Ransomware DataBreachToday.com

A Single Developer Downloaded a Poisoned VS Code Extension, and Now Look
GitHub warned late Tuesday that hackers stole roughly 3,800 internal repositories from the Microsoft-owned platform after a developer used a poisoned VS Code script, which is developed by Microsoft. TeamPCP and Lapsus$ appear to be cooperating to sell the stolen data for $95,000.

Dell Conference Speakers Say 67% of AI Innovation Is Running Outside the Cloud
Dell predicts up to $4 trillion in AI infrastructure investment by 2030, with 67% of AI workloads are already run outside the cloud. If this estimate is even roughly correct, the idea that enterprise AI mainly exists in hyperscaler environments is more of a forced narrative than a market reality.

Incident Involved an Unnamed Third-Party Vendor
New York City's municipal healthcare system is notifying nearly 2 million patients of a hacking incident discovered earlier this year involving a third-party vendor. The breach compromised a long list of information, including biometric data such as fingerprints.

Commission VP Henna Virkkunen Pledges Action in Tuesday Parliamentary Session
The European Commission is defending its response to the advent of artificial intelligence models with strong cybersecurity bug dissecting capabilities while promising measures to protect the European Union from what many expect to be an imminent onslaught of AI-powered attacks.

Appeals Court Weighs Pentagon Authority Over Frontier AI Providers
A majority of judges on a U.S. federal appeals court appeared disposed to allowing Defense Secretary Pete Hegseth to bar Anthropic from future military work for posing national security risk. Oral argument held Tuesday in the U.S. Court of Appeals for the D.C. Circuit was Anthropic's latest salvo.

Researchers Identify 455 Malicious Apps Tied to Global Malvertising Campaign
Cybercriminals used malicious Android apps to funnel unwitting users to an ad fraud scam that generated up to 659 million daily bid requests, reports Human Security. The scam has spanned 455 malicious Android apps and is linked to 183 threat actor-owned command-and-control domains.

AI Rebuilds $50B Pharma Giant's Thinking, Plan Could Help Every Data-Driven Firm
GSK is redesigning pharmaceutical research around AI, from data infrastructure to autonomous scientific agents. Its platforms accelerate hypothesis generation, imaging analysis and drug discovery workflows, offering CIOs a blueprint for enterprise-scale AI transformation in regulated industries.

Musk's Claims Against Altman and Microsoft Dismissed After Less Than Two Hours
A federal jury took less than two hours to dismiss Elon Musk's lawsuit against OpenAI and Sam Altman, finding his claims were filed outside the statute of limitations. The verdict clears the path for OpenAI's planned IPO at a valuation nearing $1 trillion.

Satellites Will Be Newest Cyberwar Front
Now that space is becoming a battlefield, cyberwar will be waged there, experts predict, and the race is on to develop cyber defenses that can protect new satellite constellations from foreign cyber-warriors, online spies and even criminal hacker gangs.

AI Adoption Is Accelerating, but Workforce Capability Isn't Keeping Pace
Technology will continue to evolve. AI will embed itself across enterprise environments and attack surfaces will expand regardless of organizational readiness. The real challenge lies on the upskilling side, where the gap is widening - often without immediate visibility.

3-Week Court Battle Exposes Dark Side of AI Vendors and Their Promises
The Musk v. Altman trial produced something more unsettling than a verdict. It revealed an AI industry built on promises that turned out to be negotiable, governed by people whose colleagues called them liars under oath. Enterprise buyers should be paying attention.

Ransomware Payouts, AI-Driven Threats and Reshaping Payment Fraud
In this week's panel, four ISMG editors discussed a ransomware case that once again raises questions about paying extortionists, why security leaders fear AI is accelerating attacks faster than humans can respond and how the rise of instant payments is reshaping fraud programs at banks.

License Frontier AI to Practice Medicine, Argues JAMA Article
Scrutiny is intensifying around the quickly evolving role that AI is playing in healthcare. That includes issues around the transparency and safety of consumer health chatbots and also whether a new clinical AI licensing framework is necessary to protect the integrity of medicine.

Driftnet Acquisition Adds Real-Time Visibility Into Exposed Assets and AI Risks
SecurityScorecard acquired internet reconnaissance startup Driftnet to expand real-time visibility into hidden infrastructure, exposed assets and AI-driven third-party risks while strengthening threat hunting, attribution and internet-scale intelligence capabilities.

Broken vdaemon Peering Authentication Enables Unauthenticated Admin Access
A maximum-severity vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited, giving attackers administrative privileges without authentication. The authentication bypass vulnerability stems from a broken peering authentication mechanism.