Ransomware DataBreachToday.com

OIG: Gaps in Standards, Third-Party Oversight Put Agencies, Health Sector at Risk
Auditors say the U.S. Department of Health and Human Services should buttress its ability to respond to cyberthreats by standardizing governance and controls across its many divisions - and also do a better job of overseeing its many contractors and the risk they introduce.

More Dry Powder Will Help Cloud Security Sweepstakes Against Palo, CrowdStrike, Wiz
Upwind is in talks with Bessemer Venture Partners and Picture Capital to raise more than $250 million at a valuation of $1.2 billion to $1.5 billion, Calcalist reported. Upwind in December 2024 closed a $100 million Series A round and tripled its valuation over the prior 15 months to $900 million.

Acting Director Says Agency Has Stabilized After Major Staff Losses Throughout 2025
After a year of internal upheaval and budget strain, CISA's acting director told Congress the agency is now stabilized and will launch targeted 2026 initiatives, even as lawmakers weigh steep funding cuts that could limit its cyber defense capabilities across federal networks.

Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System Compromise
Attackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.

CISOs Grapple With AI Blind Spots, Excessive Permissions and Governance Issues
Machine identities continue to multiply as organizations push automation, cloud services and AI-driven initiatives deeper into core operations. This rapid growth creates new vulnerabilities, especially when non-human identities lack governance or are completely invisible to security teams.

Also: $7M Saga and $5M Makina Finance Exploits
This week, South Korea dismantled a $102 million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win ethereum transaction auctions for free.

Corporate Hiring Practices Risk Shutting Down the Talent Supply Line
In cybersecurity hiring, many organizations have quietly removed entry-level jobs from the workforce altogether. While it may meet immediate corporate goals to hire more experienced practitioners, these extremely limited on ramps for cybersecurity jobs risk cutting off the talent pipeline.

Chinese Attackers Among Those Tied to Attempted Exploits of FortiSIEM Appliances
Critical vulnerabilities in edge devices are continuing to be discovered by security researchers and rapidly targeted by attackers. Lately, this includes a critical vulnerability in Fortinet's FortiSIEM appliances, which Chinese and other hackers began targeting just two days post-patch.

Check Point Identifies VoidLink Framework First 'Advanced' AI-Generated Threat
A single developer built a Linux malware framework in less than a week using artificial intelligence, said security researchers. Check Point researchers say this is a case of AI-generated malware reaching operational maturity at a pace that challenges assumptions about development timelines.

Nearly $270M Cut From CISA Despite Mounting Foreign Cyberthreats
Congress is proposing cuts of nearly $270 million from the Cybersecurity and Infrastructure Security Agency's budget for fiscal year 2026, reducing funding for threat hunting and vulnerability management as officials warn foreign adversaries are escalating cyber operations targeting U.S. systems.

Breach Affected More Than a Dozen Healthcare Clients, 2.5M Patients
Electronic health records vendor Veradigm agreed to pay $10.5 million to settle consolidated class action litigation involving a December 2024 hacking incident discovered in mid-2025 that affected more than a dozen healthcare provider clients and about 2.5 million of their patients.

Revised Cybersecurity Act Would Also Boost ENISA
Countries across the EU could be forced to kick Chinese telecom manufacturers such as Huawei and ZTE out of their critical infrastructure supply chains, under a far-reaching proposal published by the European Commission on Tuesday.

IBM Survey Finds AI Strategy Now Hinges on Integration and Differentiation
The thriving enterprise of 2030 will be AI-first, not just AI-enabled, said IBM's latest Institute for Business Value. The company surveyed more than 2,000 C-suite executives in the second half of 2025. The results paint a picture of the future of digital transformation dominated by AI technology.

CEO Nadav Zafrir Discusses Lakera and Veriti Buys, Wiz Pact and AI Strategy Shift
Check Point Software is doubling down on AI security through the acquisitions of Lakera and Veriti and platform integration with Wiz. CEO Nadav Zafrir explains how the firm is shifting from point products to a holistic approach and why it's investing heavily to stay ahead in the AI security race.

State Monitoring Incident Involving a Health Entity Worker for Potential Fraud
The Minnesota Department of Human Services is notifying nearly 304,000 people of data breach involving someone at a healthcare provider who inappropriately accessed information from an IT system managed by a vendor. State officials are monitoring the incident for potential fraud.

Findings From WEF's 2026 Report Show Shifting Cyber Priorities as AI Reshapes Risk
Cyber-enabled fraud has overtaken ransomware as the top cybersecurity concern for CEOs heading into 2026, according to the World Economic Forum's Global Cybersecurity Outlook 2026, released ahead of the Davos meeting. AI is a top emerging technology affecting both cyber risk and cyber defense.

Crackdown Targets Multiple Members of Cybercrime Group, Including 'Hash Crackers'
Police raided two suspected members of the notorious Black Basta ransomware group - tied to over 600 victims worldwide and many millions in ransom payments - in Ukraine and issued an international arrest warrant for the Russian national suspected of being the operation's founder and ringleader.

Feds Pushing HIPAA Regulated Entities to Bolster Security Risk Management
Federal regulators are advising regulated healthcare firms and their third-party vendors to harden systems, software and medical devices to better safeguard protected health information. Hardening is a necessary measure for protecting data privacy and security - as well as patient safety.

5x Revenue Growth, $1B Valuation Fuel Investment in Code Security Innovation
Backed by DST Global, Aikido Security's $60 million Series B will fund global expansion and boost its AI-powered security tools. CEO Willem Delbare said the firm's autonomous pen-testing and code remediation capability cuts cost, boosts software resilience and already outperforms humans.

eSync Alliance Chair Shrikant Acharya on How Standardization Can Prevent Breaches
Over-the-air updates are an irreplaceable part of software-defined vehicles, giving manufacturers a convenient way of remotely fixing and upgrading vehicles. If not appropriately secured, over-the-air updates can become a gateway for data theft, malware injection, vehicle theft and even injury.