DataBreachToday.com

Also: Winkle Abduction Sentencing and Crypto Theft Rising
This week, uncovering 40 malicious crypto Firefox extensions, three sentenced in a Belgium court for crypto kidnapping, the rise of crypto theft. The U.S. Secret Service is a huge crypto custodian, and prosecutors claw back funds pilfered by a fake presidential inaugural committee.

Suspects Tied to April Ransomware Attacks Against Retailers M&S, Co-Op, Harrods
The U.K.'s National Crime Agency on Thursday arrested in England four suspected members of the Scattered Spider cybercrime collective, as part of an ongoing investigation into major, disruptive hack attacks in April against major retailers Marks & Spencer, the Co-Op and Harrods.

Impersonation Hoax Leverages Top Officials' Known Use of Commercial Messaging App
Security analysts tell Information Security Media Group more impersonation scams fueled by artificial intelligence - like the recent one involving Secretary of State Marco Rubio - may increasingly target top U.S. officials if the government continues failing to enforce strict security protocols.

AI Is Fueling Innovation and Blind Spots. Deep Observability Helps Close the Gap.
AI is transforming business, but it's also creating new security challenges. With network traffic surging and shadow AI on the rise, visibility is more critical than ever. Learn how deep observability helps close the gaps and defend against AI-fueled threats.

Cybercrime gang Scattered Spider is the top suspect in several recent cyberattacks in the U.S. insurance sector, and it's likely that threat actors could still be lurking in other insurers' IT environments, said Peter McMurtrie of consulting firm West Monroe.

Always Secure MCP Servers Connecting LLMs to External Systems, Experts Warn
Warning: Popular technology designed to make it easy for artificial intelligence tools to connect with external applications and data sources can be turned to malicious use. Researchers discovered two separate vulnerabilities tied to tools in the ecosystem around model context protocol, or MCP.

Research Shows How Large Language Models Fake Conceptual Mastery
MIT, Harvard and University of Chicago researchers say models suffer from "potemkin understanding," referring to an illusion where models ace conceptual tests but fail real-world application. Their paper warns this undermines benchmarks and points to gaps in genuine AI comprehension.

Island CEO Mike Fey on Drivers for SASE, Identity Features in Enterprise Browser
Island co-founder and CEO Mike Fey outlines how the enterprise browser is evolving through AI, SASE and hyperscaler investments to enhance governance, reduce backhaul traffic and support secure access across diverse industries such as healthcare and finance.

Phishing Emails Disguise Malware as Contract Files
A Russian cybersecurity company is warning that hackers are targeting Russia's industrial sector using a previously undocumented spyware, reeling them in with contract-themed emails lures. Kaspersky dubbed the spyware "Batavia." but doesn't attribute the campaign to a threat actor.

Officials Look for Positive PR Stories as Putin's War Drags On
Russian authorities regularly trumpet the arrest and sentencing of citizens who offer hacking support to Ukrainian forces. Experts say the extent to which official crime reports can be trusted remains unclear, especially as officials need to look tough on the "Ukrainian threat."

Settlement Follows Federal Investigation Into Data Leak and Ransomware Attack
A Texas mental healthcare provider's failure to conduct a comprehensive risk analysis resulted in a $225,000 federal fine after regulators investigated a data leak followed by a ransomware attack in 2023. Deer Oaks Behavioral Health also must implement a corrective action plan.

Cybersecurity Compliance Vendor A-Lign Plans Global Expansion With Backing From Hg
Cybersecurity compliance firm A-LIGN has received a majority investment from Hg, a top tech-focused private equity firm. The deal supports A-LIGN's global ambitions to deliver SOC 2 and other compliance audits and leverages Hg’s expertise in scaling data and AI-driven services.

China's Hack-For-Hire Scene Disgorges Another Leak
The Chinese nation-state threat actor tracked as Salt Typhoon is operated by a clutch of private firms whose clients include multiple Chinese government agencies, finds analysis of leaked data by Spy Cloud. Researchers found a spreadsheet listing buyers, sellers and financial transaction details.

Crypto Defense, Data Centers, Monitoring Systems Strain Global Energy Use
As security monitoring, crypto mining protection and data centers fuel cybersecurity's energy demands, new regulations, such as Australia's National Greenhouse and Energy Reporting Act 2007, signal a global shift toward holding the industry accountable for its environmental impact.

Firms Adding Chief AI Officer to C-Suite to Lead Integration, Value Creation
Generative AI is now a top budget priority over security for many enterprises, but AI talent gap continues to hinder progress on AI projects. A recent AWS report recommends redefining AI leadership roles and strengthening third-party partnerships to unlock gen AI's full potential.

Proposed Deal Could End Precedent-Setting SEC Case Over Cybersecurity Misstatements
The SEC and SolarWinds told a federal judge they've reached a tentative agreement to resolve a first-of-its-kind fraud case over cybersecurity disclosures. Federal regulators alleged that SolarWinds misled investors about its cybersecurity, and the settlement hinges on SEC commissioner approval.

Automation Saves Time But Risks Hollowing Out Critical Early-Career Roles
Time travel can seem like an unofficial requirement for cybersecurity job seekers, with would-be employers demanding mid-tier chops for entry-level positions. Come back in a few years, they say, after you've gained experience. But organizations can't assume the pipeline will fix itself.

Citrix Issues Patches to Counter Active Attacks Against Two Critical Vulnerabilities
Administrators of Citrix Netscaler devices are being urged to immediately patch their devices to fix two actively exploited vulnerabilities. One, dubbed Citrix Bleed 2, can be abused by hackers to bypass multifactor authentication, hijack user sessions and gain unauthorized access to the equipment.