DataBreachToday.com

FBI Accessed Encrypted Windows Devices Via BitLocker Keys, Microsoft Says
Microsoft confirmed it handed over BitLocker recovery keys to the FBI in 2025 under court order, raising concerns over cloud-stored encryption keys and whether default designs that prioritize recovery convenience and efficiency weaken user control and security.

Partnership With Israeli Startup Brings Real-World Threat Labs to Security Training
ISMG has teamed with CyCube to strengthen CyberEd.io's hands-on cyber training platform. The strategic investment aims to deliver personalized, adaptive labs and assessments that help security teams respond to evolving threats fueled by generative and agentic AI.

'WhisperPair' Flaw Likely to Endure for Years
A hacker could secretly record phone conversations, track users' locations and blast music through headphones due to a flaw in implementations of a Google-developed low-energy technology for discovering nearby Bluetooth devices.

Feds Warn US May Lose Quantum Race Without Sustained Research Funding
Federal scientists told Congress that failure to reauthorize the National Quantum Initiative threatens to unravel coordinated research and development progress, stall commercialization and allow China to surpass U.S. leadership as adversaries accelerate post-quantum capabilities.

OIG: Gaps in Standards, Third-Party Oversight Put Agencies, Health Sector at Risk
Auditors say the U.S. Department of Health and Human Services should buttress its ability to respond to cyberthreats by standardizing governance and controls across its many divisions - and also do a better job of overseeing its many contractors and the risk they introduce.

Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System Compromise
Attackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.

CISOs Grapple With AI Blind Spots, Excessive Permissions and Governance Issues
Machine identities continue to multiply as organizations push automation, cloud services and AI-driven initiatives deeper into core operations. This rapid growth creates new vulnerabilities, especially when non-human identities lack governance or are completely invisible to security teams.

Also: $7M Saga and $5M Makina Finance Exploits
This week, South Korea dismantled a $102 million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win ethereum transaction auctions for free.

Also, CIRO Phishing Breach, Ingram Micro Ransomware and CVE Surge
This week, DOGE posted sensitive data on an outside server. A phishing attack affected 750,000 Canadians. A hacktivism warning from the U.K. NCSC. An Ingram Micro breach. CVEs surged in 2025. SK Telecom challenged a fine. Researchers disclosed Chainlit flaws. North Korean hackers abused VS Code.

Corporate Hiring Practices Risk Shutting Down the Talent Supply Line
In cybersecurity hiring, many organizations have quietly removed entry-level jobs from the workforce altogether. While it may meet immediate corporate goals to hire more experienced practitioners, these extremely limited on ramps for cybersecurity jobs risk cutting off the talent pipeline.

More Dry Powder Will Help Cloud Security Sweepstakes Against Palo, CrowdStrike, Wiz
Upwind is in talks with Bessemer Venture Partners and Picture Capital to raise more than $250 million at a valuation of $1.2 billion to $1.5 billion, Calcalist reported. Upwind in December 2024 closed a $100 million Series A round and tripled its valuation over the prior 15 months to $900 million.

Nearly $270M Cut From CISA Despite Mounting Foreign Cyberthreats
Congress is proposing cuts of nearly $270 million from the Cybersecurity and Infrastructure Security Agency's budget for fiscal year 2026, reducing funding for threat hunting and vulnerability management as officials warn foreign adversaries are escalating cyber operations targeting U.S. systems.

Breach Affected More Than a Dozen Healthcare Clients, 2.5M Patients
Electronic health records vendor Veradigm agreed to pay $10.5 million to settle consolidated class action litigation involving a December 2024 hacking incident discovered in mid-2025 that affected more than a dozen healthcare provider clients and about 2.5 million of their patients.

Decentralization and Sprawl Complicate University IT Programs
Several Ivy League universities - including Harvard and Princeton - experienced hacks in 2025 through unpatched enterprise software and sophisticated social engineering campaigns, showing that even the nation's wealthiest universities are vulnerable.

Acting Director Says Agency Has Stabilized After Major Staff Losses Throughout 2025
After a year of internal upheaval and budget strain, CISA's acting director told Congress the agency is now stabilized and will launch targeted 2026 initiatives, even as lawmakers weigh steep funding cuts that could limit its cyber defense capabilities across federal networks.

IBM Survey Finds AI Strategy Now Hinges on Integration and Differentiation
The thriving enterprise of 2030 will be AI-first, not just AI-enabled, said IBM's latest Institute for Business Value. The company surveyed more than 2,000 C-suite executives in the second half of 2025. The results paint a picture of the future of digital transformation dominated by AI technology.

Berlin Readies Legislation Authorizing More Aggressive Stance in Cyberspace
Germany wants to drastically step up defenses against cyberattacks from foes such as Russia, China, Iran and North Korea, and it's looking to key ally Israel for lessons and cooperation.

CEO Nadav Zafrir Discusses Lakera and Veriti Buys, Wiz Pact and AI Strategy Shift
Check Point Software is doubling down on AI security through the acquisitions of Lakera and Veriti and platform integration with Wiz. CEO Nadav Zafrir explains how the firm is shifting from point products to a holistic approach and why it's investing heavily to stay ahead in the AI security race.