DataBreachToday.com

Voluntary Effort Calls for Standards, Empowering Patients, But What About Privacy?
The Trump administration launched an initiative to improve patient data interoperability, exchange and accessibility throughout the healthcare ecosystem. The effort asks tech firms, healthcare providers and insurers to voluntarily comply with standards and data sharing criteria. Sounds like déjà vu?

Advice for Young Cyber Professionals in the Age of AI and Security Automation
Professionals across industries, especially those in early career stages, are struggling to find not only jobs but also career path direction. The old map no longer applies. Today's environment requires adaptability, strategy and a willingness to build new paths entirely.

AI Tools Detect Breaches Quicker but Shadow AI Causes Breaches, Too
Organizations are detecting data breaches more quickly and paying less to remediate them, says IBM's new "Cost of a Data Breach Report 2025." Some caveats apply, with U.S. organizations experiencing higher breach costs. Breach fallout from shadow AI is also rising.

Firm Admits Paying Ransom in Exchange of Hacker's Promise to Delete Stolen Info
Two Florida-based law firms with offices in other states are notifying 282,100 people whose healthcare and other information was potentially compromised in separate data theft incidents. One of the firms admitted to paying a ransom to prevent its data from being leaked on the darkweb.

CyberArk Deal Adds Privileged Access Capabilities to Palo Alto Networks' Core Stack
With a $25 billion acquisition of CyberArk, Palo Alto Networks expands its cybersecurity platform to secure human, machine and AI identities. CEO Nikesh Arora said the move is timely as 88% of ransomware attacks now stem from credential theft, and agentic AI emerges as a new risk vector.

Unauthenticated Bugs Allow Full Remote Code Execution
Unauthenticated attackers could remotely hijack Dahua Hero C1 smart cameras by exploiting firmware vulnerabilities, Bitdefender warned in a coordinated disclosure published Wednesday. Dahua Technoloy released patches on July 7. The company is on a number of U.S. federal blacklists.

Healthcare Faces Rising App-Based Ransomware Threats and Urgent Compliance Demands
Ransomware is evolving and healthcare is in the crosshairs. As apps and APIs become critical to patient care, they also open new threat vectors. Compliance alone isn't enough - organizations must act fast to close security gaps and defend against app-based attacks.

Palo Alto Has Always Shied Away From Identity and Expensive M&A. What Changed?
Less than five months after Google agreed to spend $32 billion on red-hot cloud security startup Wiz, Palo Alto Networks is on the precipice of paying more than $20 billion for PAM goliath CyberArk, The Wall Street Journal reported Tuesday. Here's why the deal represents a major pivot for Palo Alto.

145 Organizations Compromised by China-Linked Ransomware Hackers and Others
Nearly 150 different organizations' on-premises SharePoint servers have been exploited by attackers targeting the zero-day vulnerabilities now tracked as ToolShell, researchers warn. Early attacks have been attributed to China-linked groups, in some cases leading to Warlock ransomware infections.

Brazil-Targeting Malware Exploits Windows UIA to Evade Detection
A banking Trojan long confined to Brazil has become the first known malware to exploit Microsoft's UI Automation framework to extract credentials, signaling a new tactic that may evade conventional detection. Akamai's findings point to a growing trend of attackers using legitimate system features.

At Least 410,000 Patients Reported Affected, But Likely Even More Victims
Months after news first broke that a hacking incident compromised legacy patient data hosted by Cerner electronic health record servers that were set to migrate to parent company Oracle's cloud environment, data breach reports related to the hack are still slowly trickling in to regulators. What's taking so long?

New UK Law Requiring Age-Verification Measures on Porn Sites Causes VPN Use to Soar
Free virtual private network services are soaring to the top of the app charts in the United Kingdom after a new law went into effect Friday requiring platforms that contain adult content - including sites like X and Reddit - to confirm users' ages through "robust" verification measures.

Operation Checkmate Disrupts One of the Large Russian-Speaking Ransomware Groups
An international law enforcement operation has disrupted BlackSuit, a ransomware group tied to hundreds of victims and ransom demands that exceeded half a billion dollars. The takedown occurred as security experts tracked the rise of a new group called Chaos, which may be a BlackSuit rebrand.

Attackers Stole US Customer Data Using Social Engineering
A malicious actor breached a customer relationship management platform used by Allianz Life Insurance of North America on July 16 and stole personally identifiable information of most of its 1.4 million U.S. customers, financial professionals and some employees, the company said.

Lawsuit Claims BJC Health Shared Patient Info From MyChart Portal Without Consent
A Missouri healthcare system has agreed to pay up to $9.25 million to settle a proposed class action lawsuit alleging that its use of online tracking tools in its patient portals transmitted sensitive patient information to third-party firms without the patients' knowledge or consent.

SaaS Enhancements Aim to Boost Network Detection, Response for Small Security Teams
Corelight's SaaS platform Investigator is designed to bring scalable network detection and response to smaller security teams. CEO Brian Dye says generative AI workflows and enriched network context help defenders identify threats faster and with greater confidence than ever.

Startup Targets Next-Gen Security Opportunities Beyond Autonomous SOC Agents
Dropzone AI raised $37 million to scale its flagship AI SOC analyst and build new agentic AI tools for cybersecurity operations. CEO Edward Wu says the funding supports demand surges as enterprises shift toward human-augmenting AI to handle alert fatigue and security tool sprawl.

Aeroflot Hit With Wiper Malware, Claim Pro-Ukrainian Hackers From Belarus
Russia's largest airline, Aeroflot, canceled dozens of flights on Monday and delayed more due to an IT disruption. Two pro-Ukrainian hacking groups from Belarus claimed to have wiped stolen extensive customer data before wiping 7,000 physical and virtual servers used by the airline.