DataBreachToday.com

Security Experts See Coincidental Timing After Leak of Scraped Instagram User Data
Instagram said a massive wave of password reset emails sent to its users traced to malicious abuse of a legitimate feature, but didn't result from any breach of its systems. Separately, security experts said a threat actor leaked 6.2 million users' email addresses, among other account information.

Elon Musk's Social Media Network Faces Mounting Backlash from Governments
The British communications regulator is formally investigating social media network X over the willingness of its Grok AI to let users virtually undress people, including minors. Ofcom said Monday that will probe whether X is complying with the Online Safety Act.

More Than 91,000 Attacks Target Exposed LLM Endpoints in Coordinated Campaigns
Two coordinated campaigns generated more than 91,000 attack sessions against AI infrastructure between October and January, with threat actors probing more than 70 model endpoints from OpenAI, Anthropic and Google to build target lists for future exploitation.

Hitachi Energy Security Head Joe Doetzl on Common Tools and Practices
While IT and OT environments were traditionally seen as two separate parts of the organization, security teams can use common tools and practices to protect both areas, said Joe Doetzl, head of cybersecurity at Hitachi Energy. The company designated a single leader for IT-OT environments years ago.

$740M SGNL Acquisition Boosts Dynamic Identity Enforcement for Humans and AI Agents
With the $740M acquisition of SGNL, CrowdStrike aims to deliver dynamic access control for human and nonhuman identities. The real-time enforcement layer expands CrowdStrike's identity capabilities amid a market shift toward zero standing privilege and agentic workforce security.

AI Failures May Hide in Ways that Safety Tests Don't Measure
When an AI chatbot tells people to add glue to pizza, the error is obvious. When it recommends eating more bananas - sound nutritional advice that could be dangerous for someone with kidney failure - the mistake hides in plain sight.

Staff Working on China, Intel, Military Oversight Targeted in Espionage Operation
U.S. officials are probing a suspected Chinese cyber campaign tied to Salt Typhoon that breached congressional staff email systems supporting national security committees, exposing sensitive discussions and raising concerns about unclassified federal network defenses.

Mapping Platform Exposed Addresses and Medical Assistance Plans
The Illinois Department of Human Services is notifying more than 700,000 people of a breach involving "incorrect privacy settings" left in place for several years that exposed online data pertaining to Medicare, Medicaid and rehabilitation services recipients.

Also: Turning AI Data Into AI Defense, Autonomous Border Patrol Robots
In this week's panel, ISMG editors discussed how basic security failures are still opening the door to major breaches, how researchers are rethinking data protection in the age of artificial intelligence and the implications of robots with AI patrolling national borders.

Security operations center (SOC) teams are under nonstop pressure. Threats are rising, attack techniques are evolving, and analysts are drowning in alerts. Meanwhile, SOC leaders are asked to do more with fewer resources and tighter budgets.

Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited
This week, Moody's said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches.

Blackstone-Led Funding Round Expands R&D and Partnerships to Address AI Threats
With AI adoption outpacing security readiness, Cyera secured $400 million at a $9 billion valuation to protect data in an agentic AI landscape. The company plans to expand engineering efforts and partner with tech giants to create a control plane for enterprise AI use.

Also: Unleash Protocol Hack, LastPass Breach Linked to Crypto Thefts
This week, an alleged fraud kingpin deported to China, Bitfinex hacker gained early release, Unleash Protocol's $3.9M hack, TRM tied crypto thefts to the LastPass breach, Trust Wallet's link to the Sha1-Hulud attack, Flow's NFT loan fallout, Ledger's data exposure and Kontigo reimbursements.

Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited
This week, Moody's said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches.

OpenAI: Tool Will 'Securely' Connect With Medical Records, But How Will That Work?
OpenAI is rolling out a new version of ChatGPT dedicated to health that the company said will also "securely" connect users' medical records and wellness apps to better personalize responses. OpenAI says more than 230 million people each week ask ChatGPT wellness and health related questions.

CISA Warns of Retaliatory Cyber Action From Hostile State Actors After Venezuela
Federal cybersecurity officials are warning of a likely uptick in retaliatory cyber activity from China and Russia-linked threat actors after the U.S. military raid in Venezuela, urging infrastructure operators to brace for disruptive probing and attacks.

Acquisition of MSP MacSolution Boosts Global Services and Cloud Migration Expertise
JumpCloud has acquired MacSolution, a longtime partner and its largest MSP in the Americas, to enhance global service delivery and deepen its IT modernization capabilities. The move positions Sao Paulo, Brazil, as a strategic hub and strengthens support for partners and customers in Latin America.

Why Human-Centric Zero Trust Models Fail in a World of Autonomous AI Agents
Zero trust was built for humans, not autonomous AI agents. As organizations adopt agentic AI at scale, human-centric security assumptions break down - creating a paradox between utility and least privilege that traditional zero trust models cannot resolve.

Targeted Threat Intel Firm Shares Details With Police After Honeypot Hit
Getting owned by deception technology isn't good news for one's criminal brand or ability to remain at large. Just ask the band of young hackers behind "Scattered Lapsus$ Shiny Hunters," when one of their ilk fell into a security firm's honeytrap, revealing his actual IP address in the process.