DataBreachToday.com

New Report Says Mexican Cartel Hired Hacker to Identify, Track and Kill FBI Sources
A Justice Department watchdog found a Mexican cartel hired a hacker to tap mobile data and Mexico City cameras, helping track, intimidate and kill potential U.S. informants linked to El Chapo while calling for reforms to protect sensitive investigations from rapidly evolving technology threats.

DOJ Indictments, Enforcement Actions Follow Nationwide Search for 'Laptop Farms'
Federal prosecutors announced major enforcement actions after a North Korean crime ring used stolen IDs, fake websites and U.S. shell firms to embed IT workers inside more than 100 American companies, stealing data and laundering over $5 million to fund Pyongyang's weapons programs.

Sydney Trains' Maryam Shoraka on Identifying the Blind Spots in OT Systems
IT organizations can apply multiple frameworks to help reduce risk, but relying on them in OT environments could create blind spots. Security leaders must rethink compliance-driven strategies and adapt controls to meet the unique demands of industrial systems, said Sydney Trains' Maryam Shoraka.

Anthropic Claude Agent Loses Money, Hoards Tungsten, Believes It's Human
Unleashing an agentic AI on the office vending machine: What could go wrong? Anthropic and AI safety company Andon Labs found out when they turned over management of a small refrigerator that acted as a vending machine to Claude Sonnet 3.7. Researchers described the AI's conduct as "pretty weird."

Chinese Surveillance Firm Faces Canada National Security Ban
Chinese video surveillance manufacturer Hikvision must close operations in Canada, a government official said Friday, citing national security concerns. The ban is the latest in a string of Western prohibitions against equipment made by partially state-owned Hangzhou Hikvision Digital Technology.

Chinese-Made AI App Faces European Privacy Pushback
A German data regulator on Friday ordered Apple and Google to remove the Chinese artificial intelligence DeepSeek app from online stores over non-compliance with privacy and digital service rules. Commercial transfers of data outside of trading bloc members are governed by a complex legal system

Alerts Come on the Heels of Recent Attacks on Insurers
U.S. federal authorities are warning the public and healthcare sector entities of email and fax phishing scams by fraudsters seeking to steal personal information about patients or payments. The warnings come as three large U.S. insurers continue to recover from recent cyberattacks.

Thousands of MCP Servers Leave AI Apps Open to Attack Surfaces
Hundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

State Moves to Restructure Cyber Bureau and Issue Mass Layoffs Despite Court Order
Current and recent former Department of State staffers told Information Security Media Group the agency is preparing to implement layoffs and begin a reorganization despite a San Francisco federal district court order blocking across-the-board layoffs at federal agencies.

Why Cynomi's Embrace of AI-Driven Security Tools Will Drive MSP and MSSP Efficiency
Cynomi’s recent Series B funding round will deepen AI features, expand its Solution Showcase and enable managed service providers to deliver cybersecurity at scale. CEO David Primor says the company is building the operating system for MSP and MSSP cyber operations.

Debt Collector's 2024 Data Breach Affected Multiple Hospitals and Medical Practices
The list of healthcare sector clients reporting large health data breaches from the 2024 hack on debt collection firm Nationwide Recovery Service continues to grow, as does the vast number of affected patients. So far, the hack has affected at least 500,000 patients.

Also, O Canada, Oh Brother and More Probable Chinese Hacking
This week, ransomware kills, Salt Typhoon hit Canada, Russian backdoors, SAP and Citrix patches, China hackers in the oil and energy sector. Brother printers have an unfixable flaw. Ransomware hit a U.S. dairy cooperative. Hackers in Albania and Oxford. European lawmakers heard cybersecurity advice.

KPMG Climbs, ThreatConnect Falls in Latest Cyber Risk Quantification Forrester Wave
Safe Security and Axio remained atop Forrester's cyber risk quantification rankings, with KPMB climbing onto the leaderboard and ThreatConnect falling off the leaderboard. Cyber risk quantification tools have moved beyond basic risk modeling to automate recommendations and analyze trends.

CIO Greg Barbaccia's Memo Targets Churn, Burnout, Fragmented Culture
When Gregory Barbaccia took the job as the U.S. federal CIO in January 2025, he became the sixth person to hold the position in eight years. Five months into his tenure, he laid out 16 operating principles in the latest attempt to stabilize leadership churn.

AI Assistants Accelerate Coding But Can Create Huge Risks for the Inexperienced
When used well, vibe coding can unlock astonishing productivity and lower the barrier to getting ideas off the ground. But here's the problem: Too many newcomers are mistaking it as a replacement for a deep understanding of coding and software development principles.

Trojanized NetExtender Installer Exfiltrates Data to Hardcoded IP Address
Fake versions of SonicWall VPN software contain a credential-stealing Trojan, the California network security company warned Monday. Imposter versions of tools such as VPNs, virtual desktops and software development tools "are often laced with infostealers."

Predibase Acquisition Adds AI Talent, Cost-Optimization and Fine-Tuning Model Tech
Rubrik has acquired Predibase to accelerate enterprise generative AI adoption with improved accuracy and efficiency. Rubrik will combine its trusted data security with Predibase’s model hosting and tuning to drive scalable, trustworthy AI deployment to help scale projects from pilot to production.

Agency: Rising Threats Put Manufacturing Supply Chains, Patient Safety at Risk
The Food and Drug Administration is urging medical product makers to carefully address the cybersecurity of their connected operational technologies, including advanced and "smart" devices used in their manufacturing and supply chains, to reduce the risk to rising cyberthreats.