DataBreachToday.com

Lawmakers Demand Answers From UHG Amid New Breach and Growing Fallout
When you've been the victim of the largest health data breach in U.S. history, and you've been under intense public and regulatory scrutiny for months, the last thing you want to do is to report another major breach less than a year after the last one. But that just happened to UnitedHealth Group.

Chipmaker Argues Against Growing Interest in US to Require New Security Measures
Artificial intelligence chip-making powerhouse Nvidia is rejecting claims from China’s top cyber agency that its H20 chips include location tracking and kill-switch features - while warning U.S. lawmakers against requiring those capabilities in future chip designs.

Also: Ukrainian Hackers Find Evidence of Russian Child Abduction
This week, a Chinese duo arrested in Los Angeles for illegal artificial intelligence chip exports back to China, France extradited an accused Nigerian hacker, Ukraine hacked Crimean servers, Florida prison email leak, Tea App clone exposed users’ IDs.

4 Bugs Affecting at Least 6,500 Camera Servers Enable Pre-Auth Attacks on Devices
Researchers who uncovered four severe flaws in Axis Communications' video management and camera software say thousands of internet-connected surveillance systems are vulnerable to remote attacks. Attackers can execute arbitrary code without authentication.

ShinyHunters May Have Struck Again
Airlines Air France and KLM said they suffered a data breach involving a third-party service storing customer data. The alert comes as the ShinyHunters extortion group continues to target Salesforce-using organizations and trick them into sharing direct access to their customer data.

Also: Samourai Wallet Co-Founders' Guilty Plea, Coinbase Loss From Data Theft
This week, Tornado Cash co-founder convicted, Samourai Wallet guilty plea, Coinbase insider data theft, a U.S. court overturned an OpenSea executive's fraud conviction, AI-written malware stole crypto, Credix exploit, CZ sought dismissal of FTX claim, July hacks and a FinCEN crypto ATM warning.

CISA Issues Emergency Directive Requiring Federal Agencies to Fix Flaw
A vulnerability in Exchange hybrid deployments could allow attackers to escalate privileges and gain administrative access to cloud-based environments. Microsoft said Tuesday there is no evidence of its exploitation and "strongly" recommended installing hot fix updates made available in April.

OpenAI CEO Says AI Has Beaten Voice Recognition, But Experts Disagree
OpenAI CEO Sam Altman recently claimed that artificial intelligence has "fully defeated most of the ways that people authenticate currently, other than passwords." A host of security experts disagree and point out that passwords got us into this authentication mess to begin with.

Interlock Claims to Have 1.5TB of DaVita's Data as Expenses Mount
DaVita Inc., one of the largest kidney dialysis providers in the world, told regulators that an April cyberattack has cost the company $13.5 million so far and has affected more than one million people in the U.S., and counting. Interlock says it's behind the data theft and ransomware attack.

Inskit Researchers Uncover Clusters in Hungary, Saudi Arabia
Security researchers uncovered a previously unseen malware cluster associated with Israeli spyware maker Candiru. The company may have rebranded itself to evade sanctions to continue its operations. It continues to operate despite its inclusion in 2021 onto an exports blacklist by the United States.

Cyber Volunteers Can Gain Real-World Experience While Protecting Communities
When people think about a career in cybersecurity, they often picture certifications, technical exams and entry-level jobs that require years of preparation. For those coming from non-traditional backgrounds, the journey can feel like a dead end. But what if there were other ways to explore it?

Researchers See 'Acceleration' in Existing Threats, Ongoing Criminal Success
Cybercrime so far this year can be summarized as featuring "more of everything," with researchers tracking increases in the number of ransomware and data breach victims, credentials stolen by infostealers, and new vulnerability disclosures with exploits coming to light.

CISA Lists Flaws as Actively Exploited
Hackers are actively exploiting years-old flaws in obsolete Wi-Fi cameras and video recorders made by D-Link, warn U.S. cybersecurity authorities. Possibly Chinese hackers have used one of the flaws to implant HiatusRAT malware. "Attackers don’t care if a vulnerability is new or old."

Cursor Patched Flaw Days After Disclosure, Says Check Point
Check Point researchers found a RCE flaw in Cursor, an AI-powered code editor, by manipulating a previously approved model context protocol configuration. Once a developer approved a configuration file for an MCP server, any future changes to that file could be executed without further prompts.

AI Powerhouse Releases Its First Public Model in 6 Years
OpenAI released its first open-weight reasoning models since GPT-2, unveiling gpt-oss-120b and gpt-oss-20b under the Apache 2.0 license. With performance approaching o-series benchmarks, the models are designed specifically for reasoning tasks.

Voice Phishing Attacks on Salesforce Users Remains Repeat ShinyHunters Tactic
Technology giants Google and Cisco separately said they've both suffered recent data breaches after attackers socially engineered their employees via voice phishing attacks, leading to a breach of their customer relationship management software, exposing customer data.

Ransomware, Data Thefts, Other Attacks Continue to Plague Health Sector
Recent hacks on a provider of sleep disorder diagnostic gear and services, a network of medical imaging facilities and a multi-disciplinary cancer care center have affected nearly 800,000 patients. The breaches are among the latest rash of cybercriminal attacks plaguing the healthcare sector.

Dutch Servers Restored Following Moscow-Led Attack
The Dutch Public Prosecution Service on Monday began phased restoration of its networks after a cyberattack last month forced the agency to take down its services offline. The agency confirmed that hackers exploited a vulnerability in a Citrix device.

$100M State Cyber Grants Mark Major Drop in Federal Support Despite Growing Demand
The federal government announced a final $100 million round of cybersecurity grants aimed at boosting state and local defenses, but experts warn the funding signals a broader shift in responsibility to under-resourced governments facing escalating threats without sustained federal support.