BankInfoSecurity.com

Security First Framework Approach Focuses on Isolating Untrusted Inputs
Chatbots' popularity has been tempered from the start by the prospect of prompt injection attacks. Google DeepMind's CaMeL aims to address the issue by reframing the problem, and applying proven security engineering patterns to isolate and track untrusted data.

Model Context Protocol's Adopters Include OpenAI, Google
Artificial intelligence developers including OpenAI, Google and Microsoft are adopting rival Anthropic's open standard to speed up the capabilities of their chatbots by allowing them to access daily-use software. Dubbed "Model Context Protocol," the open standard aims to make chatbots more useful.

In Other Cybercrime Market Drama, BreachForums Marketplace Reboot Branded a Fake
Just three months after being disrupted by an intelligence law enforcement operation, the notorious online cybercrime marketplace called Cracked appears to have patched itself up and restarted operations. The recently disrupted BreachForums also claims to be back - although experts remain skeptical.

Top Democrat Sounds Alarm Over Whistleblower Report of DOGE's Master Database
A top Democrat on the House Oversight Committee sounded the alarm after a whistleblower provided information to Congress warning that staffers for the Department of Government Efficiency violated federal data laws while building a "master database" of sensitive information across federal agencies.

With highly sensitive information and disruptions to medical care at stake during cyberattacks on healthcare organizations, it's vital for these entities to carefully consider details of their communications plans well in advance of suffering a serious incident, said Tom Bolitho of FTI Consulting.

DOGE Staffers Allegedly Violated Federal Cyber Best Practices and Data Privacy Laws
A whistleblower complaint made public this week provides the most in-depth look yet at the Department of Government Efficiency's many alleged cybersecurity failures, from violating federal best practices to seemingly ignoring data security laws in an apparent bid to shrink the government.

EVP Muhi Majzoub Outlines Integration of TDR, Generative AI Across Core Platforms
OpenText is embedding threat detection, identity protection and generative AI across its cloud and on-premises platforms. EVP Muhi Majzoub says the threat detection and response system will integrate with Microsoft Defender, CrowdStrike and others to identify anomalies and stop attacks in real time.

Despite Last-Minute Reprieve, Fresh Approach and Ownership Required, and Soon
This week's near-disruption in funding for the Mitre-administered Common Vulnerabilities and Exposures Program shows that the U.S. government no longer wants to be footing the tab. Many experts say this is an opportunity to redesign the CVE Program to be more neutral, sustainable and international.

Safety Concerns Emerge Amid o3, o4-mini and GPT-4.1 Launches
OpenAI's mid-April announcements include its most advanced reasoning models o3 and o4-mini, with a biorisk monitor, the quietly released GPT-4.1 coding family and the upcoming retirement of its costliest model, GPT-4.5. OpenAI's partners warn that the company's rushed evaluations have left gaps.

BitNet b1.58 2B4T Focuses on Speed, Efficiency, Open Access
Microsoft released what it describes as the most expansive 1-bit AI model to date, BitNet b1.58 2B4T. Unlike traditional large language models that depend on GPUs and massive infrastructure, the model is built to operate efficiently on CPUs including Apple's M2 chip.

Canadian Cyber Agency Warns of Rising Chinese Cyberthreats.
The Canadian Center for Cybersecurity on Tuesday said it has observed "increasing levels" of malicious cyberactivity from China-linked hackers, including the group tracked Salt Typhoon. Exposed edge devices are at risk of attacks can be detected through mass scanning.

Researchers Say Chinese Mobile Route Firms Dominate Global Interconnect Industry
A report warns U.S. allies and countries across the globe are using Chinese-owned and controlled mobile routing firms in a move that could risk national security interests and potentially expose billions of users to passive and active surveillance from Beijing.

Case Resolves HHS OCR Scrutiny of Two Security Incidents
A Guam public hospital has agreed to pay federal regulators $25,000 and implement a corrective action plan to settle potential HIPAA violations - including a failure to conduct a comprehensive risk analysis - identified during an investigation into two security incidents.

Australia-Based Firm Adds Cloud, Red/Blue Team Skills to Infosys' Cyber Arsenal
With a planned $63 million acquisition of The Missing Link, Infosys deepens its cybersecurity capabilities and strengthens its global cloud and risk assessment services. The acquisition adds to its cyberdefense centers and enhances red/blue team capabilities and digital transformation support.

Exaforce's AI-Powered Automation Aims to Streamline Security Ops for Enterprises
SOC automation startup Exaforce closed a $75 million in Series A financing round to enhance its AI model purpose-built for cybersecurity. The company plans to expand support for SaaS and cloud platforms and deploy agentic features to speed analyst workflows.

Project Management Skills Can Be Your Career Force Multiplier in Cybersecurity
While technical expertise is foundational in cybersecurity, organizational and project management skills have become critical differentiators for career advancement. Learn practical strategies to develop these capabilities, even if you don't consider yourself naturally detail-oriented or organized!

Deal Adds Natural Language, Multi-Agent RAG Tech to Autonomous Security Platform
Torq’s acquisition of Revrod gives it a strategic leap in autonomous security operations. The startup's multi-agent retrieval-augmented generation engine enables smarter, faster threat detection, triage and mitigation without heavy manual workflows.

Board Members Announce Launch of 'CVE Foundation' to Secure Program's Future
Warnings are being sounded over the risk to global cybersecurity posed by the imminent disruption or management shutdown of the Common Vulnerabilities and Exposures program. A fix could be forthcoming in the form of a new, stand-alone foundation, although its details and funding remain unclear.

Firm Failed to Close Outdated User Account, Waited 43 Days to Notify Regulators
The U.K. Information Commissioner's Office imposed a fine of 60,000 pounds against Liverpool-based law firm DDP Law for GDPR violations relating to a 2022 ransomware hack and data leak that exposed sensitive information including the details of its clients' cases.