Ransomware DataBreachToday.com

2 More Vulnerabilities Need Patching in React Server Components, Warns Vercel
Mass exploitation of the "React2Shell" - CVE-2025-55182 - vulnerability remains underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals running everything from cryptomining malware to DDoS services, security experts warn.

ServiceNow's Neeraj Jain on Risk Mitigation and Real-Time Data Access for AI Agents
Enterprises that embed governance from intake to deployment scale AI faster than those that bolt it on afterward. Clear frameworks mitigate risk, ensure compliance and increase operational efficiency, says Neeraj Jain, director of product management, hyperscalers and multi-cloud at ServiceNow.

National Accident Health Says Breach Exposed Medical Info of 181,000 People
A Maine-based third-party administrator that handles healthcare claims involving day care centers, youth sports and NCAA athlete accidents is notifying more than 181,000 individuals that their medical information and personal identifiers may have been accessed or stolen in a hacking incident.

Black Hat's Jeff Moss: 'We're in a Political Situation, Whether You Like It or Not'
Technology doesn't exist in a vacuum, and by extension neither does cybersecurity. But in recent years, Black Hat founder Jeff Moss said he's been "struggling" with the "uncomfortable truth" that unlike the largely risk-free early days of hacking, today "all tech is political."

Defense Bill Expands Cyber Authorities, Tech Adoption and Talent Pipeline
Congress advanced a $15.1 billion military cyber budget in the fiscal year 2026 National Defense Authorization Act, boosting core operations, workforce recruitment and tech modernization as civilian cyber teams face sharp staffing losses and budget constraints.

Companies Are Among the Latest HIPAA Business Associates Revealing Recent Hacks
New York-based medical supply fulfillment company Fieldtex is notifying its clients and more than 274,000 people about an August hack. Meanwhile, revenue cycle software firm TriZetto is also contacting its customer and patients about its own hacking incident.

Also: Australia's AI Policy Backtrack, Legal Protections for White Hat Hackers
In this week's ISMG Editors' Panel, four editors explored Australia's shift in artificial intelligence regulatory policy, a resurgence of white hat hackers in the news and the shadow Telegram market of Russian fraudsters who are selling identities of former U.S. immigrants for $1,000 a person.

Hackers Target French Interior Ministry, Germany Summons Russian Ambassador
The French Ministry of Interior is investigating a suspected nation-state cyberattack that targeted its email server. Additionally, the German government on Friday attributed a 2024 hacking incident on air traffic control systems to Russian nation-state hackers.

Boards are becoming increasingly focused on understanding the mechanics and implications of agentic artificial intelligence, but traditional governance processes aren't built for the speed and complexity of today's AI-driven innovation cycles, said JoAnn Stonier, former chief data and AI officer at Mastercard.

AI Firm Says New Models May Be 'High Risk' as Dual-Use Capabilities Grow
OpenAI said Wednesday it is preparing for artificial intelligence models to reach "high" cybersecurity risk levels, marking an escalation in the dual-use capabilities that could strengthen defenses or enable sophisticated attacks.

KKR-Led Series B Investment Propels AI Agent, Nonhuman Identity Management Push
Backed by $700 million in funding from KKR at a $3 billion valuation, Saviynt plans to accelerate innovation in identity security for humans, machines and AI agents. The Series B investment supports global expansion and continued platform development to meet evolving enterprise needs.

Password Manager Must Pay 1.2M Pounds
The British data regulator imposed a fine of 1.2 million pounds against password manager LastPass over a 2022 data breach that exposed the data of millions of its customers. Unidentified hackers stole backup data from LastPass's Amazon Web Services S3 bucket.

Trump Tees Up Federal Lawsuits Against State Rules in Executive Order
The Trump administration says it'll sue states that establish rules for artificial intelligence that go beyond a standard of "minimally burdensome" regulation - a step the U.S. president said is necessary to ensure China doesn't pull ahead in a global race for AI supremacy.

The Next Major Cyber Risk Could Come Through a Biological Sample
Researchers demonstrated that it is feasible to encode executable payloads into synthetic DNA that, once sequenced and processed, could trigger malware in sequencing software. When a vulnerability in a sequencer becomes a vulnerability in national health or food security, the stakes are existential.

Lessons From Lightning-Fast AI-Based Attacks and How Cyber Defenders Should Respond
AI-based attacks will come faster and the sequence of activities will be less predictable. Cyber defenders are skilled in network analysis, incident response and cloud or identity management, but in the face of AI-based attacks, they need new skills, tools and defensive tactics.

CTO Matthew Fraser Says Administrations May Change but AI Program Is Built to Last
New York City gets a new mayor on Jan. 1, and while no one knows Zohran Mamdani's plans for using artificial intelligence, the city's AI Action Plan will ensure a strong foundation for innovation, city Chief Technology Officer Matthew Fraser told attendees at The AI Summit in Manhattan on Wednesday.

Unpatched Flaw in Open-Source Gogs Service Facilitates Remote Code Execution
An attacker has been exploiting a zero-day vulnerability in Gogs, an open-source and popular Git service that allows for self-hosting, warned researchers. At least 700 internet-exposed servers running Gogs shows signs of being infected with command-and-control malware; no patch is yet available.

Also: 700M Euro Fraud Busted, 2 Arrested in Crypto-Linked Killing Case
This week, Ledger flagged physical attack risks to Android hot wallets, a 700M euro fraud network was dismantled, a suspect in the $243M Genesis theft was reportedly detained and a member of a $263M crypto scam pleaded guilty. Two men arrested in a Vienna crypto-linked killing.

Telegram-Based Market Is Exploiting Gaps in US Tracking of Departed Visa Holders
A Russian darknet marketplace is exploiting a major blind spot for U.S. financial institutions by trafficking in the identities of former legal immigrants. Telegram-based group Karma Fullz has built a profitable criminal enterprise with highly convincing synthetic identities.