Ransomware DataBreachToday.com

Leaked Executive Order Would Strip States of Power to Regulate AI Tech Firms
A leaked draft executive order would empower federal agencies to override state AI laws, threatening federal funds for noncompliance and creating a litigation task force - drawing sharp backlash over executive overreach and potential harm to consumers.

Class Action Litigation and Criminal Case Focus on Actions of an Ex-Tech Worker
A federal court has granted preliminary approval of a $5 million settlement in class action litigation filed against Pennsylvania-based Geisinger Health and Nuance Communications - now part of Microsoft - involving a 2023 insider data breach affecting more than 1 million Geisinger patients.

European Cybersecurity Agency Can Assign CVE IDs and Publish CVE Records
The European Union Agency for Cybersecurity is poised to take on a greater role in coordinating vulnerability disclosures across the trading bloc with its elevation as a "Root"-level participant in the Common Vulnerabilities and Exposures program.

Salesforce Revoked Gainsight Authentication Tokens
Customer relationship management giant Salesforce is again notifying customers that hackers may be stealing their data through a third-party app. The San Francisco company late Wednesday disclosed that apps published by Gainsight connected to Salesforce instances may have "enabled unauthorized access."

Avoid Roadblocks to Your Advancement, Optimize Your Professional Throughput
Career latency is not an indictment of your ability. Understanding what creates latency in your professional life and how to address it is an essential component of long-term growth. With a diagnostic mindset and a willingness to optimize, you can restore throughput and move forward with purpose.

Researchers Suspect a Chinese ROB-Building Operation
Suspected Chinese cyberespionage hackers have commandeered tens of thousands of Asus routers in an operation showing a heavy emphasis on infecting devices stationed in Taiwan. The campaign tracks with reports that Beijing is actively pressing unpatched routers into ORB networks.

Treasury Links Russian Bulletproof Host Network to Prolific Ransomware Operations
The U.S., U.K. and Australia sanctioned Russian bulletproof host Media Land for supporting major ransomware gangs, including LockBit and Play, a move paired with new global guidance urging internet service providers to tighten access controls and disrupt cybercrime infrastructure.

AppOmni Finds Now Assist Agents Could Trigger Unauthorized Actions
ServiceNow's Now Assist agents could be manipulated through second-order prompt injection, enabling unauthorized record changes and data exposure despite protections, shows new research from AppOmni. The issue stemmed from default configurations that allow agents to invoke each other.

Ransomware Gang Emerged in 2023, Also Hits Many Other Critical Sectors
For at least the third time in two years, authorities are warning the healthcare and other critical infrastructure sectors - including small and mid-sized providers - of evolving threats posed by the Akira ransomware gang, which first surfaced in 2023 but claims more than 1,100 victims so far.

Cyber Leaders Address AI Threats, Compliance Resilience, Zero Trust
From AI‑driven fraud schemes to tightening regulations and identity threats, ISMG's New York Fraud Prevention and Financial Cybersecurity Summits brought together CISOs, investigators and risk leaders to share practical strategies for strengthening defenses and building true resilience.

Attackers Can Flip Safety Filters Using Short Token Sequences
A few stray characters, sometimes as small as "oz" or generic as "=coffee" may be all it takes to steer past an AI system's safety checks. HiddenLayer researchers have found a way to identify short token sequences that can cause guardrail models to misclassify malicious prompts as harmless.

Data of Nearly 470,000 Patients and Employees May Have Been Leaked on Dark Web
Omni Family Health, a California nonprofit network of community health centers, has agreed to pay $6.5 million to settle proposed class action lawsuits related to a 2024 hack that may have exposed the personal information of nearly 470,000 current and former patients and employees on the dark web.

Hacking Group Deploys Raft of Custom Malware Variants
An Iranian state hacking group with a history of targeting aerospace, aviation and defense industries across the Middle East has improved its tooling with multiple custom malware variants, warned Google. The group, tracked as UNC1549, is suspected of ties to the Iranian Revolutionary Guard Corps.

Only Regulations Can Convince Meta to Cut Its Revenue Stream From Fraud Victims
How motivated would you be to stop a source of revenue if you discovered that some of your advertisers are scamming your customers? Most businesses would want to protect their customers. In the strange universe of social media giant Meta, incentives for doing the right thing are totally different.

Suspect May Be Military Officer Indicted by US for 2016 Election Interference
Police in Thailand have arrested a Russian citizen suspected of launching hack attacks against targets around the world, who's wanted by the FBI. While the suspect hasn't been named, his age matches that of a Russian military intelligence officer indicted for 2016 U.S. election interference.

Quantum Advances Are Outpacing Global Readiness, Cybersecurity Leaders Warn
While quantum computing promises advances in fields such as healthcare and financial modeling, cybersecurity experts say Q-Day also poses a fundamental risk to the cryptographic standards that secure communications, digital signatures and transactions worldwide.

NIH Working on Fixes to Address National Security Risks and Weak Access Controls
The sensitive health and genomics data of 1 million Americans used by a National Institutes of Health research project could be at risk for access or theft by bad actors, including foreign adversaries, a government watchdog group. Security weaknesses discovered in an audit are being addressed.