DataBreachToday.com

Legal Experts Marian Waldmann Agarwal and Marijn Storm on Impact of AI Regulations
AI regulations are tightening, bringing new compliance challenges, especially for high-risk systems. Morrison Foerster partners Marian Waldmann Agarwal and Marijn Storm explain how EU and Colorado AI regulations are reshaping governance and security requirements for organizations.

Forrester's Thomas Husson on Reactions to DeepSeek, Fears of Overregulation
The AI Action Summit this week came on the heels of the DeepSeek-R1 launch by Chinese AI company, as well as recent enforcement actions of the EU AI Act. A number of leaders from both inside and outside of Europe criticized the EU law, fearing that new regulations will stymie innovation.

President Matt Mills Shares M&A Vision, Machine Identity Security, Market Expansion
SailPoint returns to the public markets, and President Matt Mills discusses the company's SaaS evolution and market expansion plans. He outlines how proceeds from the IPO will be used and highlights new tools for managing the growing risk from unmanaged machine identities.

Emerging Vendors, Consolidation Drive Innovation in Fraud, AML and Scam Prevention
As cybercriminals exploit AI-generated deepfake scams and synthetic identity fraud, financial institutions are investing heavily in fraud detection, anti-money laundering solutions and identity verification to stay ahead. This demand is driving consolidation in the market.

Russian, Iranian and Chinese APTs Among Most Active Ransomware Collaborators
Security researchers are increasingly finding it challenging to attribute cyberattacks due to surging cooperation between nation-state hackers and ransomware groups, especially for espionage purposes. They say it reflects the blurring of the lines between state-directed and criminal activities.

Cuts Hit Duplicative Roles, Positions Rooted in Secureworks Being a Public Company
Sophos laid off 6% of its staff just days after closing its $859 million acquisition of Secureworks. The job cuts will streamline duplicative roles following the Feb. 3 close of the Secureworks deal as well as reduce positions that are no longer needed since Secureworks delisted as a public company.

Could CISA's Uncertain Future Embolden Nation-State Attackers?
As the future of the Cybersecurity and Infrastructure Security Agency becomes increasingly uncertain in the wake of a massive federal overhaul, experts warn that key U.S. infrastructure sectors, including energy, financial services and election infrastructure, are at a heightened risk of cyberattacks and cyberespionage.

Astaroth Kit Offered for $2,000 on Telegram, Intercepts Authentication in Real Time
A new phishing kit called Astaroth bypasses two-factor authentication through session hijacking and real-time credential interception from services like Gmail, Yahoo, AOL and Microsoft 365. Acting as a man-in-the-middle, it captures login credentials, tokens and session cookies in real time.

Telecoms Still Falling to Chinese Nation-State Hacking Group, Researchers Warn
A Chinese cyber espionage group tracked as Salt Typhoon and tied to the mass hacking of telecommunications networks in the U.S. and dozens of other countries has been continuing to seek and hack unpatched equipment, including exploiting two long-patched vulnerabilities in Cisco gear.

Apply These Proven Methodologies to Assess, Prioritize and Act Quickly in a Crisis
Cybersecurity professionals frequently deal with multiple issues - all demanding immediate attention. How can you demonstrate the ability to make sound decisions to advance your career? Decision-making in high-stakes environments demands clear methodologies that promote both efficiency and accuracy.

Executive Order Gives Musk Team Hiring Authority Across Federal Government
President Donald Trump's latest executive order grants hiring authority across the federal government to his billionaire adviser Elon Musk's task force, raising concerns that the move could undermine federal cybersecurity efforts, weaken U.S. cyber defenses and leave key security positions unfilled.

Breach of GoAnywhere File Transfer App at Brightline Affected 1 Million Patients
Virtual mental health provider Brightline has agreed to pay $7 million to settle a proposed class action lawsuit involving a data breach affecting about 1 million individuals stemming from the 2023 hack by ransomware gang Clop on software vendor Fortra's GoAnywhere managed file transfer application.

Chinese State-Sponsored Cyber Group Deploying Fileless Malware to Persist
Chinese state-sponsored cyber group APT40 intensified its attacks on government and critical infrastructure networks in the Pacific region by deploying fileless malware and modified commodity malware, prompting Samoa's cybersecurity agency to issue an urgent advisory.

Cybersecurity Officials Launch Major Push for Zero Trust, Secure-By-Design Approach
The Australian Signals Directorate's Australian Cyber Security Center released guidance on proactive cyber defense strategies to help organizations build a modern, defensible network architecture that's resilient to cyberattacks and designed to help minimize impact on critical systems and assets.

US, UK and Australia Target Zservers for Supporting LockBit, Other Cybercrime Groups
A Russian bulletproof hosting service used by cybercriminals including the LockBit ransomware group has been sanctioned by Australian, British and American agencies. Zservers has been advertised in criminal forums as an aid to avoid law enforcement investigations and takedowns.

Chapter 11 Looms as Eric Gan Seeks Custodian and Liberty, SoftBank Block Financing
Cybereason faces a crisis as a boardroom deadlock halts financing efforts. CEO Eric Gan and his family firm seek a custodian to halt the impasse, alleging SoftBank and Liberty Strategic Capital are prioritizing control over the company’s financial stability. Without urgent funding, bankruptcy looms.