DataBreachToday.com

NAV Canada CISO Tom Bornais on Keeping IT and OT Systems Running
With threats targeting aviation infrastructure, NAV Canada CISO Tom Bornais explained how his team focuses on building resilience rather than chasing perfection. He outlined why internal alignment, incident simulation and supply chain security are critical to defending IT and OT systems.

Global Tech Debt Impedes Growth as AI, Cloud and Legacy Systems Collide
Technical debt is no longer just a developer's dilemma; it's a global business risk. As companies cling to legacy systems and monolithic code, modernization efforts stall. Rising costs, slower delivery and AI limitations highlight the urgent need for scalable, future-ready architectures.

Experts Call for Whole-Business Planning to Protect Patients and Operations
When a hospital, healthcare system or one of their critical third-party vendors is hit with a ransomware attack, all hell can break loose quickly. That can mean diverted ambulances, cancelled patient appointments, business processes put on hold and other critical operations stopped.

Surge in AI and Non-Human Identities Drives Demand for More Powerful Access Control
Amid rising complexity from AI agents and non-human identities, ConductorOne has raised $79 million in Series B funding. CEO Alex Bovee said the company aims to expand its identity platform, simplify access control and help security teams address evolving threats in hybrid environments.

Attorney Jonathan Armstrong on Vetting Job Applicants, Red Flags and Compliance
North Korean operatives are using fake identities and remote job listings to bypass sanctions and infiltrate companies. But employers can avoid becoming unwitting accomplices, said legal expert Jonathan Armstrong, who advises firms to adopt stronger vetting practices and structured investigations.

Intigriti's Ed Parsons on How Regs Are Pushing Firms Toward Proactive Security
The NIS2 Directive has driven significant improvements in vulnerability management across Europe. Organizations are accelerating vulnerability discovery by engaging with crowdsourced security communities and ethical hackers, said Ed Parsons, chief operations officer at Intigriti.

Midsize Businesses Need Skilled Professionals as Threat Actors Shift Their Tactics
As large enterprises continue to strengthen their defenses and reduce ransom payouts, ransomware operators are redirecting their attention toward midsize organizations. This shift has increased the urgency for adaptable, well-trained cyber professionals who can tailor enterprise-grade protections.

US Cites Risk of Treaty Being Weaponized by Authoritarian Regimes, Privacy Concerns
The U.S. declined to sign the new U.N. cybercrime convention despite support from 72 nations and its backing by Russia and China over fears it could be exploited by authoritarian states to legitimize surveillance, censor dissent and pressure cross-border data cooperation.

2nd Round of Layoffs Since 2022 Comes 2 Months After $150M Email Security Purchase
Varonis cut 5% of its workforce and saw its stock price nosedive after disclosing a sharp drop in renewal rates for its on-premise subscription business. The underperformance of the federal vertical caused a notable headwind for Varonis despite it accounting for just 5% of annual recurring revenue.

Azure Outage Comes a Week After a Cloud DNS Error Disrupted AWS Users
Microsoft's Azure cloud and 365 systems suffered an outage at noon on Wednesday because of a configuration error - hours before its quarterly earnings call and about a week after rival AWS underwent a widespread outage that shut down applications and services for most of the day.

Treasury Yet to Release Sector-Specific Controls and Reimbursement Mechanisms
Australia introduced the world to the first-ever Scam Prevention Framework law that promised to make the country the hardest place on earth for fraudsters. Eight months later, it's trapped in bureaucratic limbo - passed, praised and still waiting to work.

Add-On EMV Features Put Merchants at Risk to High-Charging 'Free Lunch' Crooks
Variations in how EMV ecosystem players implement the standard, as well as a bevy of features they've bolted on - transit modes, offline payment restrictions - have been "overloading" the specification and introducing exploitable vulnerabilities, warn a team of researchers.

Agency Warns Vertikal Systems Vulnerabilities Could Help Hackers Access Data
U.S. federal authorities are warning about vulnerabilities in hospital information management systems from Romanian firm Vertikal Systems that could allow hackers to obtain and disclose patient data. The affected systems are used mostly by smaller hospitals and clinics outside the United States.

Staff Allegedly Took Photos, Posted Pics on Social Media Without Patient Consent
A Florida hospital is facing several lawsuits filed by patients who alleged staff members used their personal phones to take and post humiliating photos on social medial of the patients without their consent while they were asleep or medicated, and semi-undressed.

Thousands of Windows Server Update Services Observed Online
Warnings over hackers exploiting a Windows Server Update have compounded since Microsoft rushed out a patch Friday against a flaw allowing unauthenticated attackers to execute arbitrary code.

Nonprofit Foundation Holds Equity, Oversight Around $130B For-Profit Corporation
The nonprofit OpenAI Foundation now controls a $130 billion for-profit arm after a recapitalization process approved by attorneys general in California and Delaware. The nonprofit retains governance authority and will fund global health and AI risk mitigation programs, backed by regulatory approval.