DataBreachToday.com

Cisco Talos Attributes Campaign to UAT-9686
Likely Chinese nation-state hackers are exploiting an unpatched flaw in Cisco email appliances as part of an ongoing campaign to gain persistent access. Hackers have been exploiting since mid-November a zero-day in the Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.

Security Needs to Document Risks and Push Back Against Retroactive Accountability
A recent CISO resignation letter exposes a structural flaw in how organizations manage cyber risk. It shows what happens when risk is accepted quietly and accountability is enforced retroactively, and it's a cautionary tale about why CISOs need to actively manage their careers.

More Dry Powder Will Help Cyera Compete Against Proofpoint, Rubrik in AI Agent Era
Cyera in just four years has raised $1.3 billion, the second-largest venture haul for any cyber startup behind only Wiz. The company set its sights even higher in 2026, with media reports that Cyera is set to receive another $400 million - this time from Blackstone - at a valuation of $9 billion.

Ink Dragon Compromised IIS Networks to Relay ShadowPad Malware
A Chinese hacking group is using compromised European government networks as relay nodes to route commands and support other hacking operations. Security firm Check Point attributed the campaign to a Chinese espionage group it tracks as "Ink Dragon."

Experts Say AI Is Already Enabling Faster and Harder-to-Detect Attack Campaigns
Artificial intelligence-fueled malware and automated cyber tools are enabling faster, more adaptive attacks at scale, with experts warning Congress that adversaries are now leveraging AI and quantum advances to outpace defenders and bypass outdated security architectures.

Push Comes as HHS Steps Up Enforcement of Data-Sharing and Record Access Regs
A privacy-minded senator is pressuring U.S. health tech companies to give patients more control over where their patient data goes, framing the matter as a matter of national security as well as privacy. Regulators have ramped up enforcement of rules that promote the interoperability.

Widely Used ukr.net Is a Repeat Focus for APT28 Cyberespionage Operations
Don't expect cyber spies to respect distinctions between military and civilian networks, especially in times of war, warn researchers tracking persistent Russian military intelligence credential-harvesting attacks against users of Ukraine's popular, commercial UKR.NET webmail platform.

Also: macOS Naughty or Nice, Cybercrime Karma, Spoofing Legacy Rail Infrastructure
London in December: Early to dark, quick to rain but also festive - and a mecca for cybersecurity researchers there for the annual Black Hat Europe conference. This year's event featured nearly 50 briefings that touched on everything from hardware hacking to combing infostealer logs for hidden gems.

Practical Steps That Effectively Strengthen Security and Resilience
Cyberattackers know SMBs think they're "too small to be a target" - and they're acting on it. Learn why small businesses are increasingly targeted and the five foundational steps that can significantly reduce cyber risk.

Kerberos Overhaul Will Disable RC4 by Default in Windows
Microsoft will disable RC4 by default in Windows Kerberos, pushing organizations to uncover and eliminate longstanding cryptographic weaknesses hidden in legacy authentication systems - particularly within large domains where fallback to RC4 has quietly persisted for decades.

Cybercrime Gang Rhysida Still Lists the Practice on Its Leak Site Among Its Victims
A Kansas medical group will pay $1.2 million to settle proposed class action litigation involving an attack that compromised the sensitive data of nearly 256,000 individuals. The Rhysida ransomware operation claimed responsibility and said it stole 3 terabytes.

AI Is Now the Top Focus for Modernization to Relieve Budget, Staffing Pressures
According to the National Association of State CIOs, this year AI tech - including generative and agentic AI - is the top strategic initiative for state CIOs - marking an "unprecedented" shift in IT priorities, said NASCIO Executive Director Doug Robinson. In fact, AI first appeared on the organization's annual survey of state and territory CIOs just three years ago.

Secure-by-Design Startup Uses AI Agents to Safeguard Containers, VMs and Libraries
Cloud security startup Echo has closed a $35 million Series A funding round to boost development of its AI-native OS. The platform starts with secure container images and aims to extend to VMs and libraries, helping enterprises minimize risk from open-source software.

Deal Would Move ServiceNow's Cybersecurity Ambitions From the Shadow to Spotlight
ServiceNow's security business has long been a sleeping giant inside the workflow orchestration behemoth's portfolio that in recent months appears to have awoken. With the buy of Armis possibly imminent, ServiceNow's security ambitions appear to be moving from the shadows to the spotlight.

ServiceNow's Neeraj Jain on Risk Mitigation and Real-Time Data Access for AI Agents
Enterprises that embed governance from intake to deployment scale AI faster than those that bolt it on afterward. Clear frameworks mitigate risk, ensure compliance and increase operational efficiency, says Neeraj Jain, director of product management, hyperscalers and multi-cloud at ServiceNow.