DataBreachToday.com

Tom Kellermann's Annual Report on Key Threats to Financial Sector
Zero days. Supply chain attacks. APIs and cloud environments as growing threat vectors. These are among the topics discussed in this seventh annual Modern Bank Heists report, and author Tom Kellermann discusses their impact on financial institutions - and which defensive gaps need to be filled now.

Also: Addressing AI Vulnerabilities and Governance Challenges
DeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes.

Secret Order Seeks to Compel Apple to Weaken Encryption, Washington Post Reports
The British government has unexpectedly reignited the long-running encryption debate, reportedly issuing a secret order to Apple requiring that it provide direct access to global users' fully encrypted cloud backups and prohibited the technology giant from alerting any targeted accountholders.

Also: Researchers Bypass GitHub Copilot's Protections, Deloitte Pays $5M for Breach
This week: A hacker claims to have 20 million OpenAI logins, Sweden clears ship in Baltic cable damage, researchers find ways to bypass GitHub Copilot's protections, Netgear patches router flaws, undetectable Mac backdoor raises alarms, Spain nabs hacker, and Deloitte pays $5M for RIBridges breach.

CISO Buyout Offers, Industry-Wide Skills Shortage Raise Fears of Cybersecurity Gaps
The Cybersecurity and Infrastructure Security Agency has reversed an exemption for its staffers to participate in the administration's "Fork in the Road" resignation program, as lawmakers and security experts warn of a growing cyber workforce shortage threatening U.S. national security.

Experts Cast Nervous Eye on Musk and Team's Handling of Health-Related Info
Privacy experts are keeping a nervous eye on the potential for compromises involving Americans' health and personal information resulting from the White House's Department of Government Efficiency - led by Elon Musk - accessing government IT systems containing Medicare and health related data.

Data Security Posture Management Becomes Key to Cloud Visibility But Lacks Controls
The rapid rise of DSPM has fueled deals by major security firms looking to enhance their platforms. Industry leaders see DSPM as crucial for cloud data visibility, security integration and regulatory compliance. But can standalone DSPM vendors survive, or will they be absorbed by larger platforms?

AI-Powered Social Engineering and Deepfake Threats in 2025
Security researchers predict threat actors will use artificial intelligence and large language models to enhance phishing attacks and create convincing fake personas, while defensive AI enters a new phase of semiautonomous operations.

Collapse of LockBit and BlackCat/ALPHV Tied to Ongoing Decline in Big-Game Hunting
Ransomware may still be raking in massive cryptocurrency profits for practitioners, but 2024 turned out to be less of a banner year than predicted, with blockchain researchers reporting that the sum total of known ransom payments to ransomware groups in 2024 plummeted by 35%.

Also: Conviction in £1.5M Fraud, Sentencing in Torture and Theft Case
This week's stories include a critical Ethereum vulnerability, conviction in a £1.5M fraud, sentencing in a torture and crypto theft case, SEC's new roadmap, Jan crypto stats, Coinbase social engineering victims, and U.S. lawmakers' digital assets working group.

Incident Response Firm Reports 25% of Victims Paid - Typically for a Decryptor
The slice of organizations opting to pay extortion after being hit by ransomware dropped to an all-time low of 25%. Underpinning the drop is a combination of better defenses, improved business resilience as well as organizations simply deciding to not pay criminals.

Officials Hope to Curb Global Fraud by Targeting Border Operations in Myanmar
In a drastic move to curb fraud along the Myanmar border, Thailand announced plans to cut power and telecommunications in border areas of Myanmar linked to scam operations. The move is aimed at crippling criminal syndicates running notorious call centers that orchestrate scams, financial fraud and human trafficking.

Mitigate Career Risk With a Self-Audit, Targeted Training and Real-World Testing
Changing jobs or going after that promotion can be difficult, even in a field like cybersecurity where the demand for skilled professionals is high. Often, the biggest career challenge is not that advanced persistent threat or the zero-day vulnerability. It's what we call "mental malware."

Analyst Allie Mellen on Open-Source AI Adoption, Vendor Considerations, Data Risks
AI adoption is accelerating across security operations, but DeepSeek has introduced security, privacy, and geopolitical risks that organizations should carefully assess. Forrester's Allie Mellen shares advice on AI adoption by cybersecurity, third-party risks and data protection.

Guidance Intended to Help Companies Detect Compromises Faster
Countries forming the Five Eyes intelligence alliance outlined Tuesday minimum security requirements that edge device vendors should follow to enable swifter forensics analysis in the wake of cyberattacks. Edge devices have become the repeated target of nation-state hackers.

Lawsuit Claims R.I. Health Information Exchange Retaliated Against 'Whistleblower'
The former HIPAA compliance officer of Rhode Island's state health information exchange is suing the organization in a federal lawsuit claiming that she was terminated from her job after blowing the whistle on the HIE's alleged unlawful disclosures of patient information for research purposes.