DataBreachToday.com

CISA Says Hackers Actively Exploit Manufacturing Operations Management Platform
Software made by a French multinational that's used to manage manufacturing across the globe is under active attack, warned the Cybersecurity Infrastructure and Security Agency in the second such warning in two months. Hackers are exploiting two vulnerabilities in the Delmia Apriso platform.

CEO Nikesh Arora: Next-Generation Security Play Ties Automation to Identity, Cloud
With new products set to launch, Palo Alto Networks is expanding its AI cybersecurity footprint. Chairman and CEO Nikesh Arora introduced the AgentiX platform, a retooled cloud approach, identity enhancements and a deal making Palo Alto the core security provider for Oracle Cloud.

Humana, BCBS Montana Are Among Clients of Conduent Hack
Conduent Business Solutions LLC has told state regulators that a hacking incident discovered in January has affected more than 10.5 million patients. Clients affected include Blue Cross Blue Shield of Montana and Humana, as well as an undisclosed number of other organizations.

Ravin Academy Records Reveal Identities of More Than 1,000 Participants
A public database of internal records from Iran's Ravin Academy - a cyber school linked to the Ministry of Intelligence - has been published online, exposing potentially sensitive data on over 1,000 trainees, including individuals reportedly tied to Western institutions.

Everest Extortion Group Lists Dublin Airport
A Russian data extortion group threatened Sunday to release passenger data putatively stolen from the Dublin Airport days after its operator said it investigated a breach stemming from a September cybersecurity incident that affected airports across Europe.

How Industrial Malware Targets Removable Media & How to Close SD Card Security Gaps.

Compendium Features Dozens of In-Depth Interviews With CEOs, CISOs and Researchers
Welcome to Information Security Media Group's Infosecurity Europe 2025 Compendium featuring cybersecurity insights from industry's top researchers, CEOs, CISOs, government leaders and more. Inside this guide, you'll find links to video interviews created by ISMG.Studio.

Airport Baggage Carousels Are Weapons, in the Right Hands
Consider the airport baggage carousel. It's big, clunky and tedious to wait by. But look at it like a war planner does, and it's suddenly very different: An almost certainly poorly secured technology system that foreign adversaries could exploit to disrupt military mobilization across the United States.

March Breach Affected Nearly 5.6 Million; NextGen Proposed Settlement Also Reached
Connecticut's largest healthcare network - Yale New Haven Health System - has agreed to pay $18 million to settle class action litigation filed in the aftermath of a March hack affecting nearly 5.6 million people. The incident ranks as the biggest health data breach reported so far in 2025.

Pension Funds Say Fortinet Leaders Misled Market With Overly Rosy Refresh Outlook
Public pension funds filed securities fraud lawsuits claiming Fortinet misled investors by overstating the value and timing of a major firewall refresh cycle. The lawsuits allege the refresh involved outdated products and had limited business impact, contradicting Fortinet's upbeat public messaging.

Forrester's Brent Ellis and Dario Maisto on Lessons Learned for Large Enterprises
The cascading outage across the U.S. East Coast triggered this week by a domain name system failure in an AWS DynamoDB service demonstrates the risks of deep architectural dependencies and the challenges of building true multi-region cloud resilience, said Forrester's Brent Ellis and Dario Maisto.

Also: Astra Nova RVV Token Plummets, Canada Fines Cryptomus $126M
This week, U.S. President Donald Trump pardoned Changpeng Zhao, Astra Nova RVV token plummeted, an investor lost $3M in a wallet breach linked to Huione Group, Canada fined Cryptomus, a U.K. regulator sued HTX over illegal crypto promotions and hacked LuBian wallets moved $1.8B in bitcoin.

Proposed Acquisition Aims to Merge Internal Risk Data With External Threat Signals
Dataminr will acquire ThreatConnect, combining public data detection with internal intelligence to give CISOs an AI-powered, context-aware response platform. The deal is producing results for shared customers and is central to Dataminr's push toward predictive, client-specific cybersecurity tools.

Regulators Want to Know If Insurer Delayed Notifying 462,000 Affected Members
Montana regulators are investigating a breach affecting 462,000 Blue Cross Blue Shield of Montana members involving one of the insurer's service providers. The vendor, Conduent, in April notified the SEC that the data theft affected numerous clients and a "significant number" of people.

Also, Envoy Air Confirms Data Compromise Following Clop Extortion Campaign
This week, Qilin didn't hack a Spanish tax agency, Nexperia standoff, Envoy Air confirmed a data compromise, Experian Netherlands fined 2.7M euros, ToolShell used to breach global networks, flaws in TP-Link Omada and Festa VPN routers and a New York firm settled a cybersecurity investigation.

AI-Powered Threats Demand AI-Driven Defense
As AI reshapes the cyber battlefield, CISOs face unprecedented pressure to defend at machine speed. Discover how agentic AI and deep observability are transforming defense from detection to foresight.