DataBreachToday.com

Red-Hot Startup Noma Security to Deepen Protection for AI Models and Agents
With agentic AI deployments accelerating, Noma Security’s $100 million Series B will fuel development of risk management and runtime protection features. CEO Niv Braun said demand for securing agentic AI has surged among Fortune 500 firms and healthcare and financial institutions.

US Alleged Illumina 'Knowingly' Sold Feds Systems Containing Vulnerabilities
Genomics sequencing firm Illumina Inc. has agreed to pay $9.8 million to resolve False Claims Act whistleblower allegations that it sold software and systems containing cybersecurity vulnerabilities over more than seven years to government agencies.

New Funding, Platform Expansion Aim for Predictive, Autonomous Threat Defense
Safe's $70 million Series C will fund expanded capabilities across its cyber risk quantification, exposure management and third-party oversight tools. The company says its agentic AI vision – cyber AGI – will transform how enterprises manage and mitigate cyberthreats.

Also: Rethinking IT-OT Integration; Previewing Black Hat 2025
In this week's update, four ISMG editors discussed the latest on the ToolShell exploit and the rise of Warlock ransomware, why IT-OT integration may not be the best answer for industrial security and what to expect next week from ISMG Studio at Black Hat Conference 2025.

The use on online tracking tools on the health-related websites and apps of HIPAA and non-HIPAA regulated entities continues to be a lightning rod due to a long list of ongoing data privacy, regulatory and legal concerns, said partner and attorney Elizabeth Hodge of the law firm Akerman.

Investor Umesh Padval on Platform Power, Scaling Fast and Global AI Plays
Q2 2025 saw AI dominate global VC funding, grabbing $47.5 billion of the $94.6 billion raised. AI Investor Umesh Padval breaks down what makes AI infrastructure startups worth betting on - from platform depth and speed to regional ecosystems and exit timing.

AI Tools Can Steal Crypto Autonomously, Even From Audited Code
Armed with just a smart contract address, researchers developed an autonomous artificial intelligence tool that can scan for vulnerabilities, write working exploits in the Solidity blockchain programming language and siphon funds. "It behaves more like a human hacker," said its co-creator.

Security Experts Laud Project Zero's Push for Greater Transparency, Faster Patches
Google is trying out a new approach to publicizing flaws found by its in-house bug hunters meant to get patches more rapidly into end users' hands. Under a trial policy effective immediately, Google's Project Zero team will publish a general alert to the public within seven days.

GenAI Chooses Insecure Code Nearly Half the Time, Veracode Finds
There's been little improvement in how well AI models handle core security decisions, says a report from application security company Veracode. Large language models introduce vulnerabilities in nearly half of test cases when asked to complete secure code tasks, it found.

Also: ToolShell Hits South Africa, Most Americans Are Online Fraud Victims
This week: Did China sneak a peek into ToolShell? ToolShell hacking in South Africa, Cisco flaws, an Arizona woman sentenced for aiding North Korea. Most Americans scammed online, a NASCAR data breach and a claimed data leak at France's Naval Group. Orange telecom disrupted. Dating app Tea breach.

Series C Funding Supports Evolution to Protecting API-Powered Business Revenue
With AI now outpacing cloud in enterprise adoption, Wallarm is evolving its API security platform to safeguard not just endpoints, but the business logic that drives digital revenue. With $55 million in new funding, the company is targeting CIOs and expanding globally to meet demand across sectors.

Voluntary Effort Calls for Standards, Empowering Patients, But What About Privacy?
The Trump administration launched an initiative to improve patient data interoperability, exchange and accessibility throughout the healthcare ecosystem. The effort asks tech firms, healthcare providers and insurers to voluntarily comply with standards and data sharing criteria. Sounds like déjà vu?

Advice for Young Cyber Professionals in the Age of AI and Security Automation
Professionals across industries, especially those in early career stages, are struggling to find not only jobs but also career path direction. The old map no longer applies. Today's environment requires adaptability, strategy and a willingness to build new paths entirely.

AI Tools Detect Breaches Quicker but Shadow AI Causes Breaches, Too
Organizations are detecting data breaches more quickly and paying less to remediate them, says IBM's new "Cost of a Data Breach Report 2025." Some caveats apply, with U.S. organizations experiencing higher breach costs. Breach fallout from shadow AI is also rising.

Firm Admits Paying Ransom in Exchange of Hacker's Promise to Delete Stolen Info
Two Florida-based law firms with offices in other states are notifying 282,100 people whose healthcare and other information was potentially compromised in separate data theft incidents. One of the firms admitted to paying a ransom to prevent its data from being leaked on the darkweb.

CyberArk Deal Adds Privileged Access Capabilities to Palo Alto Networks' Core Stack
With a $25 billion acquisition of CyberArk, Palo Alto Networks expands its cybersecurity platform to secure human, machine and AI identities. CEO Nikesh Arora said the move is timely as 88% of ransomware attacks now stem from credential theft, and agentic AI emerges as a new risk vector.

Unauthenticated Bugs Allow Full Remote Code Execution
Unauthenticated attackers could remotely hijack Dahua Hero C1 smart cameras by exploiting firmware vulnerabilities, Bitdefender warned in a coordinated disclosure published Wednesday. Dahua Technoloy released patches on July 7. The company is on a number of U.S. federal blacklists.