DataBreachToday.com

Thousands of MCP Servers Leave AI Apps Open to Attack Surfaces
Hundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

State Moves to Restructure Cyber Bureau and Issue Mass Layoffs Despite Court Order
Current and recent former Department of State staffers told Information Security Media Group the agency is preparing to implement layoffs and begin a reorganization despite a San Francisco federal district court order blocking across-the-board layoffs at federal agencies.

Why Cynomi's Embrace of AI-Driven Security Tools Will Drive MSP and MSSP Efficiency
Cynomi’s recent Series B funding round will deepen AI features, expand its Solution Showcase and enable managed service providers to deliver cybersecurity at scale. CEO David Primor says the company is building the operating system for MSP and MSSP cyber operations.

Debt Collector's 2024 Data Breach Affected Multiple Hospitals and Medical Practices
The list of healthcare sector clients reporting large health data breaches from the 2024 hack on debt collection firm Nationwide Recovery Service continues to grow, as does the vast number of affected patients. So far, the hack has affected at least 500,000 patients.

Also, O Canada, Oh Brother and More Probable Chinese Hacking
This week, ransomware kills, Salt Typhoon hit Canada, Russian backdoors, SAP and Citrix patches, China hackers in the oil and energy sector. Brother printers have an unfixable flaw. Ransomware hit a U.S. dairy cooperative. Hackers in Albania and Oxford. European lawmakers heard cybersecurity advice.

KPMG Climbs, ThreatConnect Falls in Latest Cyber Risk Quantification Forrester Wave
Safe Security and Axio remained atop Forrester's cyber risk quantification rankings, with KPMB climbing onto the leaderboard and ThreatConnect falling off the leaderboard. Cyber risk quantification tools have moved beyond basic risk modeling to automate recommendations and analyze trends.

CIO Greg Barbaccia's Memo Targets Churn, Burnout, Fragmented Culture
When Gregory Barbaccia took the job as the U.S. federal CIO in January 2025, he became the sixth person to hold the position in eight years. Five months into his tenure, he laid out 16 operating principles in the latest attempt to stabilize leadership churn.

AI Assistants Accelerate Coding But Can Create Huge Risks for the Inexperienced
When used well, vibe coding can unlock astonishing productivity and lower the barrier to getting ideas off the ground. But here's the problem: Too many newcomers are mistaking it as a replacement for a deep understanding of coding and software development principles.

Trojanized NetExtender Installer Exfiltrates Data to Hardcoded IP Address
Fake versions of SonicWall VPN software contain a credential-stealing Trojan, the California network security company warned Monday. Imposter versions of tools such as VPNs, virtual desktops and software development tools "are often laced with infostealers."

Predibase Acquisition Adds AI Talent, Cost-Optimization and Fine-Tuning Model Tech
Rubrik has acquired Predibase to accelerate enterprise generative AI adoption with improved accuracy and efficiency. Rubrik will combine its trusted data security with Predibase’s model hosting and tuning to drive scalable, trustworthy AI deployment to help scale projects from pilot to production.

Agency: Rising Threats Put Manufacturing Supply Chains, Patient Safety at Risk
The Food and Drug Administration is urging medical product makers to carefully address the cybersecurity of their connected operational technologies, including advanced and "smart" devices used in their manufacturing and supply chains, to reduce the risk to rising cyberthreats.

'IntelBroker' Faces Four-Count Indictment in Manhattan Federal Court
A hacker known online as "IntelBroker" and who has a history of spilling sensitive information faces a four-count criminal indictment in the United States after French police arrested him in February. IntelBroker's true identity is British national Kai West, U.S. federal Manhattan prosecutors said.

Voice Analytics Firm to Expand Footprint in Finance, Defense and Insurance
Clearspeed will use its $60 million raise to build out teams and technology as it scales its AI-powered voice screening platform across finance, insurance and security sectors. CEO Alex Martin said the firm aims to double revenue and push into conservative sectors seeking AI-powered trust solutions.

Hackers Can Use Unverified Email to Log onto SaaS Apps With Entra ID
A flaw in a Microsoft single sign-on feature allowing cloud app account takeovers discovered in 2023 never really went away, say researchers - notwithstanding a computing giant claim that it almost immediately fixed the vulnerability known as nOAuth.

Gartner Says Leaders Should Balance AI Innovation With Strong Data Governance
As AI adoption grows, Gartner warns that data governance, not technology, is the top hurdle. At the Mumbai summit, Gartner analysts said data and analytics leaders should shift from fear to trust, align with business goals and scale AI through practical governance.

Congress Faces Pressure to Modernize Cyber Definitions, Safeguards Before Deadline
With the Cybersecurity Information Sharing Act of 2015 set to expire this fall, lawmakers face mounting pressure to update its liability protections and outdated definitions, as experts warn that failure to modernize could undermine public-private threat sharing and weaken national cyber defenses.

10-Year Freeze on AI State Laws Remains in Senate Bill Despite Fierce Pushback
A decade-long federal ban on state AI regulations remains in the Senate’s version of Trump’s sweeping legislative bill, drawing sharp bipartisan criticism for sidelining state oversight and granting tech giants a reprieve amid growing calls for stronger AI governance.