DataBreachToday.com

Also: Turning AI Data Into AI Defense, Autonomous Border Patrol Robots
In this week's panel, ISMG editors discussed how basic security failures are still opening the door to major breaches, how researchers are rethinking data protection in the age of artificial intelligence and the implications of robots with AI patrolling national borders.

Security operations center (SOC) teams are under nonstop pressure. Threats are rising, attack techniques are evolving, and analysts are drowning in alerts. Meanwhile, SOC leaders are asked to do more with fewer resources and tighter budgets.

Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited
This week, Moody's said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches.

Blackstone-Led Funding Round Expands R&D and Partnerships to Address AI Threats
With AI adoption outpacing security readiness, Cyera secured $400 million at a $9 billion valuation to protect data in an agentic AI landscape. The company plans to expand engineering efforts and partner with tech giants to create a control plane for enterprise AI use.

Also: Unleash Protocol Hack, LastPass Breach Linked to Crypto Thefts
This week, an alleged fraud kingpin deported to China, Bitfinex hacker gained early release, Unleash Protocol's $3.9M hack, TRM tied crypto thefts to the LastPass breach, Trust Wallet's link to the Sha1-Hulud attack, Flow's NFT loan fallout, Ledger's data exposure and Kontigo reimbursements.

Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited
This week, Moody's said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches.

OpenAI: Tool Will 'Securely' Connect With Medical Records, But How Will That Work?
OpenAI is rolling out a new version of ChatGPT dedicated to health that the company said will also "securely" connect users' medical records and wellness apps to better personalize responses. OpenAI says more than 230 million people each week ask ChatGPT wellness and health related questions.

CISA Warns of Retaliatory Cyber Action From Hostile State Actors After Venezuela
Federal cybersecurity officials are warning of a likely uptick in retaliatory cyber activity from China and Russia-linked threat actors after the U.S. military raid in Venezuela, urging infrastructure operators to brace for disruptive probing and attacks.

Acquisition of MSP MacSolution Boosts Global Services and Cloud Migration Expertise
JumpCloud has acquired MacSolution, a longtime partner and its largest MSP in the Americas, to enhance global service delivery and deepen its IT modernization capabilities. The move positions Sao Paulo, Brazil, as a strategic hub and strengthens support for partners and customers in Latin America.

Why Human-Centric Zero Trust Models Fail in a World of Autonomous AI Agents
Zero trust was built for humans, not autonomous AI agents. As organizations adopt agentic AI at scale, human-centric security assumptions break down - creating a paradox between utility and least privilege that traditional zero trust models cannot resolve.

Targeted Threat Intel Firm Shares Details With Police After Honeypot Hit
Getting owned by deception technology isn't good news for one's criminal brand or ability to remain at large. Just ask the band of young hackers behind "Scattered Lapsus$ Shiny Hunters," when one of their ilk fell into a security firm's honeytrap, revealing his actual IP address in the process.

Congress Holds Cyber Funding at 2024 Levels Across Key Civilian Agencies
The fiscal year 2026 budget deal largely locks in federal cybersecurity funding at 2024 levels, stalling growth across key civilian agencies even as lawmakers call for global technology leadership as the U.S. government faces mounting nation-state cyber threats.

Patent Board Decision Invalidating 3 Orca Patents Weakens Case, Leads to Dismissal
After 30 months of legal sparring, Wiz and Orca Security have agreed to dismiss all claims in their cloud security patent dispute. The end of the case comes after a significant setback for Orca: A federal board invalidated three of its asserted patents.

2023 Incident Affected More Than 650,000 Patients, Employees
An upstate New York orthopedic practice has agreed to pay state regulators a $500,000 settlement and implement stronger security practices following a 2023 hack involving the theft of 650,000 individuals' sensitive information. Cybercrime group INC Ransom reportedly claimed credit for the incident.

Agency: Guidance Favors Market Innovation Over Federal Scrutiny
New artificial intelligence-enabled health wearable devices and clinical decision support software will not face U.S. Food and Drug Administration regulatory scrutiny, providing the technology meets certain criteria, such as being "low-risk," the agency said this week.

Deal Represents Return to Tuck-In M&A for Palo After 3 Multi-Billion Dollar Deals
Palo Alto Networks is in talks to buy Washington D.C-based endpoint security startup Koi for $400 million. Koi is focused on securing extensions, AI models, code packages and containers, and its differentiation lies in mapping, assessing risk and govern the software landscape at enterprise scale.

Why Are Third-Party Vendor Breaches So Hard to Figure Out?
The victim tally of a 2024 hacking incident at back office services provider Conduent again soared after a new regulatory disclosure by the company, in this case to Texas authorities. The company told Lone Star state officials the breach affected nearly 14.8 million Texans, alone.

Chipmaker CEO Huang Launches Alpamayo Models, Rubin Platform
Nvidia CEO Jensen Huang launched Alpamayo, an open reasoning AI model family for autonomous vehicles, and Rubin, a six-chip platform promising AI tokens at one-tenth prior costs. Mercedes Benz CLA will feature the technology in the US this year.

FCC Lacks Lead for Cyber Trust Mark Program After UL Solutions Steps Down From Post
UL Solutions has exited its role as lead administrator of the FCC's Cyber Trust Mark, leaving the flagship consumer IoT labeling program without oversight just months after internal security reviews raised concerns over foreign influence in program management.