DataBreachToday.com

Adeeb Mahmood of Evinova and Shahar Peled of Terra Security Describe Transition
Continuous pen testing has replaced static annual tests and is reshaping how Evinova, a technology company of AstraZeneca, is managing cyber risk in its fast-moving cloud environment, said Adeeb Mahmood of Evinova and Shahar Peled of Terra Security, who describe the transition.

Governments Have Long Warned About Kremlin Social Engineering Hacks
Signal is defending the security of its systems following a series of phishing attacks that took place on the encrypted messaging platform, and that reportedly compromised members of the German government including the president of the country's parliament.

Why AI and Traditional Penetration Testing Must Converge
As artificial intelligence red teaming evolves beyond prompt injection, security teams must combine data science, model testing and traditional penetration testing to assess risks across the full attack surface.

How Risk-Centric Architecture, Unified Pricing Give SOC Managers Total Visibility
Security teams can't afford to leave assets unprotected, but per-endpoint pricing forces exactly that trade-off. Learn how abandoning rigid license models and adopting risk-centric architecture gives SOC teams total visibility and kernel-level prevention across every environment.

Video of Industry Figures Harvested During Meetings and Used to Lure Future Victims
North Korean hackers are pretending to be cryptocurrency insiders, in an attempt to trick targets into accepting Calendly calendar invites. The social engineering ruse is designed to infect Windows and macOS systems with crypto stealers, and to harvest video of real-life people for future lures.

Cybercrime Gang ShinyHunters Claimed to Steal 9M Records
Medtronic has told federal authorities that cybercriminals hacked its corporate IT systems, but said the incident did not affect the medical device makers' products, manufacturing or distribution operations. Cybercrime gang ShinyHunters reportedly claimed responsibility for the hack.

Former Officials, Tech Groups Say Anthropic Designation Is Illegal - and Dangerous
Former U.S. defense and intelligence officials argue the Pentagon's designation of Anthropic as a supply-chain risk was politically motivated and legally flawed, warning it could erode trust in government contracting and weaken the defense AI ecosystem.

An On Demand video from ID Dataweb
Scattered Spider is rapidly expanding its reach, exploiting identity processes and help desks to infiltrate organizations. Discover their tactics and the steps you can take now to reduce risk. Watch the webinar.

Explore how AI is reshaping the security landscape—uncover emerging threats, identity challenges, and the strategies needed to stay ahead.

Also: Embedded AI in Pharmaceutical Sector, the Story Behind Apple's CEO Change
In this week's panel, four ISMG editors examine what’s really behind Apple's CEO transition, how pharmaceutical giants are racing to embed artificial intelligence across core operations, and why AI-driven threats are forcing a rethink of how quickly defenders can respond.

Continuous Integration Has Its Downsides
As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not only rely on code integrity tools, but also to introduce a delay before merging new repos, since unfolding attacks tend to get spotted in days, if not hours or minutes.

'Firestarter' Backdoor Can Survive Reboots, Upgrades and Standard Fixes
The Cybersecurity and Infrastructure Security Agency issued an emergency directive warning a newly-discovered Cisco backdoor can survive routine remediation processes, forcing agencies to investigate edge devices that anchor federal firewall and VPN security.

HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis Failures
Faulty or non-existent security risk analyses cost a medical imaging provider, a women's healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn't do enough to prevent ransomware attacks.

Acquisition Adds Advisory, GRC and Vulnerability Services to ImagineX's MDR Core
TekStream acquired ImagineX’s cyber division to integrate advisory, vulnerability management and GRC with its MDR services, aiming to help CISOs defend against faster, AI-driven attacks by unifying proactive and reactive security into a single operational model.

AMA Wants Privacy, Security AI Tool Protections, Especially in Mental Health
The American Medical Association says using artificial intelligence chatbots carries risks - including data privacy and security breaches - and the largest U.S. professional association for physicians and medical students is urging Congress to take action to protect patients from potential harm.

Berlin Proposes 3 Month Requirement to Store IP Addresses
The German government says it's unlocked the secret to passing a law that would require internet service providers to keep customer data without running afoul of privacy and security concerns that sunk earlier attempts. Critics say that's impossible

Recent Package Compromises Pushed Software Component Trust to the Security Agenda
Cloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal Hit
This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.

Deal Would Help Cisco Expand Footprint Beyond Authentication, ITDR and ISPM
Cisco's cyber M&A dry spell could soon come to an end, with the company reportedly in talks to acquire New York-based non-human identity startup Astrix Security for between $250 million and $350 million. That would represent at least a 25% premium to the startup’s last valuation of around $200 million.