DataBreachToday.com

Also: Astra Nova RVV Token Plummets, Canada Fines Cryptomus $126M
This week, U.S. President Donald Trump pardoned Changpeng Zhao, Astra Nova RVV token plummeted, an investor lost $3M in a wallet breach linked to Huione Group, Canada fined Cryptomus, a U.K. regulator sued HTX over illegal crypto promotions and hacked LuBian wallets moved $1.8B in bitcoin.

Proposed Acquisition Aims to Merge Internal Risk Data With External Threat Signals
Dataminr will acquire ThreatConnect, combining public data detection with internal intelligence to give CISOs an AI-powered, context-aware response platform. The deal is producing results for shared customers and is central to Dataminr's push toward predictive, client-specific cybersecurity tools.

Regulators Want to Know If Insurer Delayed Notifying 462,000 Affected Members
Montana regulators are investigating a breach affecting 462,000 Blue Cross Blue Shield of Montana members involving one of the insurer's service providers. The vendor, Conduent, in April notified the SEC that the data theft affected numerous clients and a "significant number" of people.

Also, Envoy Air Confirms Data Compromise Following Clop Extortion Campaign
This week, Qilin didn't hack a Spanish tax agency, Nexperia standoff, Envoy Air confirmed a data compromise, Experian Netherlands fined 2.7M euros, ToolShell used to breach global networks, flaws in TP-Link Omada and Festa VPN routers and a New York firm settled a cybersecurity investigation.

AI-Powered Threats Demand AI-Driven Defense
As AI reshapes the cyber battlefield, CISOs face unprecedented pressure to defend at machine speed. Discover how agentic AI and deep observability are transforming defense from detection to foresight.

Foundation for Defense of Democracies Warns Against Aligning With New Cyber Treaty
The United Nations' cybercrime treaty, shaped by Russian and Chinese influence, could legitimize global digital repression by enabling prosecutions of journalists, activists and researchers under vague terms - despite U.S. opposition and mounting civil society alarm, analysts warned Thursday.

AI agents are reshaping how we buy and pay online. Discover how agentic commerce is redefining trust, transparency, and control in the next era of digital payments.

Microsoft Says Hackers Pivoting to Identity Compromise
Hackers are as likely to log in as break in, warns Microsoft in an annual assessment of cyberthreats. During the first half of 2025, identity-based attacks rose by 32% due to credentials stolen by infostealers or password and email combinations plucked from bulk data breaches.

Cyber Professionals Can Follow 2 Different Careers Paths to Training and Education
When I first began working in cybersecurity education, my background was in teaching, not security operations. Over time, I came to appreciate that this field attracts professionals from both directions - those who begin in education and learn cybersecurity, and those who bring years of industry experience into the classroom.

Financial Loss Tied to the Hack Estimated at 1.9B Pounds
The hack of Jaguar Land Rover will likely cost the British economy 1.9 billion pounds, making it the single most expensive cyber incident to have occurred in the United Kingdom. That number could go up if hackers damaged the operational technology controlling assembly lines.

HITRUST's Tom Kellermann on Third-Party Risk, Defending Against Persistent Access
Island hopping, AI poisoning and access mining are reshaping cyber risk. Tom Kellermann of HITRUST says organizations must modernize third-party risk management practices and assess AI environments to stop attackers from using trusted infrastructure as a launch pad for broader campaigns.

2023 Data Theft Affected Nearly 887,000 Patients
A radiology practice that has been serving patients in North Carolina for about 70 years agreed to pay more than $3.4 million to settle proposed class action litigation filed in the wake of a 2023 hacking incident that compromised the sensitive information of nearly 887,000 individuals.

CISA Budget and Staffing Cuts Undermine National Cyber Readiness, Officials Warn
Federal cybersecurity reforms have regressed for the first time since 2020, as staffing cuts, diminished agency authority and lost momentum threaten U.S. cyber resilience, according to the Cyberspace Solarium Commission’s 2025 report, which urges immediate action from the White House and Congress.

Proposed Acquisition Would Create Unified View of AI-Ready Data Environments
Veeam's proposed acquisition of Securiti AI for $1.725 billion addresses a long-standing disconnect between where data runs and where it's protected. The move enhances AI governance and posture management while supporting Veeam's vision for end-to-end data control.

Pen Tests Find States Thwart Basic Attacks But Are Vulnerable to Sophisticated Ones
Pen testing of 10 Medicaid management and enrollment systems found that while the nine states and one territory implemented "generally effective" security controls to prevent limited cyberattacks, improvements are needed to protect against more sophisticated attacks, said a watchdog agency report.

Russian Intel Hackers Flexible in Face of Detection
Russia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research.

NTLM Reflection Attack Strikes Again
A three-month old flaw in a network protocol for file sharing used by Microsoft is under active exploitation, warns the U.S. Cybersecurity and Infrastructure Security Agency. The flaw's exploitation bypasses mitigations Microsoft has built over the years to prevent NTLM reflection attacks.