Ransomware DataBreachToday.com

Espionage and Cybercrime Campaign Tied to 7-Zip Mark-of-the-Web Bypass Hits
Russian hackers targeting Ukrainian government agencies and businesses - including a major automotive manufacturer - have been targeting a zero-day vulnerability in the open source and widely used 7-Zip archive utility, to infect systems with credential-stealing SmokeLoader malware.

OneTrust's Ojas Rege Details Act Requirements, AI Governance Challenges
The first set of rules banning high-risk AI systems under the European Union AI Act went into effect on Sunday. Starting this week, companies are now barred from deploying AI-driven emotion recognition in the workplace and schools. OneTrust's Ojas Rege discusses the implications.

3rd Round of Layoffs in 3 Years Comes as Rival CyberArk Surpasses Okta's Valuation
Okta will execute its third round of layoffs in three years, cutting 180 employees to reallocate resources toward priorities to drive growth. The San Francisco-based identity security giant on Tuesday shared plans to reduce its staff by 3% in what has become somewhat of an annual tradition for Okta.

'Frontier AI Framework' Identifies Risk Categories, Action Plan
Meta has set new limits on the release of its advanced artificial intelligence models, establishing a framework detailing the criteria for restricting systems deemed too dangerous for public release. Meta's Frontier AI Framework identifies two risk categories: high and critical.

US to Investigate Whether DeepSeek Bypassed Export Controls to Obtain Nvidia Chips
Singapore has vowed to investigate allegations that Chinese artificial intelligence company DeepSeek flouted U.S. export controls to obtain high-performance Nvidia chips to power its flagship R1 reasoning application through intermediaries based in the island nation.

Security Concerns, Chinese Ownership Drive Concerns
U.S. federal agencies and corporations with ties to the government are blocking employees from using Chinese chatbot DeepSeek over security and privacy concerns. China could potentially use DeepSeek AI models to spy on American citizens, acquire proprietary secrets and conduct influence campaigns.

'Advanced Planning Unit' to Focus on Societal, Economic, Workplace Implications
Microsoft has created a new research-focused entity as part of its artificial intelligence division to analyze and anticipate the technology's societal, economic and workplace implications. It will report directly to Mustafa Suleyman, CEO of Microsoft AI.

Lawmakers Demand Answers After Musk Aides Gain Access to Key Payment Systems
Reports that a Trump administration task force headed by Elon Musk gained access to sensitive government systems have rattled the cybersecurity community amid fears of misuse. "Working for Elon Musk does not give you some supernatural shield of cyber invulnerability," said Mark Montgomery.

At the Same Time, the Total Number of Breach Notifications to Consumers Increased
The total amount of annual fines imposed by European privacy regulators fell in 2024 for the first time since the EU's pioneering data protection law came into effect, even as the number of data breach notifications continued to increase, report legal privacy researchers.

UK Banks Face Adoption Challenges and Cybersecurity Concerns
Despite its promise of innovation and cost efficiency, banks in the United Kingdom continue to struggle with the adoption of open banking. Consumer awareness, security concerns and a lack of incentives remain hurdles as stakeholders push for broader integration.

OpenAI's New Cost-Efficient AI Reasoning Model Excels in Math, Coding and Science
OpenAI has launched o3-mini, a high-performance AI model optimized for STEM tasks. The model offers enhanced reasoning abilities, reduced latency, and features like function calling and structured outputs. Available in ChatGPT and API, o3-mini surpasses its predecessor in coding and math accuracy.

Health Records of Children, Deceased Patients Among Compromised Data
Community Health Center, which has a dozen primary care, dental and other clinics in Connecticut, is notifying nearly 1.1 million people - including pediatric patients and their parents and guardians - that their information was potentially stolen in a cyberattack detected earlier this month.

Governmental Agencies Won't Meet 2025 Goal of Bolster Cybersecurity
The British government fell short of its goal of significantly fortifying civilian IT systems to withstand cyberattacks by 2025, warned auditors in a report highlighting that much of officialdom runs on legacy systems. Nearly half of the government IT budget goes to keeping legacy systems running.

Series B Funding to Drive Seraphic's Innovation in Browser Security, AI Governance
Seraphic Security secured $29 million to scale its enterprise browser security solutions. With growing cyberthreats, CEO Ilan Yeshua highlights the need for AI-driven security, governance and compliance. The company plans to expand its North American presence and strengthen partnerships.

Data Exposure, Harmful Content and Security Risks Undermine DeepSeek AI Models
Researchers uncovered flaws in large language models developed by Chinese artificial intelligence company DeepSeek, including its flagship R1 reasoning application. The security concerns come as Microsoft and OpenAI investigate whether DeepSeek-developed models used data scraped from an OpenAI API.

Banks Shift Blame to Social Media, Telecoms While Scam Victims Pay the Price
If you're the victim of a scam in Australia, the chances of being reimbursed for your stolen funds are low. In fact, the AFCA ruled in favor of full reimbursement for victims in only 4.8% of its cases in 2024, highlighting the difficulty consumers face in disputing fraud-related losses with banks.

'There's A Lot of Confusion Going On'
A halt on new contract awards by the federal government’s top procurement agency has thrown vendors into confusion, raising concerns about its ripple effects. White House announcements are "definitely causing confusion" among cybersecurity contractors and officials, an industry analyst said.

Ransomware Attack on Center Is Latest Assault on Blood Supply Chain
A New York blood center and its divisions that serves hospitals in several states are dealing with ransomware attack disrupting donations and other activities. The attack - the latest assault on a blood supplier - comes just days after the center declared a blood shortage emergency.

Feds Warn Flaws Could Lead to 'Simultaneous Exploitation' of All Devices
U.S. federal authorities are warning that cybersecurity vulnerabilities in two brands of patient monitors used in healthcare settings and in patients' homes can allow remote attackers to take over control the devices when connected to the internet, posing safety and data privacy concerns.

Google Says Iranian and Chinese Threat Group the Most Active
Iranian and Chinese threat actors are using Google's artificial intelligence application Gemini for vulnerability scanning and reconnaissance activities, with some attempting to bypass security guardrails of the application, the computing giant disclosed.