DataBreachToday.com

Experts Testify Budget Cuts Could Hurt Security Investments, Disrupt Supply Chains
President Donald Trump's federal funding freeze threatens to significantly weaken U.S. maritime cybersecurity efforts as China expands its control over global ports, experts warned in congressional testimony. Attacks on ports could disrupt supply chains and destabilize global trade.

Manufacturers May Have to Reassess Product Strategy to Maintain Competitive Edge
DeepSeek's entry into the AI market triggered a ripple effect, with a potential major impact on chipmakers. Shares of Nvidia, AMD and Intel took a hit immediately after the Chinese model's release and is forcing these silicon stalwarts to reassessment of their product strategies.

Weak Encryption, Data Transfers to China, Hidden ByteDance Links Found
Security researchers found DeepSeek AI has weak encryption, SQL injection flaws and sends user data to Chinese state-linked entities. Its AI model failed jailbreak tests, making it prone to manipulation. Regulators in Europe, South Korea, and Australia are investigating, with bans and warnings issued over security risks.

Ransomware Group Embargo Claims to Have Published 1.15TB of Hospital's Stolen Data
A rural Georgia hospital and its nursing home are among several other regional healthcare entities notifying tens of thousands of patients that their information was compromised in recent hacks. Ransomware gang Embargo claims to have published 1.15 terabytes of stolen data in one of those incidents.

Merger Combines Application Protection and DevOps to Secure Software at Scale
Harness and Traceable are combining forces to create a DevSecOps platform that seamlessly integrates software delivery with security. The merger addresses the growing need for continuous security along with continuous delivery, ensuring applications remain protected from development to deployment.

Lawsuits Mounting Over Elon Musk's Attempts to Slash Federal Government Spending
Lawsuits are mounting against President Donald Trump and Elon Musk's task force for shrinking the federal government as reports indicate the group is feeding sensitive federal data into artificial intelligence systems to target budget cuts, potentially accessing Americans' sensitive data.

Governments Are Skeptical of Chinese A1 Platform's Data Security Controls
Countries across Asia are racing to ban government officials, national agencies and critical infrastructure organizations from using Chinese artificial intelligence company DeepSeek's open-source chatbot application, citing data security and privacy risks.

CEO: Going Private Will Help SolarWinds Expand Its Operational Resilience Vision
SolarWinds agreed to be bought by Turn/River Capital for $4.4 billion just six years after the observability and IT management software firm went public. The proposed deal will help SolarWinds expand its vision in operational resilience and ensure the company's IT infrastructure remains robust.

SysTrack LsiAgent Installer Flaw Escalates Privileges Locally
A flawed Microsoft software installer application developed by Lakeside Software could enable attackers with lower privileges to gain full system access. The local privilege escalation vulnerability uncovered by Google Mandiant has since been patched.

Summit to Focus on Open-Source, AI Governance and Development
The historic presidential Élysée Palace in Central Paris will host world leaders, tech CEOs and researchers for the French AI Action Summit, a two-day event that will commence on Monday. U.S. Vice President JD Vance, OpenAI CEO Sam Altman and Google's Sundar Pichai will be on hand.

Tom Kellermann's Annual Report on Key Threats to Financial Sector
Zero days. Supply chain attacks. APIs and cloud environments as growing threat vectors. These are among the topics discussed in this seventh annual Modern Bank Heists report, and author Tom Kellermann discusses their impact on financial institutions - and which defensive gaps need to be filled now.

Also: Addressing AI Vulnerabilities and Governance Challenges
DeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes.

Secret Order Seeks to Compel Apple to Weaken Encryption, Washington Post Reports
The British government has unexpectedly reignited the long-running encryption debate, reportedly issuing a secret order to Apple requiring that it provide direct access to global users' fully encrypted cloud backups and prohibited the technology giant from alerting any targeted accountholders.

Also: Researchers Bypass GitHub Copilot's Protections, Deloitte Pays $5M for Breach
This week: A hacker claims to have 20 million OpenAI logins, Sweden clears ship in Baltic cable damage, researchers find ways to bypass GitHub Copilot's protections, Netgear patches router flaws, undetectable Mac backdoor raises alarms, Spain nabs hacker, and Deloitte pays $5M for RIBridges breach.

CISO Buyout Offers, Industry-Wide Skills Shortage Raise Fears of Cybersecurity Gaps
The Cybersecurity and Infrastructure Security Agency has reversed an exemption for its staffers to participate in the administration's "Fork in the Road" resignation program, as lawmakers and security experts warn of a growing cyber workforce shortage threatening U.S. national security.

Experts Cast Nervous Eye on Musk and Team's Handling of Health-Related Info
Privacy experts are keeping a nervous eye on the potential for compromises involving Americans' health and personal information resulting from the White House's Department of Government Efficiency - led by Elon Musk - accessing government IT systems containing Medicare and health related data.

Data Security Posture Management Becomes Key to Cloud Visibility But Lacks Controls
The rapid rise of DSPM has fueled deals by major security firms looking to enhance their platforms. Industry leaders see DSPM as crucial for cloud data visibility, security integration and regulatory compliance. But can standalone DSPM vendors survive, or will they be absorbed by larger platforms?