BankInfoSecurity.com

Recent Package Compromises Pushed Software Component Trust to the Security Agenda
Cloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal Hit
This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.

Deal Would Help Cisco Expand Footprint Beyond Authentication, ITDR and ISPM
Cisco's cyber M&A dry spell could soon come to an end, with the company reportedly in talks to acquire New York-based non-human identity startup Astrix Security for between $250 million and $350 million. That would represent at least a 25% premium to the startup’s last valuation of around $200 million.

Nation-State Hits Now Comprise Majority of Serious Incidents Probed by Government
British intelligence officials said they investigate about four major incidents per week, with the majority involving nation-state actors. Officials said the shape and scope of how cyberattacks are being wielded by the nation's adversaries continues to change as fast as the technology evolves.

AI Enthusiasts Haven't Used Model to Probe for Vulns, Source Tells Bloomberg
An unauthorized group of users gained access to Claude Mythos Preview artificial intelligence model and have regularly used it since the day that AI firm Anthropic revealed the model's existence while pronouncing it too dangerous to release to the public, reports Bloomberg.

Pact Is Among Other Similar Biotech, AI Firm Collaborations to Speed Up Drug R&D
Merck has struck a multi-year deal with Google Cloud worth up to $1 billion to enhance the pharmaceutical and life sciences giant's digital backbone "as an AI-enabled enterprise." The initiative includes deploying an agentic AI platform across R&D, manufacturing, commercial and corporate functions.

TrendAI's Tom Kellermann on Defending Against Agentic Attacks, APT Collaboration
AI-driven threats now operate with speed, scale and persistence. Defenders need expanded telemetry, a global research team and an advanced XDR platform to predict and suppress adversaries defenders, said Tom Kellermann, vice president of AI security and threat intelligence at TrendAI.

How We Talk About AI Says as Much About Human Cognition as It Does About Them
The debate about AI consciousness misses the point. Asking better questions about what these systems are reveals as much about human thinking as about the technology itself.

House Democrats Are the Latest to Raise Data Collection Privacy, Security Alarms
A plan by the U.S. federal agency that oversees federal benefits that would require insurers to hand over the identifiable health data of civil servants received pushback from House of Representatives Democrats who said it throws up privacy and security risks.

French Vendor's QShield Offering Protects Edge Systems From Reverse Engineering
Aircraft manufacturer Airbus plans to acquire 100-person French cybersecurity vendor Quarkslab to strengthen sovereign European defenses by protecting aerospace and defense software, data and edge systems from AI-driven reverse engineering and exploitation.

Security demands keep growing, but your team can’t. For many SLTT and education organizations, limited staff, complex environments, and constant alerts make it difficult to keep up. This webinar shows how you can close the gap by strengthening detection and response without adding complexity, cost, or headcount.

Overhaul, Restructuring Puts Cyber at Core of Digital Warfare
Defense officials told House lawmakers the newly-released budget request positions cyber as a core warfighting domain, funding expanded offensive operations, AI-driven capabilities and a major Cyber Command overhaul as adversaries shift from espionage to pre-positioned disruptive attacks.

New Rules Will Jolt Maritime Cybersecurity Market Amid Geopolitical Anxiety
A Coast Guard rule imposing standards on operational technology systems in ports and larger U.S.-flagged commercial vessels is poised to supercharge the maritime cybersecurity market - a boon granted by concern that shipping is a weak target for a world roiled by mounting geopolitical tensions.

Complaints Allege Tempus AI Lacked Consent to Use, Share Data With Pharma Cos.
A healthcare artificial intelligence firm that sells genetic information from an acquired database holding the results of millions of screening tests faces multiple putative class action lawsuits in Chicago federal court. Genetic data resists attempts to de-identify it, plaintiffs say.

KPMG Survey Finds Organizations Must Transform Ops to Scale AI
A new KPMG survey shows that while most enterprises have an AI strategy, only a small fraction are seeing real ROI. Enterprises getting it right are embedding AI into operations, governance and workforce development from the start.

Attacker First Compromised AI Tool Used by Vercel Employee, Platform Provider Finds
Cloud platform provider Vercel said an attacker breached its systems and stole customer data after compromising a third-party agentic artificial intelligence tool used by an employee, called Context.ai, and stealing from it credentials and OAuth tokens tied to multiple services and customers.

Outsiders Could Exploit Misconfig to Stream Commands, Credentials
A misconfiguration in Microsoft's Azure SRE Agent may have allowed any Azure account holder from any company to tap into another organization's agent conversations in real time, watching commands, outputs and credentials, leaving no trace.

Cisco's Jeetu Patel on How Machine-Speed Threats Drive Need for AI-Led Security
Cisco's Jeetu Patel explains how AI models are compressing exploit timelines to minutes, forcing a shift to machine-speed defense, real-time enforcement and deeper ecosystem collaboration to secure critical infrastructure and stay ahead of adversaries.