BankInfoSecurity.com

Signs Point to Multiple Exploit Chains, One Including a Zero-Day, Being Employed
Data-stealing attacks targeting Oracle E-Business Suite, for which an affiliate of Russian-speaking Clop ransomware group is claiming credit, appear to have begun by August and involved multiple attack chains, of which one targeted a zero-day vulnerability, report Google threat researchers.

Also: Shibarium Plans to Reimburse Victims, $1.8M Abracadabra Hack
This week, hackers stole $21 million from SBI crypto, Shibarium planned reimbursement for $4 million bridge exploit victims, Abracadabra lost $1.8 million in a hack and North Korean threat actors have set a new record stealing $2 billion this year so far.

Risk and Compliance Review Professionals Can Save Millions and Help Avoid Breaches
Risk and compliance review requires more than just checking off boxes. It involves understanding what the fine print reveals about how a vendor protects data, manages incidents and upholds contractual obligations. Professionals who review contracts become trusted voices in procurement and security.

Platform Vendors Target Runtime Defense, Prompt Flow, Agent Identity and Output
As autonomous AI grows, so does the security risk. Prompt injection, identity control and AI observability are at the center of a dozen recent acquisitions, as vendors including Cisco, CrowdStrike, Palo Alto Networks and SentinelOne try to adapt to the autonomy and unpredictability of LLM-powered bots.

Beijing-Based Institute Researches Steganography, Forensics, Network Penetration
Beware previously undocumented front companies for China's main intelligence service that appear to be tasked with gathering and developing steganography, digital forensic, network penetration and other cybersecurity tools to serve Beijing's military and intelligence apparatus, warn researchers.

Guide Helps Teams Prioritize, Recognizing Not All Vendors Pose Same Level of Risk
Third-party security risk is among the most complicated challenges facing the healthcare sector because of the wide variety of vendors involved and the critical products and services they provide. A new Health Sector Coordinating Council toolkit aims to help entities navigate those difficulties.

AI Strategies Seeks to Bolster Its Position in the Global AI Race
The European Union is pledging $1 billion euros to boost a continental vision of artificial intelligence amid mounting fears the trading bloc is falling behind on research and adoption into the cutting edge technology. "We will help speed up the process," said the European Commission president.

Telegram Used to Lure Teen Recon Recruits
The late September arrest of two teenagers in the Netherlands on suspicion of capturing Wi-Fi signals for pro-Russian hackers has sparked warnings from security analysts over a digital drive for low-skill reconnaissance tasks by nation-state spymasters.

Firm Deploys Claude for Staff, Refunds Australian Government Over AI Errors
Deloitte will embed Anthropic's Claude across its workforce despite flaws in a report from a government client that its analysts produced work with the help of generative artificial intelligence, costing the company thousands of dollars.

Texas-Based Harris Health Says FBI Just Gave Green Light to Notify 5,000 Patients
Harris Health is contacting 5,000 patients about a breach involving a former employee who improperly accessed electronic health records for over a decade. The Texas health entity said it discovered and reported the incident four years ago to the FBI, which just gave the green light for notification.

Signal and Rights Groups Urge Berlin to Reject CSAM Proposal Ahead of Key EU Vote
The German federal government is under pressure to withdraw support for a European Union content scanning proposal that critics argue poses large-scale privacy risks. The EU Justice and Home Affairs Council is set to vote Oct. 14 on a regulation called Chat Control.

Email Security Acquisition Aims to Bring Cross-Platform Data to Phishing Defense
Kaseya’s acquisition of Inky reflects the need for broader platform integration in email security. With phishing attacks becoming more subtle, founder and CEO Dave Baggett says access to login data and other platform signals is critical for threat detection.

Attacks on RMM Tools Surged in 2025, With 51 Solutions Flagged as Targets
Cybercriminals are hijacking trusted remote monitoring and management tools to bypass defenses, gain persistent access and quietly stage ransomware attacks. Experts warn MSPs and enterprises that supply chain exposure amplifies the scale of these intrusions.

Deal Would Boost Veeam's Cyber Footprint as Data Protection Vendor Valuations Surge
Bloomberg reported that data protection and ransomware recovery giant Veeam is in advanced talks to buy DSPM and AI security vendor Securiti for $1.8 billion, with an announcement coming as soon as this week. The deal would accelerate Veeam's pivot from backup and disaster recovery to cybersecurity.

The Edmund Group's Adler on Managing Third- and Fourth-Party Risk in Healthcare
Healthcare organizations face growing risks from data distribution, vendor dependencies and global instability. Steven Adler, partner at The Edmund Group, discusses practical steps to strengthen vendor oversight and resilience.

Manufacturer Resumes Operations at Wolverhampton Unit
British car maker Jaguar Land Rover began on Monday a phased restoration of operations following a month of cyberattack-induced idleness. Fears of large-scale job losses at the car manufacturer and its extensive network of suppliers led the U.K. government to guarantee a 1.5 billion pound loan.

2020 Hack Has Cost EyeMed About $12.6M in Multiple Regulatory Fines, Settlements
Benefits provider EyeMed Vision Care has agreed to pay $5 million and improve its security practices to settle class action litigation involving a 2020 phishing breach. The incident has been the subject of previous multimillion dollar settlements and enforcement actions by multiple state regulators.

Proliferating Age Verification Systems a Hacker Target
A vendor breach linked to Discord exposed government ID uploads used in age verification, raising alarms among privacy experts who warn that third-party data collection systems are becoming high-value targets amid rising legislative mandates for online age checks.

A Proven Fractional CISO Can Help Close Leadership Gaps and Strengthen Resilience
Hiring a fractional CISO gives your business the executive security leadership it needs - without the full-time cost. But not all providers are equal. Knowing how to evaluate talent, provider stability and delivery is key to ensuring lasting value, trust and resilience.