DataBreachToday.com

Google Warns of Cyber Trends Gaining Traction
The virtualized layer of technology underpinning modern IT deployments is transforming from a strength to a cybersecurity vulnerability, warns Google in a report extrapolating current trends. A confluence of factors are converting virtualized environments into a "critical blind spot."

AWS to Build Server Clusters, Nvidia to Supply Chips for 7 Years
Loss-making OpenAI added to a string deals with a $38 billion commitment on Monday to using compute resources provided by Amazon Web Services. The AI giant said AWS will build out server clusters using Nvidia flagship Blackwell chips for the next seven years.

Devices Unpatched Since October 2023 Are Vulnerable
The Australian cyber defense agency warned that hackers are attacking unpatched Cisco IOS XE enterprise devices to leave behind a web shell the networking manufacturer calls "BadCandy." At least 150 Cisco devices in Australia carry the implant as of late October.

Oglethorpe Notifying 92,000 Patients of June Hack of Mental Health, Addiction Info
A Florida-based firm that operates in-patient mental health and addiction recovery treatment facilities in three states is notifying more than 92,000 patients that their personal and sensitive health information may have been compromised in a data theft hack discovered in June.

Acquisition Boosts AI Defense from Red-Teaming, Risk Scoring to Compliance Tracking
The SPLX acquisition gives Zscaler new tools for red-teaming, AI governance and pre-deployment risk analysis. The deal will strengthen Zscaler's push to provide comprehensive GenAI protection, from cloud model discovery to runtime guardrails and ongoing compliance reporting.

European Startup Acquisition Aims to Unify Technical and Financial Cyber Insights
The acquisition of Intangic enhances Searchlight Cyber's ability to quantify and price cyber risk by using AI and dark web intelligence. The combined platform will offer actionable third-party risk data for CISOs, CFOs and insurance providers to better understand and manage cyber exposure.

Denmark Concedes Domestic and International Opposition Against Client Scanning
Denmark is withdrawing a proposal that would have required online service providers to scan communications and files on user devices for child sexual abuse material after domestic and international opposition. The Scandinavian country presides over the Council of the European Union until December.

Multimillion Dollar Deal Resolves 27 Lawsuits After 2023 Email Storage Hack
A Tennessee federal court has approved a multimillion dollar settlement in consolidated class action litigation against HCA Healthcare in the wake of a 2023 email data theft hack that the publicly traded company reported as affecting nearly 11.3 million individuals.

Non-Dilutive Funding From General Catalyst Supports Global Go-to-Market Push
Backed by $280 million in growth financing from General Catalyst, Chainguard plans to scale global go-to-market efforts and invest in its open-source security platform. The non-dilutive funding structure allows for targeted investment based on customer acquisition.

Why the Fortinet Earnings Case Is a Cautionary Tale for the Cybersecurity Sector
Fortinet's stock unexpectedly plunged more than 20% in August. That same month, Gartner named Fortinet an industry leader in its Magic Quadrant for hybrid mesh firewalls. But the thing that sent Fortinet's stock into a nosedive was revenue forecasts that didn't pan out.

NAV Canada CISO Tom Bornais on Keeping IT and OT Systems Running
With threats targeting aviation infrastructure, NAV Canada CISO Tom Bornais explained how his team focuses on building resilience rather than chasing perfection. He outlined why internal alignment, incident simulation and supply chain security are critical to defending IT and OT systems.

Global Tech Debt Impedes Growth as AI, Cloud and Legacy Systems Collide
Technical debt is no longer just a developer's dilemma; it's a global business risk. As companies cling to legacy systems and monolithic code, modernization efforts stall. Rising costs, slower delivery and AI limitations highlight the urgent need for scalable, future-ready architectures.

Experts Call for Whole-Business Planning to Protect Patients and Operations
When a hospital, healthcare system or one of their critical third-party vendors is hit with a ransomware attack, all hell can break loose quickly. That can mean diverted ambulances, cancelled patient appointments, business processes put on hold and other critical operations stopped.

Surge in AI and Non-Human Identities Drives Demand for More Powerful Access Control
Amid rising complexity from AI agents and non-human identities, ConductorOne has raised $79 million in Series B funding. CEO Alex Bovee said the company aims to expand its identity platform, simplify access control and help security teams address evolving threats in hybrid environments.

Attorney Jonathan Armstrong on Vetting Job Applicants, Red Flags and Compliance
North Korean operatives are using fake identities and remote job listings to bypass sanctions and infiltrate companies. But employers can avoid becoming unwitting accomplices, said legal expert Jonathan Armstrong, who advises firms to adopt stronger vetting practices and structured investigations.