DataBreachToday.com

Government Says Bill Will 'Pump 10 Billion Pounds' Into Economy
The U.K. government passed the Data Use and Access Bill that will introduce a host of privacy changes intended at making data processing more lenient with a motive to promote economic growth. Whether the EU will continue to find British law adequate is an open question.

While Exceptions Apply, Such Efforts Often Only Amount to Psychological Operations
Missile exchanges over the skies of Israel and Iran entered their eighth day, wreaking death and destruction. Hacktivists are taking that as their cue to join the fray, although whether their efforts function as anything more than psychological operations is unclear.

Iranian OT Hacking Team Has Gone Quiet … Too Quiet
Armed exchanges between Iran and Israel and the prospect of U.S. armed intervention against Tehran has cyber defenders warning about hacking risks to critical infrastructure. Iran's CyberAv3ngers doesn't possess the sophistication of Chinese or Russian actors but it's still a persistent threat.

High-Severity Flaw in LangChain's AI Tooling Hub Now Patched
A flaw in the LangSmith platform, an open-source framework that helps developers build LLM-powered applications, can enable hackers to siphon sensitive data, said Noma Security. Dubbed AgentSmith, the flaw can allow attackers to embed malicious proxy configurations into public AI agents.

Also, Researchers Exploit Tesla Wall Connector Via Charging Cable
This week: Chinese Salt Typhoon hackers hit Viasat, researchers hacked a Tesla charger, Sitecore CMS flaws, Krispy Kreme disclosed hacking damage, Archetyp Market taken down. Episource disclosed a ransomware hack and Spain ruled out cyberattack for the April Iberian blackout.

Erie Insurance and Philadelphia Insurance Still Recovering From Separate Attacks
Statements by Erie Indemnity Co. and Philadelphia Insurance Companies indicate that voluntary decisions to disconnect their systems from the network - not ransomware encryption - have disrupted operations over the past 10 days since the carriers were hit with separate cyberattacks.

Passengers' Nuisance Claim Against CrowdStrike Barred by Airline Deregulation Act
A judge dismissed a suit against CrowdStrike over its 2024 outage, ruling the claims by airline passengers are preempted by the Airline Deregulation Act. The plaintiffs claimed damages for negligence and public nuisance. But the court found those claims were inseparable from the airlines' services.

Government Says Bill Will 'Pump 10 Billion Pounds' Into Economy
The UK government passed the Data Use and Access Bill that will introduce a host of privacy changes intended at making data processing more lenient with a motive to promote economic growth. Whether the EU will continue to find British law adequate enough is an open question.

Join Matthew Radcliffe & Rob Sebaugh - as we explore how to fix security gaps in privacy for healthcare organizations.

Global Tensions Are Driving Demand for Cybersecurity Jobs
Cybersecurity professionals are finding themselves on the front lines of a different kind of battlefield - one that spans global networks, targets civilian infrastructure and operates continuously across borders. Follow these steps to prepare for a career in cyber defense.

Shanghai Firm Bets on Open-Source Strategy, Efficiency Claims
Shanghai artificial intelligence startup MiniMax released a new open-source large language model, positioning it as a direct competitor to American and other Chinese models. MiniMax says its model performs competitively on benchmark tests against leading proprietary and open models.

Crime Gang Begins Leaking Stolen Freedman HealthCare Data
Cybercriminal gang World Leaks - formerly Hunters International - reportedly claims to have stolen 52.4 gigabytes of data containing 42,204 files from Massachusetts-based Freedman HealthCare, a contractor that provides data integration and analytics services to state health agencies.

Iranian Officials Call Internet Outages Intentional to Disrupt Israeli Operations
Iranian officials said widespread internet outages were deliberate and meant to disrupt covert Israeli operations within the country following days of missile attacks from Israel and a rapidly escalating regional conflict that experts warn could trigger major cyberattacks on critical infrastructure.

Deal Expands Native Email Security and Response Workflows for MDR and MSP Clients
Bitdefender’s acquisition of Irish startup Mesh adds native email protection to its XDR and MDR portfolios. Mesh’s dual-mode defense and MSP-friendly design provide deeper visibility, faster remediation and enhanced threat response across hybrid environments.

Deal Adds Live Fraud Red Teaming, Adversarial Testing to Neovera's Cyber Portfolio
Neovera has acquired Greenway Solutions, a Charlotte-based fraud red-teaming vendor serving top banks, to expand its cyber capabilities. The Washington D.C.-area services provider plans to tailor services for community banks and credit unions using automation and selective testing.

Move Raises Possibility Group Isn't Just Marketing Its Malware to Criminals
Up-and-coming ransomware group Anubis has tweaked its malware to irrevocably wipe victims' data - an unusual tactic from hackers whose typical corrupt bargain is restored data in exchange for extortion money. Why would a ransomware attacker seeking leverage in negotiations ever do this?

Hackers Posing as Help Desks and Call Centers to Target Victims, Google Warns
A hacking collective behind recent cyberattacks on major British retailers has pivoted to target U.S. insurance firms, warned Google. Scattered Spider, tracked as UNC3944 by Google, is a financially motivated threat group consisting largely of English-speaking adolescents.

Several Affected HealthEC Healthcare Clients Are Chipping in to Fund Settlement
A provider of artificial intelligence-enabled hospital cost-cutting software and several of its healthcare clients agreed to $5.48 million to settle proposed class action litigation involving a 2023 hacking incident affecting 4.6 million individuals.