DataBreachToday.com

Researchers in Proof of Concept Show Exploit Potential for Widely Used Software
Technical details for a recently patched maximum-severity vulnerability in Cisco IOS XE reveal how hackers can enable remote code execution if the flaw is exploited. The vulnerability is an arbitrary file upload triggered by a hardcoded JSON Web Token.

DHS Budget Proposal Reduces CISA’s Operational Core Amid Growing Global Threats
The Trump administration’s 2026 Homeland Security Department budget would cut $500 million from the Cybersecurity and Infrastructure Security Agency, eliminating over a third of its staff and gutting key programs central to federal cybersecurity and private sector engagement efforts.

Ransomware, Quantum Computing, Geopolitics, Gen AI and More on the Agenda
Infosecurity Europe is set to return June 3 to London. Hot topics at this year's event include everything from quantum computing, geopolitics and artificial intelligence, to supply chain attacks, insider threats and the cybercrime juggernaut that continues to be ransomware.

It's only a matter of time before cybercriminals begin to use artificial intelligence-enabled tools, open-source software and other technologies to launch attacks to exploit sensitive genetic data, said Nicholas Morris, a practice manager at security firm Optiv.

Race-Condition Bugs in Ubuntu and Red Hat Tools Could Leak Sensitive Memory Data
Hackers could exploit a tool that stores crashed system data in older Linux operating systems to obtain passwords and encryption keys, warn researchers. The flaw lies in the way certain Linux distributions, including Ubuntu, Red Hat, and Fedora, handle application crashes.

New Open-Source Model Rivals OpenAI, While Treading Beijing's Red Line
Artificial intelligence startup DeepSeek released Thursday an updated version of its flagship reasoning model months after its Chinese origin sent shockwaves through industry. The model is a glimpse into high-performance systems being trained and deployed under norms governed by Beijing.

Funnull Technology Is Content Delivery Network for Criminals, Says US Treasury
The U.S. government sanctioned a Philippine firm linked to romance bait scam websites. The Department of Treasury cut off Funnull Technology from the U.S.-dominated international monetary system for acting as a content delivery network for scam platforms.

Gartner: Security Service Edge Market Is Experiencing Evolution, Not Revolution
Pure-play security service edge specialists Zscaler and Netskope were once again joined by platform behemoth Palo Alto Networks atop Gartner's rankings of SSE vendors. The SSE market is experiencing evolution rather than revolution, with commoditization prevalent in legacy security technologies.

After Hours-Long Disruption, XDR Vendor Promises Full Root Cause Analysis of Outage
Cybersecurity vendor SentinelOne suffered a major, global outage for about six hours on Thursday that disrupted its monitoring of managed response service customers' endpoints and networks, interrupted software updates and kept administrators from accessing consoles for troubleshooting purposes.

As Visa and Mastercard Deploy AI Agents, Experts Ask: Who Holds the Receipt?
When AI assistants order groceries or book flights, who's responsible when something goes wrong? That question is no longer hypothetical. As Visa and Mastercard enable AI agents to perform transactions on behalf of cardholders, experts weigh the legal, security and privacy stakes.

Also: Deepfake Dangers with Veo 3; Claude Opus 4's Manipulative Edge
In this week's update, Information Security Media Group editors questioned whether we’re less secure today despite agentic AI and platformization, examined Veo 3’s alarming leap in deepfake realism, and dug into Anthropic’s powerful yet problematic Claude Opus 4.

US, Australian Cyber Agencies Say Visibility Gaps Threaten Detection and Response
The Cybersecurity and Infrastructure Security Agency issued new guidance urging organizations to streamline Security Information and Event Management platform integration by prioritizing impactful log data and reducing blind spots that continue to plague even mature security operations centers.

Apex Security Detection Tools Help Tenable Spot Accidental and Malicious AI Misuse
Tenable is acquiring Israeli startup Apex Security to extend AI security features that go beyond asset discovery. With user-level controls and risk mitigation for AI usage, Tenable aims to accelerate its exposure management roadmap by integrating Apex into Tenable One later this year.

Retailers Report a Spurt in Breaches
Jewelry retailer Tiffany & Co. said hackers stole South Korean customers' data from a third-party vendor's platform, a disclosure that came shortly after sister brand Dior announced a similar breach. Hackers stole the personal information of South Korean shoppers.

Palo Alto Networks on How to Construct a Defense for Modern Threats
The rapid evolution of cyber threats, amplified by the integration of AI into adversarial tactics, calls for a shift in defensive strategies. Traditional approaches are no longer sufficient to address the sophistication, scale, and speed of modern attacks.

Things to Include on Your CV When Your Job Focuses on Keeping Systems Running
If you're a junior SOC analyst, a GRC specialist or someone working in ICS environments, the idea of a cyber portfolio might seem irrelevant. It's not. Employers need tangible proof of your skills, and a well-constructed portfolio does just that - whether your job touches logs or legal frameworks.

Huang Says Rules Shut Nvidia Out of $50B China Market, Gives Rivals Long-Term Edge
CEO Jensen Huang says new U.S. chip restrictions on China forced Nvidia to write down $4.5 billion in AI inventory and will hurt American leadership in global infrastructure as Chinese firms gain momentum. The rules fuel China’s rise and jeopardize U.S. infrastructure dominance, according to Huang.

APT31 Compromised the Czech Foreign Affairs Ministry in 2022
The Czech government on Wednesday said Chinese state hackers stole sensitive declassified information from the republic's foreign ministry as part of a years-long espionage campaign. Czech Ministry of Foreign Affairs attributed the hack to a Chinese nation-state group tracked as APT31.

Stealthy Malware Installs Cryptomining Software
A botnet targeting Internet of Things devices works by brute forcing credentials and downloading cryptomining software. Researchers call the botnet "PumaBot," since its malware checks for the string "Pumatronix," the name of a Brazilian manufacturer of surveillance and traffic camera systems.