Ransomware DataBreachToday.com

Race-Condition Bugs in Ubuntu and Red Hat Tools Could Leak Sensitive Memory Data
Hackers could exploit a tool that stores crashed system data in older Linux operating systems to obtain passwords and encryption keys, warn researchers. The flaw lies in the way certain Linux distributions, including Ubuntu, Red Hat, and Fedora, handle application crashes.

Funnull Technology Is Content Delivery Network for Criminals, Says US Treasury
The U.S. government sanctioned a Philippine firm linked to romance bait scam websites. The Department of Treasury cut off Funnull Technology from the U.S.-dominated international monetary system for acting as a content delivery network for scam platforms.

Gartner: Security Service Edge Market Is Experiencing Evolution, Not Revolution
Pure-play security service edge specialists Zscaler and Netskope were once again joined by platform behemoth Palo Alto Networks atop Gartner's rankings of SSE vendors. The SSE market is experiencing evolution rather than revolution, with commoditization prevalent in legacy security technologies.

After Hours-Long Disruption, XDR Vendor Promises Full Root Cause Analysis of Outage
Cybersecurity vendor SentinelOne suffered a major, global outage for about six hours on Thursday that disrupted its monitoring of managed response service customers' endpoints and networks, interrupted software updates and kept administrators from accessing consoles for troubleshooting purposes.

Catholic Healthcare Organization Took IT Systems Offline in Response to Incident
Covenant Health, a Catholic healthcare organization serving New England and parts of Pennsylvania, is dealing with a cyber incident that has forced the entity to take its IT systems offline, affecting services at several of its facilities. That includes some hospitals and medical testing labs.

US, Australian Cyber Agencies Say Visibility Gaps Threaten Detection and Response
The Cybersecurity and Infrastructure Security Agency issued new guidance urging organizations to streamline Security Information and Event Management platform integration by prioritizing impactful log data and reducing blind spots that continue to plague even mature security operations centers.

Apex Security Detection Tools Help Tenable Spot Accidental and Malicious AI Misuse
Tenable is acquiring Israeli startup Apex Security to extend AI security features that go beyond asset discovery. With user-level controls and risk mitigation for AI usage, Tenable aims to accelerate its exposure management roadmap by integrating Apex into Tenable One later this year.

Retailers Report a Spurt in Breaches
Jewelry retailer Tiffany & Co. said hackers stole South Korean customers' data from a third-party vendor's platform, a disclosure that came shortly after sister brand Dior announced a similar breach. Hackers stole the personal information of South Korean shoppers.

Huang Says Rules Shut Nvidia Out of $50B China Market, Gives Rivals Long-Term Edge
CEO Jensen Huang says new U.S. chip restrictions on China forced Nvidia to write down $4.5 billion in AI inventory and will hurt American leadership in global infrastructure as Chinese firms gain momentum. The rules fuel China’s rise and jeopardize U.S. infrastructure dominance, according to Huang.

Also: Mango Markets Hacker's Convictions Overturned, Coinbase Lawsuit
This week, $223M Cetus Protocol hack, U.S. judge overturned Mango Markets hacker convictions, class action lawsuit against Coinbase, Cork Protocol's $12M exploit, fake software sites spread crypto-stealing malware, a violent crypto-linked kidnapping and civil proceedings against the ex-ACX exec.

Persistent Attack Grants Remote SSH Access via Exploit
Someone - possibly nation-state hackers - appears to be constructing a botnet from thousands of Asus routers in hacking that survives a firmware patch and reboots. Nearly 9,000 routers have been compromised and the number is growing, say researchers.

New Cyber and Electromagnetic Command Pitched as Lessons Learned from Ukraine
The United Kingdom pledged Thursday one billion pounds for a military "Digital Targeting Web" the government said will enable quick fire targeting of enemy assets, including through offensive cyber operations. "Ways of warfare are rapidly changing," said Defense Secretary John Healy.

Things to Include on Your CV When Your Job Focuses on Keeping Systems Running
If you're a junior SOC analyst, a GRC specialist or someone working in ICS environments, the idea of a cyber portfolio might seem irrelevant. It's not. Employers need tangible proof of your skills, and a well-constructed portfolio does just that - whether your job touches logs or legal frameworks.

APT31 Compromised the Czech Foreign Affairs Ministry in 2022
The Czech government on Wednesday said Chinese state hackers stole sensitive declassified information from the republic's foreign ministry as part of a years-long espionage campaign. Czech Ministry of Foreign Affairs attributed the hack to a Chinese nation-state group tracked as APT31.

Stealthy Malware Installs Cryptomining Software
A botnet targeting Internet of Things devices works by brute forcing credentials and downloading cryptomining software. Researchers call the botnet "PumaBot," since its malware checks for the string "Pumatronix," the name of a Brazilian manufacturer of surveillance and traffic camera systems.

'It's Just Totally Destabilizing,' Staffers Say Amid CISA's Leadership Exodus
An ongoing exodus of top officials and senior leadership at the Cybersecurity and Infrastructure Security Agency's regional offices has left staffers increasingly worried about a potential major shift in mission and continued cuts to staff and spending.

Researcher Analyzes System Prompts to Show How New Claude Models Work
System-level instructions guiding Anthropic's new Claude 4 models tell it to skip praise, avoid flattery and get to the point, said independent AI researcher Simon Willison, breaking down newly released and leaked system prompts for the Claude Opus 4 and Sonnet 4 models.

Google Is Getting Accolades for Veo 3, But the AI Video Tool Has a Darker Side
AI enthusiasts are saying Veo 3 is one of Google's best products. The mind-blowing AI constructs cinematic video clips from text prompts, and the results look real. Veo 3 pushes deepfake capabilities into uncharted territory and introduces new threats to truth, trust and authenticity.

ISACA Survey: 51% See Cyber Risk Hike; 46% Expect Regulatory, Compliance Challenges
Quantum technology is still emerging, but experts warn that failing to act now could jeopardize future data security. To safeguard tomorrow's information, organizations must start developing a post-quantum cryptography strategy and upskill their workforce today.

Red Canary Purchase Aims to Deliver Agentic AI-Powered Security Operations at Scale
Zscaler's buy of Red Canary will unify its cloud-based security infrastructure with Red Canary's MDR insights, giving rise to a next-gen SOC built on automation, AI, and rapid detection expertise. The integration will support a proactive SOC experience powered by AI workflows and security expertise.