada, Oh Brother and More Probable Chinese Hacking
This week, ransomware kills, Salt Typhoon hit Canada, Russian backdoors, SAP and Citrix patches, China hackers in the oil and energy sector. Brother printers have an unfixable flaw. Ransomware hit a U.S. dairy cooperative. Hackers in Albania and Oxford. European lawmakers heard cybersecurity advice.

KPMG Climbs, ThreatConnect Falls in Latest Cyber Risk Quantification Forrester Wave
Safe Security and Axio remained atop Forrester's cyber risk quantification rankings, with KPMB climbing onto the leaderboard and ThreatConnect falling off the leaderboard. Cyber risk quantification tools have moved beyond basic risk modeling to automate recommendations and analyze trends.

CIO Greg Barbaccia's Memo Targets Churn, Burnout, Fragmented Culture
When Gregory Barbaccia took the job as the U.S. federal CIO in January 2025, he became the sixth person to hold the position in eight years. Five months into his tenure, he laid out 16 operating principles in the latest attempt to stabilize leadership churn.

AI Assistants Accelerate Coding But Can Create Huge Risks for the Inexperienced
When used well, vibe coding can unlock astonishing productivity and lower the barrier to getting ideas off the ground. But here's the problem: Too many newcomers are mistaking it as a replacement for a deep understanding of coding and software development principles.

Trojanized NetExtender Installer Exfiltrates Data to Hardcoded IP Address
Fake versions of SonicWall VPN software contain a credential-stealing Trojan, the California network security company warned Monday. Imposter versions of tools such as VPNs, virtual desktops and software development tools "are often laced with infostealers."

Predibase Acquisition Adds AI Talent, Cost-Optimization and Fine-Tuning Model Tech
Rubrik has acquired Predibase to accelerate enterprise generative AI adoption with improved accuracy and efficiency. Rubrik will combine its trusted data security with Predibase’s model hosting and tuning to drive scalable, trustworthy AI deployment to help scale projects from pilot to production.

Agency: Rising Threats Put Manufacturing Supply Chains, Patient Safety at Risk
The Food and Drug Administration is urging medical product makers to carefully address the cybersecurity of their connected operational technologies, including advanced and "smart" devices used in their manufacturing and supply chains, to reduce the risk to rising cyberthreats.

'IntelBroker' Faces Four-Count Indictment in Manhattan Federal Court
A hacker known online as "IntelBroker" and who has a history of spilling sensitive information faces a four-count criminal indictment in the United States after French police arrested him in February. IntelBroker's true identity is British national Kai West, U.S. federal Manhattan prosecutors said.

Voice Analytics Firm to Expand Footprint in Finance, Defense and Insurance
Clearspeed will use its $60 million raise to build out teams and technology as it scales its AI-powered voice screening platform across finance, insurance and security sectors. CEO Alex Martin said the firm aims to double revenue and push into conservative sectors seeking AI-powered trust solutions.

Hackers Can Use Unverified Email to Log onto SaaS Apps With Entra ID
A flaw in a Microsoft single sign-on feature allowing cloud app account takeovers discovered in 2023 never really went away, say researchers - notwithstanding a computing giant claim that it almost immediately fixed the vulnerability known as nOAuth.

Gartner Says Leaders Should Balance AI Innovation With Strong Data Governance
As AI adoption grows, Gartner warns that data governance, not technology, is the top hurdle. At the Mumbai summit, Gartner analysts said data and analytics leaders should shift from fear to trust, align with business goals and scale AI through practical governance.

Congress Faces Pressure to Modernize Cyber Definitions, Safeguards Before Deadline
With the Cybersecurity Information Sharing Act of 2015 set to expire this fall, lawmakers face mounting pressure to update its liability protections and outdated definitions, as experts warn that failure to modernize could undermine public-private threat sharing and weaken national cyber defenses.

10-Year Freeze on AI State Laws Remains in Senate Bill Despite Fierce Pushback
A decade-long federal ban on state AI regulations remains in the Senate’s version of Trump’s sweeping legislative bill, drawing sharp bipartisan criticism for sidelining state oversight and granting tech giants a reprieve amid growing calls for stronger AI governance.

Legitimate Remote Access Tool Weaponized by Attackers Using Authenticode Stuffing
Researchers are tracking a rise in online attacks involving legitimate ConnectWise software that's been repurposed by attackers, using a tactic that leaves the installation software vendor-signed, while adding capabilities that turn it into malware, thanks to a tactic called Authenticode stuffing.

Researcher Details Stealthy Multi-Turn Prompt Exploit Bypassing AI Safety
Well-timed nudges are enough to derail a large language model and use it for nefarious purposes, researchers have found. Dubbed "Echo Chamber," the exploit uses a chain of subtle prompts to bypass existing safety guardrails by manipulating the model's emotional tone and contextual assumptions.

Geopolitical Conflict Involving Iran, Israel, US Ripe for Attacks on Sector
Government authorities are warning of increased risk of Iranian cyber and related threats against healthcare and public health sector organizations - including ransomware, distributed denial-of-service and other attacks related to that nation's escalated conflicts with Israel and the U.S.

Attorney Edward Machin on How the New Law Affects Data Use and Risk
The U.K.'s new data bill updates rules on AI, cookies and automated decisions while keeping EU data-sharing intact. Edward Machin of Ropes & Gray calls it "evolution, not revolution" and says the lighter-touch approach still carries serious long-term consequences.