BankInfoSecurity.com

Forrester's Sandy Carielli on Quantum Readiness, Key Steps for Successful Migration
Quantum security migrations are multi-year, cross-functional projects that touch product, infrastructure and supply chains. While the scope of migration can be daunting, CIOs can follow several practical steps to make the project more manageable, said Forrester's Sandy Carielli.

New Agency Focuses on Public Programs, Ignores Private Sector Fraud
Citing recent high-profile arrests of fraud rings in Minnesota, President Donald Trump announced the creation of National Fraud Enforcement division in the Department of Justice. Sounds nice, but will it make a difference without deeper coordination with banks, payment platforms and businesses?

Former NSC Cyber Adviser Renominated to Lead CISA Amid Ongoing Senate Gridlock
The White House has renominated Sean Plankey to head CISA, reviving a stalled bid hindered by Senate holds and demands to release a report on telecom sector threats linked to China, as the agency continues to operate without a permanent director amid rising cyber risks.

Health Info in Mix With Compromised Data in Latest Breach Hitting a School
A for-profit university with campuses in New York and the Caribbean is notifying nearly 321,000 individuals of a December 2024 data theft incident that compromised their personal and health information. Monroe University is among the latest educational institutions disclosing hacks.

AI-Powered Axur Brings Digital Risk Protection, 99% Takedown Rate to Infoblox
Infoblox is acquiring Axur, a Brazilian leader in digital risk protection, to bolster its preemptive cyberthreat defense. Axur automates phishing and rogue site takedowns using AI, delivering near-instant response and visibility into attacker infrastructure.

In this webinar, we’ll explore how CIS MDR adapts to your environment, extends your team’s capabilities, and delivers actionable insights — not just alerts. You’ll also see a real anonymized incident walkthrough that demonstrates how CIS MDR moves from detection to resolution with speed and precision.

How to Deal With Having Influence Without Authority in Cybersecurity Roles
In some cybersecurity organizations, expertise and visible leadership don't reside in the same role. Usually, the person with the most influence on cybersecurity decisions is the owner, but it does not always work out that way. Fortunately, there are things you can do to change that for your career.

Ransomware Gang Money Message Claimed It Exfiltrated 4.7TB of Firm's Data
Pharmacy services firm PharMerica will pay at least $5.27 million - plus millions more on enhancing its security - as part of a preliminary class action settlement approved this week by a federal court involving a 2023 data theft incident the company reported as affecting 5.8 million individuals.

Misstatement Claims Tossed in Class-Action Securities Case After CrowdStrike Outage
A U.S. district judge tossed most claims from investors accusing CrowdStrike of misrepresenting its software testing rigor before a July 2024 outage. The judge said two statements about federal compliance could plausibly be misleading, but said plaintiffs failed to establish intent or recklessness.

Cause Unknown But Many Previous Outages Due to Software Misconfiguration
Verizon customers along the Eastern Seaboard and Southern parts of the United States lost mobile phone connectivity Wednesday in an incident that appears to have peaked around 1 p.m.

Scenario Planning Must Model Disruption, Strengthen Cyber Basics, Build Redundancy
IT organizations know how to plan for outages, but even the most rigorously designed strategy is vulnerable to the shifting winds of geopolitics. CIOs and technology leaders need to know how their organizations will respond to geopolitical disruptions, and scenario planning needs to be a priority.

University of Hawaii Cancer Center Paid Ransom
Cancer patients who participated in University of Hawaii Cancer Center studies during the 1990s may soon receive a notification that ransomware hackers stole their data in an August 2025 incident. Experts said the hack spotlights concerning risks involving compromises of medical research data.

Startup Targets MSSPs and MDR Vendors, Shadow AI Detection and Global Growth
WitnessAI has raised $58 million to scale its AI network and agent protection platform worldwide. The funding will help the firm build MSSP-ready offerings, detect unauthorized AI agents and enforce security policies across employee and customer LLM use cases.

Analysts Warn Foreign Adversaries Gaining Footholds in US Networks
Cyber policy analysts told lawmakers that the United States' cyber deterrence efforts are failing, allowing China and others to embed in critical infrastructure networks with minimal cost, while calling for faster, coordinated offensive actions across federal agencies.

Experts on How CIOs Can Avoid 'Geopolitical Lock-In' in AI, Cloud and Supply Chains
Geopolitical instability is a part of reality in 2026, and the stakes are high for CIOs who must rely on global supply chains to develop IT, artificial intelligence, cloud and cybersecurity strategies.

How UX Decisions Are Becoming Regulatory Liabilities for CISOs
Children's data is entering a new regulatory era where dark patterns, defaults and monetization choices can signal breached fiduciary duty. As privacy, safety and consumer laws converge globally, CISOs must treat manipulative UX, consent flows and retention practices as core security and governance risks.

Growing Third-Party Breach Trend Is Spreading to AI Suppliers
IT organizations have built processes for reducing vendor risk, but in the AI era, that operating model is being dismantled. Modern AI environments are built on dynamic external foundational models, countless APIs, open-source components and continuous data pipelines that pose risks.

Black Duck Researchers Discover Flaw in Widely Used Broadcom Chipset
A flaw in Broadcom chipsets commonly used in wireless routers allows attackers to repeatedly knock offline the 5 gigahertz band, no matter how strong the security settings, say researchers.

Digital Skimming Attacks Spoof Stripe Payment Forms to Steal Payment Card Data
Magecart-style digital skimming attacks targeting payment card data continue, with researchers detailing an active campaign targeting the popular WooCommerce platform and Stripe. Separately, widely used ConnectPOS exposing its code repository for years, posing a supply-chain risk for customers.