DataBreachToday.com

US Cyber Defense Agency Faces Procedural Delays Blocking Director Confirmation
Sean Plankey's stalled nomination leaves the Cybersecurity and Infrastructure Security Agency without a Senate-confirmed director amid rising state-linked threats, as unrelated congressional holds tied to telecom and contracting fights freeze the process with no resolution in sight.

Bankrupt Firm Plans to Use the Settlement Money to Pay Off Cyber Claims
As part of its ongoing Chapter 11 bankruptcy proceedings, 23andMe Holding Co. - now named Chrome Holding - has reached a settlement with its cyber insurers for the carriers to buy back $16.5 million of the consumer genetics testing firm's unused cyber policy. What will the company do with the funds?

Enterprises Are Reimagining Org Roles, Risk Management and Skillsets in the AI Race
Organizations are beginning to reimagine how leadership roles should be structured, aligned and empowered as they grapple with regulatory pressures, the unpredictable nature of AI systems, and the need for operational resilience in an increasingly uncertain business climate.

Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for 'Evil Twin' Hack
This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth's Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi "evil twin" crimes. The US FTC will send $15.3 million to Avast users. A London council said attackers stole data.

Chinese-Linked Malware Campaign Targets Critical Environments With Weak Monitoring
U.S. and Canadian cyber authorities say Chinese state-backed actors used a backdoor dubbed BRICKSTORM to maintain long-term access into critical infrastructure, exploiting VMware environments to exfiltrate credentials and evade detection through encrypted covert channels.

Plan Aims to Modernize Workflow, Expand AI Use Across Agencies, Improve Cyber
The U.S. Department of Health and Human Services on Thursday unveiled "version 1" of a strategic plan to implement artificial intelligence as a "practical layer" across the department and its agencies aimed at helping to break down silos, improve collaboration and increase efficiencies.

Security Minister Dan Jarvis Endorses Security Researcher Protections
The U.K. government is considering amending its three-decade-old hacking law to include a "statutory defense" cover for security researchers. The announcement comes amid concerns that the law penalizes white hat hackers for essential security practices.

Skills Needed: Enterprise Architecture, Configuration and Vulnerability Management
When a critical vulnerability surfaces in ERP systems such as the Oracle E-Business Suite flaw, attackers can go well beyond a single compromised server. The flaw exposed the need for cyber professionals who understand enterprise architecture, secure configuration and vulnerability interpretation.

Federal Cuts Threaten Grid Security as Nation-State Hackings Escalate, Analysts Say
Cybersecurity leaders told Congress that U.S. energy systems are already compromised by state-backed actors - chiefly China - and warned that shrinking federal support for grid security programs threatens to worsen exposure as utilities face escalating threats with limited resources.

Mirion Medical Says Bugs Are Fixed in New Release of BioDose/NMIS Software
U.S. federal authorities are warning that several high-severity vulnerabilities discovered in Mirion Medical Co. inventory tracking software used by nuclear medicine departments could allow attackers to modify program executables and gain access to sensitive information.

Organizations are adopting agentic artificial intelligence as the next phase of AI. Kim Basile, CIO of Kyndryl, explains how organizations can prepare teams to work with agentic AI, emphasizing culture, training and governance as the crucial drivers of AI readiness and adoption.

China Still Relies on US Technology, Experts tell Senate
Washington spent years constructing export barriers around America's most sensitive artificial intelligence technology. Witnesses told the U.S. Senate Foreign Relations Committee that China is finding ways to move around them. Where one pathway closes, Beijing opens another.

Attackers Could Hijack Developer Machines via Tampered Config Files
OpenAI patched a command injection flaw in its Codex CLI tool that let attackers run arbitrary commands on developer machines by hiding malicious configuration files inside code repositories. Hackers could turn ordinary repository files into execution vectors.

CEO Matt Garman Shares Plans for Developing Billions of Autonomous Agents
For two decades, AWS has been the undisputed leader in cloud computing, but listening to AWS CEO Matt Garman at the re:Invent 2025 conference, the future isn't in the infrastructure layer. Garman envisions a fundamental shift from applications in the cloud to a cloud of autonomous AI agents.

Government Opts for Voluntary Frameworks Over Enforceable Safeguards
Australia's federal government has quietly shelved the mandatory AI guardrails it proposed just three months ago, replacing enforceable requirements with voluntary guidance in its National AI Plan released today.

Chinese Developer Formerly Employed by Company Suspected of Data Theft
South Korea's biggest online retailer, Coupang, said a five-month breach exposed personal data pertaining to 34 million customers, and only came to light after it received an extortion demand. Police said a former developer at the company, a Chinese national who fled the country, is a suspect.

Industry Wants to Stick to Voluntary Measures
U.S. telecommunications networks are still vulnerable to foreign intrusion, national security and industry panelists told senators during a Tuesday hearing, warning that China and other adversaries are refining long-term access into American infrastructure.

Class Action Litigation Alleges Web Trackers Shared Patient Data With Tech Firms
Kaiser Permanente has agreed to pay up to $47.5 million to settle litigation stemming from its use of tracking codes in its websites, patient portals and mobile apps. Claimants alleged the trackers unlawfully shared patients' information with third parties, including Google and Microsoft.