DataBreachToday.com

Ransomware Payouts, AI-Driven Threats and Reshaping Payment Fraud
In this week's panel, four ISMG editors discussed a ransomware case that once again raises questions about paying extortionists, why security leaders fear AI is accelerating attacks faster than humans can respond and how the rise of instant payments is reshaping fraud programs at banks.

License Frontier AI to Practice Medicine, Argues JAMA Article
Scrutiny is intensifying around the quickly evolving role that AI is playing in healthcare. That includes issues around the transparency and safety of consumer health chatbots and also whether a new clinical AI licensing framework is necessary to protect the integrity of medicine.

Driftnet Acquisition Adds Real-Time Visibility Into Exposed Assets and AI Risks
SecurityScorecard acquired internet reconnaissance startup Driftnet to expand real-time visibility into hidden infrastructure, exposed assets and AI-driven third-party risks while strengthening threat hunting, attribution and internet-scale intelligence capabilities.

Broken vdaemon Peering Authentication Enables Unauthenticated Admin Access
A maximum-severity vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited, giving attackers administrative privileges without authentication. The authentication bypass vulnerability stems from a broken peering authentication mechanism.

Researchers Say Nation-State Actors Are Evolving Persistence Techniques
An apparent Chinese nation-state hacking group gussied up its tooling with new modular functionality, say security researchers who observed a cyberespionage campaign affecting Asia-Pacific governments. The activity resembles attack patterns of the threat actor tracked as Mustang Panda

Reports: Trump Administration Approval of Nvidia H200 Sales Poses Frontier AI Risks
Trump administration discussions on AI governance with China are colliding with reports that Washington may permit expanded Nvidia H200 chip sales to Chinese firms, fueling concerns that U.S. technology access could accelerate Beijing's frontier AI and military-linked ambitions.

Will Regulators Make the May Deadline, and What Changes Will Make the Cut?
Federal regulators are scheduled to issue a rule this month finalizing a proposed massive overhaul of the 23-year-old HIPAA Security Rule. Will the Department of Health and Human Services make the deadline, and what should HIPAA regulated organization expect?

Economist Enterprise Research Reveals the Gap Between AI Optimism and Real Returns
Four out of five executives say their AI programs are beating expectations, but fewer than half track whether that's true. New Economist Enterprise research exposes where enterprise AI efforts stall and what separates firms generating real returns from those still in pilots.

Also, YellowKey Bypasses BitLocker, Škoda Breach, Kingdom Market Operator Jailed
This week, U.S. lawmakers urged action on AI, a BitLocker exploit. Škoda, Nvidia’s GeForce NOW partner and telehealth firm OpenLoop reported breaches. Patch Tuesday. A dark market operator sentenced and pro-Ukraine and Iranian-linked hacking. Nitrogen ransomware attack on Foxconn.

Akamai Says Startup LayerX's Browser Telemetry Will Strengthen Access Decisions
Akamai said its proposed $205 million acquisition of LayerX will add enterprise browser security and AI usage controls to its zero trust portfolio as enterprises grapple with generative AI data exposure, autonomous AI agents and growing demand for browser-level visibility.

Hackers Constantly Break 'Confirmation of Data Destruction' Promises
When a business that stores children's personal data gets hit by data-leaking extortionists, what should it do? For Instructure, which develops online learning platform Canvas, the answer was to pay a ransom, and tell victims, straight-faced, to have "digital confirmation of data destruction."

Proposed Bill Could Reopen Debate Over Computer Misuse Act Protections
The British government has announced plans to update cybersecurity legislation aimed at strengthening the country's digital defenses - while overhauling outdated cybercrime authorities that officials and security researchers warn are no longer fit for modern threats

Forrester's Allie Mellen on Preparing for a Mythos-Level Surge in Vulnerabilities
AI is simultaneously the biggest threat to financial system security and the most powerful tool for defending it. The IMF is sounding the alarm on systemic risk. Forrester principal analyst Allie Mellen breaks down what that means for CISOs and security teams at financial institutions.

Exaforce Says AI Agents Need Contextualized Telemetry to Avoid Bad Decisions
Agentic security operations startup Exaforce raised $125 million in Series B financing to expand an AI security operations platform that continuously contextualizes enterprise telemetry, as CEO Ankur Singla says autonomous defense systems need high-quality data to make real-time decisions.