DataBreachToday.com

Concerns About Enterprise AI Are Opening New Opportunities for Problem-Solvers
Some organizations are hesitant about implementing artificial intelligence tools in their enterprises because of accuracy, security and privacy concerns. That hesitation creates opportunities for professionals who can bridge the gap between technical potential and practical deployment.

Threat actors now use AI for scaling organized retail crime and to make bot detection more difficult. How can defenders use AI to respond? Jackie Deloplaine of RH-ISAC and Derek Dykens of Splunk share insight and optimism on the use of AI to detect and combat ORC.

US and Allies Warn About Persistent and Long Term Access to Network Equipment
The Chinese hackers responsible for breaking into telecom networks across the globe capitalize on already documented vulnerabilities, principally in Cisco routing equipment, warn a slew of national cybersecurity agencies. Hackers use publicly known vulnerabilities with CVE designations.

HHS Shifts 42 CFR Enforcement Duties to Office of Civil Rights Amid Massive Reorg
The U.S. Department of Health and Human Services has put its Office for Civil Rights in charge of investigating and penalizing organizations that breach the confidentiality of substance abuse disorder records. Some fear the agency doesn't have the bandwidth to enforce both HIPAA and 42 CFR Part 2.

Class Action Litigation Accused Mt. Sinai of Sending Patient Info to Facebook
A New York City healthcare system has agreed to pay nearly $5.3 million to settle a proposed class action lawsuit alleging that the hospital's use of online tracking tools in its patient portal and website sent patient information to Facebook without their knowledge or consent for years.

Deal Ends Suit Alleging Microsoft's Message Encryption Tool Violated Virtru Patents
After three years of litigation, Virtru and Microsoft have settled a patent infringement case involving the tech giant’s email encryption product. The suit claimed Microsoft's technology infringed Virtru’s patented identity-driven encryption method for seamless, credential-free data access.

Citrix Publishes Patches After Attackers Exploit Memory Overflow Vulnerability
NetScaler customers of virtualization giant Citrix once again should patch immediately to stymie the hackers exploiting a zero-day. Citrix warned Tuesday that hackers are using a memory overflow vulnerability now tracked as CVE-2025-7775. The vulnerability carries a CVSS score of 9.2.

Just-in-Time, Database, Kubernetes Access Fuel Privileged Access Startup M&A
By acquiring startup Axiom Security, Okta aims to enhance privileged access by offering broader coverage of sensitive assets like Kubernetes containers and databases. The company says the move accelerates value delivery and complements Okta's existing privileged access capabilities.

Department of Government Efficiency Staffers Created 'Live Replica' of SSA Data
The Social Security Administration's chief data officer is warning in a whistleblower complaint that DOGE created a cloud replica of the Social Security database without proper authorization or oversight, potentially exposing the personal data of 300 million Americans.

Pakistan-Linked Threat Actor Targets Indian Linux Operation System
Pakistan-linked hackers are targeting an Indian Linux-based operating system by tricking government employees into clicking malicious files that look like PDFs. When opened, the files install spyware, giving attackers long-term access to sensitive government systems.

Nevada Grappling With Statewide IT Disruption, Forcing Suspension of Services
Nevada officials are investigating a network security breach that forced state offices to suspend services and knocked key systems offline, including websites and phone lines, though emergency services remain active and no data exposure has been confirmed.

ACI Worldwide's Signals Network Intelligence Technology Promises to Fight APP Scams
Real-time payments are set to boost global GDP by $285.8 billion and bring 167 million people into the financial system by 2028. ACI Worldwide says real-time fraud prevention is key to protecting these gains.

Farmers' Breach Affects 1.1 Million; Aflac Is Still Counting Victims
Two major U.S.-based insurers - Farmers Insurance and Aflac Inc. - have each reported to regulators data breaches involving two recent separate cyberattacks. The breaches follow a spring and summer spree of data exfiltration incidents that hit multiple large players in the insurance sector.

Nevada Grappling with Statewide IT Disruption, Forcing Suspension of Services
Nevada officials are investigating a network security breach that forced state offices to suspend services and knocked key systems offline, including websites and phone lines, though emergency services remain active and no data exposure has been confirmed.

One Prompt Was Enough for AI Agent to Buy, Click and Expose Sensitive Data
AI agents that shop and surf the web on behalf of users are suckers for scams, find security researchers who sicced a fake online story, a phishing email and a fake captcha on Perplexity's AI-powered web browser Comet. The AI's logic was not designed to weigh credibility or risk.

Physical Security Firm Eyes Insider Risk, Federal Growth and AI-Powered Automation
Ontic has raised $230 million in Series C funding to expand its connected intelligence platform and pursue new federal and international markets. The Austin, Texas-based company will invest in AI, integrations and data to strengthen cyber-physical threat detection and automation.

Colton Malkerson of EdgeRunner AI on How Edge AI Offers Resilience
Cloud-first AI assumes constant connectivity - but in battlefields, disaster zones and enterprises, that's not always possible. Colton Malkerson of EdgeRunner AI explains why the future of generative AI may lie at the edge: offline, secure and mission-ready.

US Faster Payments Council's Peter Tapling on Automated Agentic AI Commerce
AI agents can trigger transactions customers never intended. With traditional payment rules failing to address bot-driven decisions, financial institutions must rethink how they assess fraud, dispute resolution and transaction monitoring in the age of agentic AI commerce.

Country's Largest Lender Bank Offers to Reinstate 45 'Redundant' Workers
Commonwealth Bank of Australia reversed plans to eliminate 45 call center positions after its chatbots failed to reduce customer service volume as promised, forcing the bank to offer overtime to remaining staff while facing union challenges over what may have been disguised outsourcing to India.

US Cyber Defense Agency Pushes for Automation and Machine-Readable Data in SBOMs
The Cybersecurity and Infrastructure Security Agency released a draft update to its Software Bill of Materials minimum elements guidance, adding components to push SBOMs toward automated, operational use in supply chain risk tracking - while also addressing gaps in standardization and visibility.