DataBreachToday.com

MuddyWater Hides Malware With Game Delay Technique
Iranian nation-state hackers took inspiration from a mobile phone time-killing mainstay, say security researchers who spotted hackers downloading malware masquerading as the Snake video game. A callback to the game isn't nostalgia, say researchers at Eset.

Rapid7's Christiaan Beek on Ransomware Tactics and How to Mitigate Attacks in 2026
Ransomware attacks are reaching record highs, and 2026 may be even worse, said Christiaan Beek, senior director of threat intel and analytics at Rapid7. He warns that hackers are exploiting vulnerabilities as soon as they're disclosed, and they're focusing on flaws in devices on the network edge.

Hackers Could Adjust Life Support Settings of At-Home Life 2000 Ventilation System
The Food and Drug Administration is warning that Life 2000 - an at-home ventilation system built by medical device maker Baxter - has been permanently recalled due to a cyber issue that could allow individuals with physical access to tamper with the gear's life support settings.

Proposed Tech Modernization Fund Allocation Falls to $5M Despite Bipartisan Support
Congressional appropriators have proposed significant reductions to federal cybersecurity and modernization initiatives in the 2026 budget, signaling a potential retreat from centralized cyber federal oversight even as agencies struggle with aging infrastructure and escalating nation-state threats.

Microsegmentation no longer remains a buzzword. In today's threat landscape, organizations are adopting it as a frontline defense against cyberattacks and higher cyber insurance premiums. About 90% of organizations are using some form of segmentation, according to Akamai's 2025 Segmentation Impact Study.

E-Commerce Face Existential Threat as Autonomous Shoppers Bypass Ads
The online retail industry spent decades honing how to nudge people into clicking the buy button. Now it faces a customer who doesn't want anything at all: the artificial intelligence shopping agent. Agentic commerce could hollow out retail media and force a shift in how platforms monetize.

Move Comes After Ruling in Separate Case Discarded HIPAA Reproductive PHI Changes
The state of Texas has dropped a federal lawsuit filed against the U.S. Department of Health and Human Services that sought to vacate the 25-year-old HIPAA privacy rule, as well as 2024 rule changes under the Biden administration that prohibit the disclosure of reproductive health information.

Also: Prompt Injection Complicates Digital Forensics, Why AI Seems So Deceptive
In this week's ISMG Editors' Panel, four editors unpacked India's new data protection rules, the digital forensic implications of prompt injection attacks and the reasons why artificial intelligence tools so often seem to display deceptive behavior.

Innovation Continues, Although Sloppy Coding Can Still Leave Data Unrecoverable
Ransomware groups continue to display more innovation, persistence and planning in their quest to amass ransom-paying victims and maximize profits. This has included repeat supply-chain attacks, harvesting credentials to use in later campaigns, as well as launching their own affiliate programs.

ChatGPT Maker Probes Third-Party Data Breach; OpenAI API Users' Information Exposed
OpenAI has temporarily ceased use of Mixpanel after the analytics firm disclosed a breach affecting profile data of the artificial intelligence giant's API platform users. The company is notifying impacted organizations and watching for signs of data misuse.

Uncovered: Typosquatted Domains Linked to Suspected Ransomware Group Campaign
Continuing its targeting of customer data, the cybercrime group Scattered Lapsus$ Hunters appears to be gearing up for large-scale attacks involving typosquatted domains that lead to phishing domains designed to steal Zendesk users' valid credentials, warn security researchers.

New York State's stringent new cybersecurity requirements for many hospitals will have a ripple effect, raising the security bar and expectations for healthcare providers across many other states, predicts Chris Stucker, deputy CISO at Wisconsin-based Froedtert ThedaCare Health.

Ground Stations a Top Target in Any Future Conflict, Warns Intelligence Official
Space is becoming a domain of warfare, with private sector companies' planet-side infrastructure on the front lines - and the first shots will likely be fired in cyberspace, a senior U.S. intelligence official warned this month. "If someone owns the ground station, they own the satellite."

Also: npm Packages Infiltrated, FBI Issues Fraud Alert, Campbell's Soup Cans CISO
This week, a recently fixed Oracle flaw is being actively exploited, Shelly tackled Pro 4PM DoS bug, "Shai-Hulud 2.0" hit npm, the FBI warned of rising bank account takeover scams, regulators fined Comcast over a vendor breach, Iberia reported a supplier incident and Campbell's canned its CISO.

Public-Private Cooperation Key for Ransomware Mitigation, Says Anne Neuberger
Ongoing, high-profile ransomware attacks against Britain and the United States have transformed cybersecurity into a national security priority, Anne Neuberger, the former White House deputy national security adviser for cyber, said at a Wednesday event in London.

Also: UK Fraud Investigators Make Arrests in $28M Basis Markets Rug-Pull Probe
This week, World Liberty Financial scrambles to secure user funds, the U.K.'s Serious Fraud Office arrests two people over a $28M Basis Markets rug-pull probe, a Gana Payment hack drains $3.1M and Crypto Dispensers weighs a $100M sale following money-laundering charges against its CEO.

Rural and small community hospitals are continuing to face growing cyber challenges driven by limited and shrinking resources, staffing shortages, and increasingly sophisticated cyber threats, said Jackie Mattingly, senior director at privacy and security consulting firm Clearwater.

Securing the World for the Age of Quantum-Resistant Cryptography
Cybersecurity needs thinkers who can examine the logic underlying our systems, question assumptions and identify where traditional cryptography will no longer hold. The post-quantum challenge presents an opportunity for math-minded people to contribute in ways that will influence global security.

Going Beyond the Copilot Pilot - A CISO's Perspective
With 60% of businesses piloting M365 Copilot but only 6% scaling, this webinar explores why gen AI deployments stall — and what CISOs and IT leaders must know to roll out secure, compliant, and effective AI productivity tools.