DataBreachToday.com

Google Cloud Capacity Could Help Anthropic Ease Model Growth Constraints
Google's up to $40 billion bet on Anthropic would deepen its role as investor, cloud supplier and Gemini rival while giving the San Francisco-based Claude maker critical compute capacity amid surging demand and scrutiny of circular AI infrastructure deals.

CIOs Face Growing Pressure on Risk, Data and Board Reporting
As AI moves deeper into enterprise operations, CIOs are being pushed to turn governance principles into practical controls, board reporting and risk oversight, according to a survey by The Conference Board's Governance and Sustainability Center.

Exclusion of OT From AI-Powered Vulnerability Discovery Poses Risks to National Security
Hyperscalers and IT behemoths are on the list, while OT companies are not. The list in question includes the companies that have special access to powerful new models from the two major U.S. frontier AI labs to identify vulnerabilities before hackers get access to similar technology.

Digital Passkeys That Synchronize Across Devices Are Easier, Faster, More Secure
Forget passwords: British cybersecurity officials now recommend using digital passkeys whenever they're available, finding that passkeys offer better and faster security, with lower costs for services that provide them, compared to widely despised passwords.

Adeeb Mahmood of Evinova and Shahar Peled of Terra Security Describe Transition
Continuous pen testing has replaced static annual tests and is reshaping how Evinova, a technology company of AstraZeneca, is managing cyber risk in its fast-moving cloud environment, said Adeeb Mahmood of Evinova and Shahar Peled of Terra Security, who describe the transition.

Governments Have Long Warned About Kremlin Social Engineering Hacks
Signal is defending the security of its systems following a series of phishing attacks that took place on the encrypted messaging platform, and that reportedly compromised members of the German government including the president of the country's parliament.

Why AI and Traditional Penetration Testing Must Converge
As artificial intelligence red teaming evolves beyond prompt injection, security teams must combine data science, model testing and traditional penetration testing to assess risks across the full attack surface.

How Risk-Centric Architecture, Unified Pricing Give SOC Managers Total Visibility
Security teams can't afford to leave assets unprotected, but per-endpoint pricing forces exactly that trade-off. Learn how abandoning rigid license models and adopting risk-centric architecture gives SOC teams total visibility and kernel-level prevention across every environment.

Video of Industry Figures Harvested During Meetings and Used to Lure Future Victims
North Korean hackers are pretending to be cryptocurrency insiders, in an attempt to trick targets into accepting Calendly calendar invites. The social engineering ruse is designed to infect Windows and macOS systems with crypto stealers, and to harvest video of real-life people for future lures.

Cybercrime Gang ShinyHunters Claimed to Steal 9M Records
Medtronic has told federal authorities that cybercriminals hacked its corporate IT systems, but said the incident did not affect the medical device makers' products, manufacturing or distribution operations. Cybercrime gang ShinyHunters reportedly claimed responsibility for the hack.

Former Officials, Tech Groups Say Anthropic Designation Is Illegal - and Dangerous
Former U.S. defense and intelligence officials argue the Pentagon's designation of Anthropic as a supply-chain risk was politically motivated and legally flawed, warning it could erode trust in government contracting and weaken the defense AI ecosystem.

An On Demand video from ID Dataweb
Scattered Spider is rapidly expanding its reach, exploiting identity processes and help desks to infiltrate organizations. Discover their tactics and the steps you can take now to reduce risk. Watch the webinar.

Explore how AI is reshaping the security landscape—uncover emerging threats, identity challenges, and the strategies needed to stay ahead.

Also: Embedded AI in Pharmaceutical Sector, the Story Behind Apple's CEO Change
In this week's panel, four ISMG editors examine what’s really behind Apple's CEO transition, how pharmaceutical giants are racing to embed artificial intelligence across core operations, and why AI-driven threats are forcing a rethink of how quickly defenders can respond.

Continuous Integration Has Its Downsides
As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not only rely on code integrity tools, but also to introduce a delay before merging new repos, since unfolding attacks tend to get spotted in days, if not hours or minutes.

'Firestarter' Backdoor Can Survive Reboots, Upgrades and Standard Fixes
The Cybersecurity and Infrastructure Security Agency issued an emergency directive warning a newly-discovered Cisco backdoor can survive routine remediation processes, forcing agencies to investigate edge devices that anchor federal firewall and VPN security.

HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis Failures
Faulty or non-existent security risk analyses cost a medical imaging provider, a women's healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn't do enough to prevent ransomware attacks.

Acquisition Adds Advisory, GRC and Vulnerability Services to ImagineX's MDR Core
TekStream acquired ImagineX’s cyber division to integrate advisory, vulnerability management and GRC with its MDR services, aiming to help CISOs defend against faster, AI-driven attacks by unifying proactive and reactive security into a single operational model.