DataBreachToday.com

Password Manager Must Pay 1.2M Pounds
The British data regulator imposed a fine of 1.2 million pounds against password manager LastPass over a 2022 data breach that exposed the data of millions of its customers. Unidentified hackers stole backup data from LastPass's Amazon Web Services S3 bucket.

The Next Major Cyber Risk Could Come Through a Biological Sample
Researchers demonstrated that it is feasible to encode executable payloads into synthetic DNA that, once sequenced and processed, could trigger malware in sequencing software. When a vulnerability in a sequencer becomes a vulnerability in national health or food security, the stakes are existential.

Lessons From Lightning-Fast AI-Based Attacks and How Cyber Defenders Should Respond
AI-based attacks will come faster and the sequence of activities will be less predictable. Cyber defenders are skilled in network analysis, incident response and cloud or identity management, but in the face of AI-based attacks, they need new skills, tools and defensive tactics.

Analysis of Seized LockBit Data Suggests Victims Who Pay Enjoy More Media Coverage
Bad news for any organization that's ever paid a ransom in a bid to avoid their breach coming to light, or for a promise from attackers to delete stolen data, with a study of seized LockBit data finding that victims who paid a ransom were more likely to see the attack get detailed in the media.

Inotiv Tells SEC 'It's Still Evaluating Full Impact and Notifying Breach Victims'
Drug research firm Inotiv in a filing with federal regulators said it is still evaluating the financial and operational impact of an August cyberattack that's linked to ransomware gang Qilin. The company is also notifying nearly 10,000 people whose data was allegedly stolen in the incident.

Goldman Sachs-Led Round Supports Harness's Push Into AI Security and Automation
With $200 million in Series E funding and a new $5.5 billion valuation, Harness will scale its AI-powered platform for security, compliance and reliability in software development. The investment will support R&D into AI agents, testing, cost optimization and security for AI workloads.

CTO Matthew Fraser Says Administrations May Change but AI Program Is Built to Last
New York City gets a new mayor on Jan. 1, and while no one knows Zohran Mamdani's plans for using artificial intelligence, the city's AI Action Plan will ensure a strong foundation for innovation, city Chief Technology Officer Matthew Fraser told attendees at The AI Summit in Manhattan on Wednesday.

Google Says Gemini Enterprise Agentic AI Model Is Ready for Banking Clients
BNY is integrating Google Cloud's Gemini Enterprise agentic artificial intelligence platform into its proprietary enterprise AI platform, Eliza. The move represents an evolution from AI as a pilot project to AI as infrastructure for the global financial services organization.

What Will Lead Next Year's Cloud Security Agenda?
As 2026 approaches, one thing is certain: Artificial intelligence adoption will continue to accelerate at an extraordinary pace. CISOs will be tasked with maintaining security and control as hybrid cloud environments grow more distributed, automated and interconnected.

Weak State Controls and AI-Generated Documents Fuel Surge in Synthetic Entity Fraud
Fraudsters are exploiting weak state controls to create synthetic businesses for less than $150, with potential payouts of more than $100,000 for each fake identity. Synthetic entity fraud has rapidly shifted from a niche threat to a mainstream risk, said Dun & Bradstreet's Andrew La Marca.

Startup Uses AI Agents to Support Proactive Security and Scale Development
With a $36 million investment, Clover Security plans to expand its suite of AI agents that automate security reviews and improve collaboration with developers. The company says this proactive approach helps manage risks introduced by AI-driven software creation.

Regulators Question Whether Google Compensates Publishers for Auto Summaries
Google faces a fresh probe into its competitive practices after the European Union said it will investigate the search engine giant's propensity to convert web content into fuel for its artificial intelligence models. The commission said the investigation is a "matter of priority."

Data Theft Incidents Are Among the Latest Hacks Against Specialty Medical Providers
Two specialty healthcare providers - a Florida-based firm that provides hospice services in several states and a Pennsylvania-based eye care practice - are notifying nearly 520,000 people that their sensitive health information was compromised in separate hacking incidents.

Patch Now, as Scans and Hack Attempts Happening 'at Scale,' Security Experts Warn
Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn. React is used by an estimated two-fifths of the world's top 10,000 websites.

Clop Ransomware Group Targeted NHS Barts Health in August
A National Health Service hospital is seeking assistance from the U.K. High Court to stymie a potential data leak tied to a ransomware hack. The hospital, NHS Barts, said ransomware group Clop targeted its network in August.

WormGPT 4 Sells for $50 Monthly, While KawaiiGPT Goes Open Source
The cybercrime-as-a-service model has a new product line, with malicious large language models built without ethical guardrails selling on Telegram for $50 monthly or distributed free on GitHub. Others groups are taking the open-source route.

Plan Calls for Updated HIPAA Regs, Grants, Training, Enhanced Breach Reporting Data
Four U.S. lawmakers - including the chair of the Senate health, education, labor and pensions committee - are taking another stab with a bipartisan bill aimed at strengthening cybersecurity in healthcare. That includes bolstering HIPAA, and providing cyber grants and training to the sector.

Outage Briefly Took Down Zoom, LinkedIn and Other Websites
Content delivery network giant Cloudflare is investigating a brief outage early Friday that took down multiple websites. The incident marks the second outage in the span of a month, although the causes are unrelated. It stemmed from how Cloudflare's web application firewall parses requests.