DataBreachToday.com

AI Leaders Call for Proactive US Response Amid Chinese Technology Breakthroughs
The United States risks losing the so-called "AI Cold War" against China unless it abandons traditional containment strategies and adapts to Beijing's advances, panelists told lawmakers Tuesday. "I'm as stunned as all of you about just how fast China has caught up," said Adam Thierer.

Zero Trust Network Access Firm Plans to Enhance Platform and Grow Revenue Faster
Tailscale has landed $160 million in Series C funding to scale its platform and meet growing demand from AI and enterprise firms. The networking company will invest in engineering to support multi-cloud and identity-based networking features.

How CIOs and CISOs Can Navigate With Balance
Tariff wars may hit technology leaders hard in 2025 as the Trump administration's 10% import tax, plus reciprocal tariffs, spikes costs. CIOs and CISOs face supply chain disruption and heightened cyber risks. But they can adapt with cloud shifts, smart deals and better advocacy.

Rising Attacks Mask Lowering Profits, Attention Economy Competition
Ransomware groups' collective power to command victims' attention and compel extortion is waning, notwithstanding the disruption and chaos that continues to be their hallmark. The criminal underground powering ransomware is a world in flux where old, established groups are giving way to new brands.

Gartner's Pete Redshaw on Why the CISO or CRO Should Take the Lead
Cybersecurity, IAM, fraud and compliance will converge across financial institutions in the next five to six years. This transformation will follow a phased path, beginning with data integration, followed by tool alignment and eventually team restructuring.

Hoxhunt Predicts Phishing-as-a-Service Will Adopt AI Spear Phishing Agents
AI surpassed human red teams in crafting phishing attacks, at scale and with alarming success, asserts research from cybersecurity training firm Hoxhunt. The company's proprietary AI spear phishing agent, outperformed human counterparts by 24%, a turnaround from a31% deficit in 2023.

Analysts Praise FedRAMP's Speed Goals, but Worry About Unclear Execution Details
The General Services Administration is aiming to speed up cloud approvals by automating security assessments for FedRAMP, but experts tell Information Security Media Group that key questions remain on its execution, with concerns over vague directives and the impact on existing processes.

Hackers Use Credential Stuffing to Steal AU$500,000, Breach 20,000 Member Accounts
Australia's largest pension funds faced coordinated credential attacks last week that compromised thousands of user accounts and led to the theft of at least AU$500,000 from four superannuation accounts. The affected funds included AustralianSuper, Rest and Australian Retirement Trust.

CEO Accused of Providing Misleading Revenue, Liquidity Numbers to Key Stakeholders
Financial statement fraud is once again making headlines. Fashion startup CaaStle has accused its co-founder and CEO, Christine Hunsicker, of serious financial misconduct, leading to her resignation. The incident could be one of the biggest cases of start-up fraud in recent years.

More Evidence Surfaces of Chinese Hackers Targeting Ivanti Products
A suspected Chinese cyberespionage operation is behind a spate of malware left on VPN appliances made by Ivanti. The threat actor used a critical security vulnerability the Utah company patched in February. "We are aware of a limited number of customers whose appliances have been exploited."

Cybersecurity Wonks Find Fault With Home Office Ransomware Proposals
A collection of British cybersecurity policy wonks poured cold water over a British government proposal to outlaw ransom payments by government agencies and from regulated operators of critical infrastructure. A ban wouldn't likely represent a significant blow to ransomware profits.

Lawyer Jonathan Armstrong on Legal, Ethical Fallout From Looming 23andMe Auction
The financial collapse of personal genomics giant 23andMe raises an urgent question: What happens to your most intimate data when the company holding it goes bankrupt? Jonathan Armstrong, partner at Punter Southall Law, warns of cascading legal, ethical and security consequences.

Also: 23andMe's Privacy Meltdown, Investors' $500M AI Bet on ReliaQuest
In this week's update, ISMG editors discussed the Trump administration's cybersecurity funding cuts and potential impact on state and local ransomware defense, 23andMe's bankruptcy and the FTC's stance on genetic data privacy, ReliaQuest's $500 million raise and what it means for AI-led SecOps.

Investigators See Ongoing Use of Living-Off-the-Land Binaries, Frequent RDP Abuse
Incident responders studying last year's top attacker tools, tactics and procedures have urged cyber defenders to monitor for the unusual use of legitimate administrator tools, suspicious use of Remote Desktop Protocol, as well as attempts by attackers to hide their tracks by wiping logs.

Officials Warn Trump's Abrupt Firings Severely Weaken National Cyber Defenses
President Donald Trump fired National Security Agency and Cyber Command chief Gen. Timothy Haugh after a meeting with far-right conspiracy theorist Laura Loomer, sparking concerns among cybersecurity experts and lawmakers that the dismissals weaken national cyber defenses and military readiness.

The Health Sector Coordinating Council is urging the Trump administration to drop work on a proposed HIPAA security rule update and instead engage in a collaborative dialogue with healthcare sector leaders to create alternative cyber requirements, said Greg Garcia, executive director of HSCC.

Incentives, Tech Barriers and Fraud Fears Hamper FedNow Growth
Economic hesitation, legacy concerns and escalating fraud fears have hampered the adoption of a payment rail touted as the next big thing in the U.S. payment landscape, with government backing and technological promise of clear benefits to consumers and the financial sector.

Also: Gootloader Malware, GCHQ Intern Pleads Guilty, Check Point Breach Update
This week, a "Fast Flux" warning, Gootloader malware, an GCHQ intern pleaded guilty to stealing top secret data and Check Point undercuts hacking claim. Also, Google rolled out end-to-end encryption for some Gmail users, Apple backported patches and Dutch prosecutors cut internet access.

European Commission Demands Law Enforcement Access to Data
The European Commission’s ProtectEU strategy aims to overhaul internal security, proposing law enforcement access to encrypted data by 2026 and a roadmap to explore lawful encryption backdoors and enhanced intelligence-sharing between EU member states and agencies to combat rising cyber threats.