BankInfoSecurity.com

Also: How Non-Human Identities Redefine Security; the Delinea-StrongDM Deal
In this week's panel, four editors discussed how deepfakes are reshaping digital Know Your Customer practices, what the rise of non-human identities means for CISOs and what Delinea's acquisition of StrongDM tells us about where the privileged access market is heading.

FBI Accessed Encrypted Windows Devices Via BitLocker Keys, Microsoft Says
Microsoft confirmed it handed over BitLocker recovery keys to the FBI in 2025 under court order, raising concerns over cloud-stored encryption keys and whether default designs that prioritize recovery convenience and efficiency weaken user control and security.

Partnership With Israeli Startup Brings Real-World Threat Labs to Security Training
ISMG has teamed with CyCube to strengthen CyberEd.io's hands-on cyber training platform. The strategic investment aims to deliver personalized, adaptive labs and assessments that help security teams respond to evolving threats fueled by generative and agentic AI.

'WhisperPair' Flaw Likely to Endure for Years
A hacker could secretly record phone conversations, track users' locations and blast music through headphones due to a flaw in implementations of a Google-developed low-energy technology for discovering nearby Bluetooth devices.

Feds Warn US May Lose Quantum Race Without Sustained Research Funding
Federal scientists told Congress that failure to reauthorize the National Quantum Initiative threatens to unravel coordinated research and development progress, stall commercialization and allow China to surpass U.S. leadership as adversaries accelerate post-quantum capabilities.

Also, CIRO Phishing Breach, Ingram Micro Ransomware and CVE Surge
This week, DOGE posted sensitive data on an outside server. A phishing attack affected 750,000 Canadians. A hacktivism warning from the U.K. NCSC. An Ingram Micro breach. CVEs surged in 2025. SK Telecom challenged a fine. Researchers disclosed Chainlit flaws. North Korean hackers abused VS Code.

OIG: Gaps in Standards, Third-Party Oversight Put Agencies, Health Sector at Risk
Auditors say the U.S. Department of Health and Human Services should buttress its ability to respond to cyberthreats by standardizing governance and controls across its many divisions - and also do a better job of overseeing its many contractors and the risk they introduce.

Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System Compromise
Attackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.

CISOs Grapple With AI Blind Spots, Excessive Permissions and Governance Issues
Machine identities continue to multiply as organizations push automation, cloud services and AI-driven initiatives deeper into core operations. This rapid growth creates new vulnerabilities, especially when non-human identities lack governance or are completely invisible to security teams.

Also: $7M Saga and $5M Makina Finance Exploits
This week, South Korea dismantled a $102 million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win ethereum transaction auctions for free.

Corporate Hiring Practices Risk Shutting Down the Talent Supply Line
In cybersecurity hiring, many organizations have quietly removed entry-level jobs from the workforce altogether. While it may meet immediate corporate goals to hire more experienced practitioners, these extremely limited on ramps for cybersecurity jobs risk cutting off the talent pipeline.

More Dry Powder Will Help Cloud Security Sweepstakes Against Palo, CrowdStrike, Wiz
Upwind is in talks with Bessemer Venture Partners and Picture Capital to raise more than $250 million at a valuation of $1.2 billion to $1.5 billion, Calcalist reported. Upwind in December 2024 closed a $100 million Series A round and tripled its valuation over the prior 15 months to $900 million.

Nearly $270M Cut From CISA Despite Mounting Foreign Cyberthreats
Congress is proposing cuts of nearly $270 million from the Cybersecurity and Infrastructure Security Agency's budget for fiscal year 2026, reducing funding for threat hunting and vulnerability management as officials warn foreign adversaries are escalating cyber operations targeting U.S. systems.

Breach Affected More Than a Dozen Healthcare Clients, 2.5M Patients
Electronic health records vendor Veradigm agreed to pay $10.5 million to settle consolidated class action litigation involving a December 2024 hacking incident discovered in mid-2025 that affected more than a dozen healthcare provider clients and about 2.5 million of their patients.

Decentralization and Sprawl Complicate University IT Programs
Several Ivy League universities - including Harvard and Princeton - experienced hacks in 2025 through unpatched enterprise software and sophisticated social engineering campaigns, showing that even the nation's wealthiest universities are vulnerable.