DataBreachToday.com

Also: AI, Machine Identity Risks; Europe’s Digital Sovereignty Push
In this week's panel, four ISMG editors examined how cybercriminals may be turning on each other, what security leaders are really saying about machine identities and AI risk, and how shifting U.S.-Europe dynamics are reshaping technology resilience and digital sovereignty.

Prompt Candidates to Wave, Check IP Addresses and Ask About Their Supposed Location
They're young, tech-savvy and often the most productive remote worker on the team. They're a major security risk numbering in the thousands that a multitude of Fortune 500 companies have unwittingly ushered into their network. They are North Korean IT workers.

Critical Vulnerability Could Give Attackers Foothold in Clinical Networks
Federal authorities and industry officials are urging healthcare sector entities to address a critical flaw in BeyondTrust Remote Support and Privileged Remote Access software, which if exploited, could give an attacker a foothold inside a hospital or clinic network.

Researchers Say PromptSpy Automates Persistence on Infected Devices
A newly discovered Android malware strain, "PromptSpy," is using Google's Gemini generative artificial intelligence model to automate part of its persistence mechanism, marking what researchers describe as the second known case of AI-driven mobile malware.

AI-powered ransomware compresses attacks from weeks to minutes. Michael Villar, director of field security technology at Akamai, says banks need AI-driven segmentation to contain intruders fast, limit lateral movement and protect sensitive data before extortion begins.

Also: EU Bans AI Tools, Notepad++ Secures Updater, Apple Patches iOS Zero-Day
This week, Cambodia shuttered 200 scam centers. EU Parliament banned AI tools. Canada Goose disputed a ShinyHunters leak. Notepad++ patched an updater flaw. Apple fixed a decades-old iOS zero-day. BeyondTrust and Dell patched critical flaws under active exploitation.

Analysts Urge Mandatory Guardrails on AI Agents, Identity and Privilege
Security leaders are pressing Treasury to embed enforceable guardrails - covering adversarial testing, AI inventory, identity privilege mapping and real-time monitoring - into its forthcoming financial-sector AI guidance as deepfake fraud, data poisoning and autonomous agent risks escalate.

Hospital, ER Open but All Clinics, Elective Care Cancelled Statewide; FBI Called In
The University of Mississippi Medical Center on Thursday said a ransomware attack has triggered its emergency operations plan and forced its hospitals to cancel all clinic and elective procedures at all locations statewide.

Ransomware, Lack of Visibility, Mischaracterizations and Nation-States, Oh My
There is a silent epidemic of ransomware attacks on commercial operational technology systems, which are mischaracterized as IT incidents even though they impact operational systems, claims a comprehensive annual review of cyberattacks targeting OT, published this week by security firm Dragos.

$300M Acquisition Strengthens Palo Alto Networks' XDR and AI Governance Platform
Palo Alto Networks plans to acquire Koi Security for $300 million to address growing AI-driven endpoint risks. The startup's technology adds deep visibility into AI agents plug-ins and nonbinary code, enhancing Cortex XDR and Prisma AIRS as enterprises confront a growing unmanaged AI attack surface.

Founder, CEO Martin Mao: AI-Driven Remediation, Data Optimization at Core of Deal
Palo Alto Networks' acquisition of Chronosphere will help unify observability and security operations. The integration with Cortex AgentiX and Cortex XSIAM aims to automate remediation, optimize telemetry pipelines and help enterprises manage soaring data volumes from cloud-native and AI workloads.

Router Maker Accuses Rivals, Competitors of Smear Campaign
The Texas attorney general invoked state consumer protection law to sue Wi-Fi router maker TP-Link Systems for misrepresenting its connections to mainland China and the security of its ubiquitous devices. The suit says TP-Link should be forced to declare that their products are made in China.

New Trojan May Soon Be Offered for Sale to Criminal Underground
Security researchers warn of "Massiv," an Android Trojan - disguised as an IPTV app - targeting users who sideload streaming apps. The malware enables screen capture, overlays and credential theft - and may soon be marketed on criminal underground forums as malware as a service.

Researchers Say AI Prompt Injection Has Emerged As a Dangerous New Class of Attacks
The large language model industry has mostly treated prompt injection attacks as a risk analogous to traditional web server prompt injection attacks. Researchers now say feeding rogue instructions to an artificial intelligence system merits its own classification as "promptware."

Incident Responders Detail Top Ransomware and Business Email Compromise Tactics
There's no need to invest into sophisticated hacking operations when moving fast and exploiting well-trod techniques gives threat actors all the access they want. Threat actors are prioritizing "low-complexity entry points, rather than investing in sophisticated exploits," say incident responders.