BankInfoSecurity.com

Noodlophile Steals Credentials and Wallets Under AI Video Guise
Hackers are targeting users into downloading infostealers by tricking them into clicking on links that claim to produce AI-generated videos. The attackers build websites and promoted them on high-visibility Facebook groups, some exceeding 60,000 views.

Alabama Ophthalmology Practice, California Dental Clinic Report Breaches
Cybercriminal gang BianLian claims to have stolen patient information in two recent hacks of an Alabama-based ophthalmology practice and a California dental clinic. The two incidents affected nearly 150,000 people and are among the extortion group's latest attacks on the healthcare sector.

Machine Learning, Generative AI Bolster Continuous User Authentication
Financial institutions can use AI-fueled behavioral biometrics for real-time identity assurance. By continuously profiling how users interact with devices, firms can shift from one-time authentication to real-time identity assurance, turning every click, pause and keystroke into a frontline defense.

Analysts Warn White House IT Plan Could Conflict With Deregulation Directives
Experts warn a new strategy that aims to centralize federal IT procurement under the General Services Administration with standardized terms and deep vendor discounts may actually undermine deregulation goals while excluding small vendors and clashing with agency-specific cybersecurity mandates.

State Accused Tech Giant of Geolocation, Incognito Search, Biometric Violations
Texas has reached a nearly $1.4 billion settlement agreement with technology giant Alphabet after accusing its Google subsidiary of violating state privacy laws via its geolocation, incognito search and biometric data capture and retention practices.

Malware Targets Western Officials, NGOs and Journalists
Russian cyber espionage hackers are using a new malware strain dubbed "Lostkeys" in a targeted espionage campaign aimed at Western officials, NGOs and journalists. Google researchers attribute Lostkeys to the threat group Coldriver, an operational unit within the Federal Security Service.

Strategic Plan Includes Human Risk Management Platform Expansion, IPO Preparation
Bryan Palma outlines his vision to grow KnowBe4 beyond security awareness training by investing in agentic AI, expanding email and behavioral tools and positioning the company for IPO readiness. He highlights Vista Equity's support and platform depth as key assets.

Also: Cyber IPOs and the Investment Climate, the Urgency of AI Explainability
In this week's update, ISMG editors unpacked Trump's teased "grand cyber plan" amid budget cuts to the Cybersecurity and Infrastructure Security Agency, key business takeaways from RSAC Conference 2025 and why explainability in artificial intelligence is becoming critical to trust and security.

Government Officials Sound 'Wake Up' Alarms
A rash of cyber incidents felt by British businesses add up to a wake-up call that cybersecurity is an absolute priority, top government officials warned during an annual conference hosted by the National Cyber Security Centre. The NCSC unveiled cyber resilience measures timed for the conference.

Partners Use Bedrock, SageMaker for Threat Detection, Response, Vital to Innovation
AWS is enabling cybersecurity firms to enhance detection, triage and response capabilities by embedding generative AI into services like Bedrock and SageMaker, while reinforcing its position as a partner-centric cloud security leader, said Managing Director Rohan Karmarkar.

Pharmaceutical companies typically have more mature cyber programs than other healthcare factions, but these firms also face unique risks involving their large attack surfaces, complex manufacturing, supply chains and sensitive intellectual property, said Joshua Mullen of Booz Allen Hamilton.

Pixtral Models 60 Times More Likely to Generate Harmful Content Than Rivals
Publicly available artificial intelligence models made by Mistral produce child sexual abuse material and instructions for chemical weapons manufacturing at rates far exceeding those of competing systems, found researchers from Enkrypt AI.

Russian, Kazakh Hackers Charged in $46M Proxy Botnet Scheme
Federal prosecutors charged four hackers for running a proxy botnet that exploited infected routers, using domains like Anyproxy.net to resell U.S. network access globally - and generating over $46M before a coordinated international takedown, according to a Friday indictment.

Threat Outpaces Government's Ability to Keep Pace, Says Parliamentary Committee
Cyberthreats have evolved beyond the British government's ability to keep pace, warned a Parliamentary committee in a report highlighting lack of prioritization and a deficiency in civil service cyber skills. The country has felt a series of stinging cyberattacks over the last few years.

University of Texas CISO George Finney on Zero Trust Challenges and His New Book
Enterprises need to mature their zero trust models to recognize how trust is inherently built into artificial intelligence and how to proactively identify vulnerabilities. George Finney, CISO at University of Texas Systems, says security teams need to be trained to spot implicit trust across systems.

After Vendor Paid for Data-Deletion Promise, Criminals Extort Schools Directly
Students, gather round for the sad story of how PowerSchool got schooled by hackers, who stole data on students and teachers. After PowerSchool paid a ransom for a guarantee that the data would be deleted, the bad hackers failed to honor their promise.