BankInfoSecurity.com

It's Time for CIOs to Rethink Business Continuity Plans and Cloud Resources
The targeting of commercial cloud data centers in the Middle East marks a turning point for CIOs and enterprise leaders. Geopolitics and military conflicts are definite threats to vital technology infrastructure. The question is: How well-prepared and resilient is your enterprise?

Device Maker Is Still Investigating March 11 Attack Claimed by Iranian Hacktivists
Medical tech maker Stryker said it has restored its systems and is operational across its global manufacturing network three weeks after a wiper attack by Iranian hacktivist group Handala led to a worldwide outage at the company. The firm is continuing to investigate the incident.

Also: RSAC Speakers Warn AI Is Outpacing Security, DoD's Zero Trust Reality Check
In this week's panel, four ISMG editors discussed growing cyber risks in healthcare following recent vendor breaches, key takeaways from RSAC Conference and whether the Pentagon's zero trust push is delivering real security benefits or just checking off boxes.

Going Beyond the Copilot Pilot - A CISO's Perspective
With 60% of businesses piloting M365 Copilot but only 6% scaling, this webinar explores why gen AI deployments stall — and what CISOs and IT leaders must know to roll out secure, compliant, and effective AI productivity tools.

Panel Calls for Modernization of Recruiting Processes for About 225,000 Cyber Jobs
The Pentagon's years-long cyber workforce overhaul needs a Department of Defense-wide talent management system to ensure interoperability and consistency across the entire DoD enterprise, said the CIOs of four military services at a panel last week.

AI-Native Platform Targets Identity Governance Gaps and Automation
Linx Security secured $50 million to expand its artificial intelligence-driven identity platform as enterprises struggle with identity-based attacks. CEO Israel Duanis highlights real-time visibility automation and risk reduction as key to addressing growing threats from AI agents.

Also, Lloyds Data Leak, Dutch Treasury Breach, Citrix Bug Exploit, Pay2Key Activity
This week, Lloyds data leak hits 450K, Dutch treasury breach, Citrix flaw exploited, Iran-linked ransomware ops, TrueConf zero-day, Russian fraud ring sentenced, Romania targeted, patch gaps persist, and U.S. hospital breach affects 257K.

Also: Chinese Firms Indicted in Crypto-Linked Fentanyl Supply Case
This week, charges filed in Uranium Finance hack, indictment of Chinese firms in fentanyl supply case, a class action lawsuit against Nvidia, Drift Protocol exploit, KuCoin operational barriers in the United States and a U.K. sanction filed against Xinbi.

Unified Platforms Reduce Risk, Cost From Ransomware and AI Threats
Leaders must maximize existing infrastructure as ransomware and AI-driven threats raise costs and risk. In order to extract more value from current hardware, organizations must strengthen resilience through private cloud architectures, improved storage efficiency and automated recovery.

Moves Reverse Biden-Era Changes; National Coordinator Returns to Health IT Policy
The U.S. Department of Health and Services is reversing Biden-era changes, returning the Office of the National Coordinator for Health IT's focused role on external health IT policy and standards, while shifting department-wide cybersecurity, cloud, AI and data operations back to the Office of CIO.

Enterprises Seek Multi-Agent Systems to Govern LLM-Generated Code at Scale
As AI-generated code surges, New York-based startup Qodo has raised $70 million in Series B funding to address governance and quality challenges. The company is building multi-agent systems to review code, enforce standards and reduce risk in enterprise software development.

Fallout Continues Over Leaked Claude Source Code Incident
The tension between AI developers and cybersecurity vendors is becoming increasingly apparent as new models show sudden leaps in capability - and AI firm Anthropic, for better or for worse, finds itself at the center of the drama.

Anthropic's Mythos Leak Points to Pattern of Failures, Sloppy Practices at AI Labs
Anthropic accidentally exposed its most powerful unreleased AI model to compromise, and days later shipped its flagship coding tool's full source code without meaning to. Meta, Microsoft and OpenAI have each had comparable moments. Questions linger about the integrity of third-party AI tools.

Expect Fallout After Remote Access Trojan Added to Popular JavaScript NPM Package
A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software packages, to distribute a cross-platform, remote access Trojan. Identifying the full fallout from the attack could take some time, experts warned.

Why Remote Access to Industrial Operations Is the Biggest Unmanaged Risk
Remote access has become one of the largest unmanaged attack surfaces in industrial operations. Legacy VPNs and jump servers expose OT environments to serious risk. Learn how Cisco Cyber Vision's Secure Equipment Access can secure vendor and engineer access while protecting critical infrastructure.

A Disorienting Future: Rapid Pace of Change and AI Agents in the Hands of Attackers
Reflecting the current state of cybersecurity, uncertainty dominated at this year's annual RSAC Conference in San Francisco, as advances in artificial intelligence, including agentic artificial intelligence, now pose risks experts never saw coming. It's a disorientating state of affairs for all involved.

AI is accelerating cyberattacks faster than organizations can prioritize them, forcing security leaders to rethink how they define and defend against “emerging threats.” Most modern threats aren’t new, just amplified by AI, says Akamai's Brent Maynard.

TriMed Is Among Several Other Medical Device Firms Recently Attacked
A California maker of implantable orthopedic gear is the latest medical device maker in recent weeks to disclose it's been a victim of a cybersecurity incident. The disclosure of the hack on TriMed comes on the heels of an Iranian hacktivist attack on Stryker and a data theft from UFP Technologies.