DataBreachToday.com

OTsec India Steering Committee Discuss Cyberthreats, Compliance and Innovation
Featuring some of the most prominent voices in Indian operational technology cybersecurity, the steering committee for the inaugural OTsec India Summit shares insights on a range of topics including OT threats, regulatory imperatives and the latest innovations.

Also: SBF Appeals Conviction, PHP Exploits Fuel Cryptomining
Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, Europol's 600 million euro fraud network bust, Sam Bankman-Fried conviction appeal, PHP exploits fueled cryptomining campaigns and sentencing set for Samourai Wallet founders.

Statewide Breach Hit 60 Agencies Before Ransomware Was Deployed
A threat actor infiltrated Nevada’s statewide systems undetected for months, ultimately disrupting at least 60 agencies by deleting backups and launching ransomware that forced a full rebuild of core infrastructure and triggered a multimillion-dollar emergency response.

Also, Australian Police Arrest 55 in New Round of Anom App Sting
This week: UPenn hit by email breach, Australian police arrested 55, 'SesameOp' backdoor hid C2 traffic, BEC scammers used AWS, hackers stole trucking cargo, Ukrainian national extradited to United States for role in Conti ransomware and a supply chain risk in advanced installer tool.

Central Jersey Medical Center Runs Health Centers for Schools in Newark
Central Jersey Medical Center, a federally qualified health center that partners with public schools in Newark, New Jersey, is notifying an undisclosed number of people of a data breach related to an August ransomware attack. The incident is latest to hit a resourced-stretched healthcare provider.

Learn the Business, Be Intentional, Find a Mentor and Build Non-Technical Skills
New to cybersecurity? Start by learning how organizations work - their people, processes and priorities - before diving deep into technical stacks. Understanding how to translate technical findings into business risk differentiates a professional from a technician.

DOJ: Suspects Hit 5 Firms, Including 3 in Healthcare, Netted $1.3M in Ransom Money
Three former employees of two cybersecurity firms stand accused of using BlackCat ransomware in a conspiracy to extort five U.S. companies, including three in the healthcare sector. One of the victim companies paid nearly $1.3 million to the attackers, U.S. federal prosecutors said.

DHS Plans to Expand SAVE Database Use Raise Privacy, Accuracy and Security Concerns
A Department of Homeland Security move to broaden an immigration verification database into a voter verification tool could expose sensitive information to security threats. Critics caution it accelerates a pattern of data being repurposed by the Trump administration for surveillance.

Chinese Hackers Target European Diplomats with LNK File Flaw
Chinese nation-state hackers are exploiting a Windows vulnerability to hack European diplomatic outposts, say security researchers - but operating system giant Microsoft says the flaw doesn't merit a patch. Hackers used a flaw already compromised by North Korea and Russia.

Funding Round Led by Goldman Sachs Boosts Valuation to $6.1 Billion
Another cybersecurity vendor is planning to dive into the still waters of an initial public offering. Cyber exposure management firm Armis dipped its toe in the market Wednesday, announcing a pre-IPO funding round of $435 million that boosted the company's valuation to $6.1 billion.

Google Details How Attackers Could Use LLMs to Mutate Scripts
Malware authors are experimenting with a new breed of artificial intelligence-driven attacks, with code that could potentially rewrite itself as it runs. Large language models are allowing hackers to generate, modify and execute commands on demand, instead of relying on static payloads

German Payment Processor Insiders Accused of Laundering Fake Subscription Proceeds
Police have arrested 18 suspects as part of a global crackdown targeting fraud and money laundering networks tied to the theft of $345 million by using 4.3 million cardholders' stolen data to sign them up to fake dating, pornography or streaming sites that billed monthly.

Joint Platform to Offer Human-Led, Automated Application Security in One Place
Bugcrowd acquired Mayhem Security to integrate automated application testing with human-led testing capabilities. The company plans to embed Pittsburgh-based Mayhem's reinforcement learning tech and AI models into its broader platform to speed up vulnerability detection.

Largest Breach of 2025 Hits 10.5M People, Multiple Insurers, State Agencies
Proposed federal class action litigation and various investigations are piling up against Conduent Business Solutions following its recent public disclosure that an October 2024 hacking incident potentially compromised personal and health information of more than 10.5 million people.

Officials Say Major Staffing Cuts and Furloughs Undercut Response to F5 Cyberattack
Current and former federal officials tell Information Security Media Group furloughs and leadership gaps across the federal cyber ecosystem have hindered the U.S. government's ability to coordinate response efforts after a nation-state actor exploited flaws in F5’s BIG-IP systems amid the shutdown.

Global Conflicts and Tariff Wars Are Driving New OT Threats and Supply Chain Risks
Global conflicts and tariff wars provide new opportunities for cyber adversaries, especially those targeting operational technology systems. Now attackers are focusing on fragile supply chains. Claroty researchers predict attackers will breach at least one major cyber-physical system in the next year.

AI's Impact on Productivity and Employment Demands Proactive Policy Action
The future of work is no longer speculative, it is already being coded. From automated writing assistants to robotic warehouse employees, artificial intelligence is entering every part of the modern workforce faster than regulations or social frameworks can adapt.