BankInfoSecurity.com

Also: Anthropic Warns of Autonomous AI Exploits on Blockchain
This week, authorities shutter Cryptomixer, Anthropic warns about autonomous AI exploits, U.K. plans ban on crypto political donations, Do Kwon seeks leniency, Lazarus Group suspected in Upbit theft, Balancer's post-exploit plans and Yearn recovers some hacked amount.

AI in OT May Trigger Cascading Infrastructure Failures
The U.S. cyber defense agency warned that machine learning and large language model deployments can introduce new attack surfaces across critical infrastructure sectors in a document setting out principles for safely integrating AI into operational technology.

Skills Needed: Enterprise Architecture, Configuration and Vulnerability Management
When a critical vulnerability surfaces in ERP systems such as the Oracle E-Business Suite flaw, attackers can go well beyond a single compromised server. The flaw exposed the need for cyber professionals who understand enterprise architecture, secure configuration and vulnerability interpretation.

Federal Cuts Threaten Grid Security as Nation-State Hackings Escalate, Analysts Say
Cybersecurity leaders told Congress that U.S. energy systems are already compromised by state-backed actors - chiefly China - and warned that shrinking federal support for grid security programs threatens to worsen exposure as utilities face escalating threats with limited resources.

Mirion Medical Says Bugs Are Fixed in New Release of BioDose/NMIS Software
U.S. federal authorities are warning that several high-severity vulnerabilities discovered in Mirion Medical Co. inventory tracking software used by nuclear medicine departments could allow attackers to modify program executables and gain access to sensitive information.

Organizations are adopting agentic artificial intelligence as the next phase of AI. Kim Basile, CIO of Kyndryl, explains how organizations can prepare teams to work with agentic AI, emphasizing culture, training and governance as the crucial drivers of AI readiness and adoption.

Marquis Software Solutions Says Ransomware Group Hit SonicWall Device, Stole Data
Marketing and compliance software maker Marquis Software Solutions, which counts over 700 banks and credit unions as customers, said a ransomware group breached its SonicWall firewall and stole hundreds of thousands of individuals' personal details, including Social Security numbers.

China Still Relies on US Technology, Experts tell Senate
Washington spent years constructing export barriers around America's most sensitive artificial intelligence technology. Witnesses told the U.S. Senate Foreign Relations Committee that China is finding ways to move around them. Where one pathway closes, Beijing opens another.

Attackers Could Hijack Developer Machines via Tampered Config Files
OpenAI patched a command injection flaw in its Codex CLI tool that let attackers run arbitrary commands on developer machines by hiding malicious configuration files inside code repositories. Hackers could turn ordinary repository files into execution vectors.

Government Opts for Voluntary Frameworks Over Enforceable Safeguards
Australia's federal government has quietly shelved the mandatory AI guardrails it proposed just three months ago, replacing enforceable requirements with voluntary guidance in its National AI Plan released today.

CEO Matt Garman Shares Plans for Developing Billions of Autonomous Agents
For two decades, AWS has been the undisputed leader in cloud computing, but listening to AWS CEO Matt Garman at the re:Invent 2025 conference, the future isn't in the infrastructure layer. Garman envisions a fundamental shift from applications in the cloud to a cloud of autonomous AI agents.

MuddyWater Hides Malware With Game Delay Technique
Iranian nation-state hackers took inspiration from a mobile phone time-killing mainstay, say security researchers who spotted hackers downloading malware masquerading as the Snake video game. A callback to the game isn't nostalgia, say researchers at Eset.

Chinese Developer Formerly Employed by Company Suspected of Data Theft
South Korea's biggest online retailer, Coupang, said a five-month breach exposed personal data pertaining to 34 million customers, and only came to light after it received an extortion demand. Police said a former developer at the company, a Chinese national who fled the country, is a suspect.

Industry Wants to Stick to Voluntary Measures
U.S. telecommunications networks are still vulnerable to foreign intrusion, national security and industry panelists told senators during a Tuesday hearing, warning that China and other adversaries are refining long-term access into American infrastructure.

Class Action Litigation Alleges Web Trackers Shared Patient Data With Tech Firms
Kaiser Permanente has agreed to pay up to $47.5 million to settle litigation stemming from its use of tracking codes in its websites, patient portals and mobile apps. Claimants alleged the trackers unlawfully shared patients' information with third parties, including Google and Microsoft.

Microsegmentation no longer remains a buzzword. In today's threat landscape, organizations are adopting it as a frontline defense against cyberattacks and higher cyber insurance premiums. About 90% of organizations are using some form of segmentation, according to Akamai's 2025 Segmentation Impact Study.

Move Comes After Ruling in Separate Case Discarded HIPAA Reproductive PHI Changes
The state of Texas has dropped a federal lawsuit filed against the U.S. Department of Health and Human Services that sought to vacate the 25-year-old HIPAA privacy rule, as well as 2024 rule changes under the Biden administration that prohibit the disclosure of reproductive health information.

Rapid7's Christiaan Beek on Ransomware Tactics and How to Mitigate Attacks in 2026
Ransomware attacks are reaching record highs, and 2026 may be even worse, said Christiaan Beek, senior director of threat intel and analytics at Rapid7. He warns that hackers are exploiting vulnerabilities as soon as they're disclosed, and they're focusing on flaws in devices on the network edge.