DataBreachToday.com

Also, North Korean Hackers Remotely Wipe Android Devices
This week, the U.K. government probed Chinese electric buses for a kill switch, APT37 abused Google's Find Hub in South Korea, Conduent said its January hack will cost it more, Hyundai disclosed a breach and Patch Tuesday. OWASP added two new categories to its Top 10 web application vulnerabilities.

Vigilance Cyber Security's Moriah Hara on AI Automation and Responsible AI
Mohira Hara, CISO and AI security, risk and governance consultant at Vigilance Cyber Security, says AI is reshaping financial services by accelerating anti-money laundering efforts, automating SOC functions and driving stronger governance frameworks that make CISOs central to managing AI risk.

Documents Will Spotlight 5 Critical Risk Areas, Best Practices for Healthcare AI
The healthcare sector faces an array of complex cyber risk considerations involving artificial intelligence. The Health Sector Coordinating Council is rolling out a series of guidance documents to help these organizations navigate a long list of AI cybersecurity challenges.

CISA Pre-Shutdown Staffing Levels, State Grant Program to Be Restored Under Plan
A congressional funding bill would reverse shutdown-era layoffs at the Cybersecurity and Infrastructure Security Agency and restore the $1B State and Local Cybersecurity Grant Program, temporarily stabilizing the agency’s operations and buying Congress time for long-term reforms.

Legislation Proposes More Regulations for Greater Swath of the UK Economy
The British government introduced Wednesday long-anticipated cybersecurity legislation aimed at tackling disruptive hacks targeting critical national infrastructure. Companies that run afoul of the new regulations could face daily fines that amount to 10% of their global revenue.

Ransomware Attack on British Pathology Lab Disrupted Patient Care for Months
British pathology laboratory services firm Synnovis has completed a forensics review of data stolen in a June 2024 ransomware attack and is notifying affected healthcare organizations. Those providers will be responsible for notifying their own affected patients, if deemed necessary, the firm said.

Nacha's Devon Marsh on Banks Proving They 'Reasonably Intended' to Identify Fraud
Nacha's 2026 rule amendments pivot from "commercially reasonable" to "reasonably intended" fraud detection standards. Nacha's Devon Marsh explains what this shift means for RDFIs and ODFIs and how banks and financial institutions can define and demonstrate reasonable practices.

Why Traditional Logs Can't Explain What Happens Inside a Rogue AI Model
Logs are where cybersecurity teams spot how and when the break in occurred. For a new type of attack, logs will be worthless - a condition that will especially challenge digital responders as artificial intelligence systems become more ubiquitous.

Lawmakers Include Extension of Cyberthreat Sharing Law in Shutdown Resolution
A statute underpinning corporate cybersecurity information sharing may come back into effect along with funding to reopen the U.S. federal government after six weeks of being shutdown. The Cybersecurity Information Sharing Act of 2015 expired the same day Washington shut down on Oct. 1.

Orbital Frontier Is the Next Ungoverned Internet, and We Have Left It Open to Attack
The orbital frontier is the next ungoverned internet - a vast, vulnerable network of over 11,000 satellites without a cybersecurity framework. As nations race to commercialize space, we've left the orbit open to attack. Who will govern space cybersecurity?

Steve Lenderman of isolved on Cross-Device Challenges, User Adoption Strategies
Steve Lenderman, head of fraud prevention at isolved, discusses the shift to passwordless authentication, addressing adoption challenges across multiple devices, the link between cybersecurity and fraud prevention, and how behavioral analytics will shape identity verification in 2026 and beyond.

AGs Cite Security Failures Leading to Illuminate Education's Late 2021 Data Theft
A California-based vendor of software used to collect and analyze student data, including records of children with disabilities and special educational needs, has been fined a total of $5.1 million by the attorneys general in three states in the wake of a 2021 hack that affected 3 million people.