DataBreachToday.com

JavaScript Repository Contends With Wormable Malicious Code
An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has called one of the most severe JavaScript supply-chain attacks so far. A malicious script exfiltrated data to GitHub repositories named "Shai-Hulud."

New Safeguards Follow Teen Suicides Linked to ChatGPT and Other AI Chatbots
OpenAI is rolling out new safeguards in ChatGPT to protect younger users by adding age estimation tools and, in some cases, requiring ID verification for those claiming to be over 18. The move follows growing scrutiny over the impact of chatbots on teenagers.

AP2 Protocol Introduces 'Mandates' to Keep Agent-Led Spending Accountable
Artificial intelligence agents can now shop so consumers don't have to - but the non-human shoppers will need a signed permission slip first. Google on Wednesday announced the launch of an "agent payments protocol," which creates a framework for AI-driven purchases.

Startup Plans Unified Remediation for Misconfigurations and Patching, Compliance
Remedio has landed $65 million in funding to develop tools that go beyond detection and automate secure remediation. CEO Tal Kollender says the goal is faster growth, a bigger U.S. sales footprint, and delivering a platform that closes the gap between risk visibility and action.

South Dakota, Florida Ophthalmology Breaches Among Recent Medical Specialty Attacks
Two separate hacks on ophthalmology practices in South Dakota and Florida have affected more than a quarter-million patients. The cyberattacks were among the latest of several major data breaches reported in recent months by eye care providers.

Prosecutors Asked Court to Sentence Conor 'Pompompurin' Fitzpatrick to 188 Months
Conor Brian Fitzpatrick, founder and administrator of the first iteration of the BreachForums cybercrime forum, received a three year prison sentence during a Tuesday resentencing in a Virginia federal court. Better known online as "Pompompurin," 22-year-old Fitzpatrick pleaded guilty in July 2023.

Acquisition Pairs GenAI User Protection With Controls for AI Agents, Models, Apps
Check Point’s acquisition of Lakera adds application-layer protection to its GenAI Protect offering. The deal brings together two product teams focused on securing enterprise AI deployments end-to-end - from user behavior to model-level interactions - amid rising threat activity.

Series C Funding to Drive R&D, Fuel Vision for End-to-End Compliance Capabilities
Texas-based fraud detection startup Seon closed an $80 million Series C funding round to support its shift toward an all-in-one AML and KYC compliance platform powered by AI, as it pursues aggressive international expansion and deeper product integration.

Steganography, Mobile Marketing Attribution, Code Obfuscation Deployed for Ad Fraud
A cybercrime crew using Android mobile apps to conduct advertising fraud took unusual pains to hide its activity, concealing malicious code in downloadable digital images and holding off from infecting the subset of users who organically found their apps through the Google Play store.

Recent, Targeted Attacks Suggest Undercut Group's Claimed 'Going Dark' Retirement
Elements of the notorious ransomware collective lately calling itself Scattered Lapsus$ Hunters appear to be targeting fresh victims, including a U.S. banking organization if not the sector at large, despite a member of the group claiming it would be "going dark" and retiring.

Economic Losses of Carmaker, Suppliers Piling Up
British auto manufacturer Jaguar Land Rover will extend a production pause until late September as it enters its third week of contending with a cyber incident that forced it to shut down assembly lines across the globe.

Cybercrime Group ShinyHunters Advertises 160 Million Stolen Records
Vietnam's central bank is probing a hack attack that breached its credit reporting division, exposing personally identifiable information. The cybercrime group ShinyHunters claimed credit for the breach, advertising on a cybercrime forum 160 million stolen records for $175,000.

Live Hacking Event Offers New Insights Over Traditional Testing
In today's threat landscape, as attackers grow more sophisticated, organizations are finding that direct collaboration between ethical hackers and development teams offers advantages traditional testing methods can't always match.

Will Funding Offset Bigger Cuts Planned for Rural Health Under Big Beautiful Bill?
The Department of Health and Human Services has rolled out a $50 billion grant program to "transform" rural healthcare. The program - authorized under the "Big Beautiful Bill" - includes investment opportunities related to IT and cybersecurity. But is it nearly enough?

HyperComply's AI Automation Reduces Vendor RFP Questionnaire Work by 92%
SecurityScorecard is acquiring HyperComply to streamline third-party risk assessments with AI that automates most security questionnaire responses. The deal supports SecurityScorecard’s shift from ratings-only to a full solutions platform for mitigating supply chain risk.

Announcement Provokes Skepticism in Cyber Community
A band of adolescent hackers behind attacks against airliners, insurers and casinos in the United Kingdom and the United States on Friday said they are shutting down their operations. Scattered Lapsus$ Hunters posted a semi-coherent screed announcing a decision to "go dark."

Vastaamo Hacker Aleksanteri Kivimäki Is Free, For Now
A Helsinki court ordered the release of Finland's most notorious hacker pending the resolution of his appeal of a conviction stemming from the theft of psychotherapy records of 33,000 individuals. Aleksanteri Kivimäki was convicted last year for hacking into now-defunct psychotherapy chain Vastaamo.