DataBreachToday.com

Weak State Controls and AI-Generated Documents Fuel Surge in Synthetic Entity Fraud
Fraudsters are exploiting weak state controls to create synthetic businesses for less than $150, with potential payouts of more than $100,000 for each fake identity. Synthetic entity fraud has rapidly shifted from a niche threat to a mainstream risk, said Dun & Bradstreet's Andrew La Marca.

Startup Uses AI Agents to Support Proactive Security and Scale Development
With a $36 million investment, Clover Security plans to expand its suite of AI agents that automate security reviews and improve collaboration with developers. The company says this proactive approach helps manage risks introduced by AI-driven software creation.

Regulators Question Whether Google Compensates Publishers for Auto Summaries
Google faces a fresh probe into its competitive practices after the European Union said it will investigate the search engine giant's propensity to convert web content into fuel for its artificial intelligence models. The commission said the investigation is a "matter of priority."

Data Theft Incidents Are Among the Latest Hacks Against Specialty Medical Providers
Two specialty healthcare providers - a Florida-based firm that provides hospice services in several states and a Pennsylvania-based eye care practice - are notifying nearly 520,000 people that their sensitive health information was compromised in separate hacking incidents.

Patch Now, as Scans and Hack Attempts Happening 'at Scale,' Security Experts Warn
Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn. React is used by an estimated two-fifths of the world's top 10,000 websites.

Clop Ransomware Group Targeted NHS Barts Health in August
A National Health Service hospital is seeking assistance from the U.K. High Court to stymie a potential data leak tied to a ransomware hack. The hospital, NHS Barts, said ransomware group Clop targeted its network in August.

WormGPT 4 Sells for $50 Monthly, While KawaiiGPT Goes Open Source
The cybercrime-as-a-service model has a new product line, with malicious large language models built without ethical guardrails selling on Telegram for $50 monthly or distributed free on GitHub. Others groups are taking the open-source route.

Plan Calls for Updated HIPAA Regs, Grants, Training, Enhanced Breach Reporting Data
Four U.S. lawmakers - including the chair of the Senate health, education, labor and pensions committee - are taking another stab with a bipartisan bill aimed at strengthening cybersecurity in healthcare. That includes bolstering HIPAA, and providing cyber grants and training to the sector.

Outage Briefly Took Down Zoom, LinkedIn and Other Websites
Content delivery network giant Cloudflare is investigating a brief outage early Friday that took down multiple websites. The incident marks the second outage in the span of a month, although the causes are unrelated. It stemmed from how Cloudflare's web application firewall parses requests.

US Cyber Defense Agency Faces Procedural Delays Blocking Director Confirmation
Sean Plankey's stalled nomination leaves the Cybersecurity and Infrastructure Security Agency without a Senate-confirmed director amid rising state-linked threats, as unrelated congressional holds tied to telecom and contracting fights freeze the process with no resolution in sight.

Bankrupt Firm Plans to Use the Settlement Money to Pay Off Cyber Claims
As part of its ongoing Chapter 11 bankruptcy proceedings, 23andMe Holding Co. - now named Chrome Holding - has reached a settlement with its cyber insurers for the carriers to buy back $16.5 million of the consumer genetics testing firm's unused cyber policy. What will the company do with the funds?

Enterprises Are Reimagining Org Roles, Risk Management and Skillsets in the AI Race
Organizations are beginning to reimagine how leadership roles should be structured, aligned and empowered as they grapple with regulatory pressures, the unpredictable nature of AI systems, and the need for operational resilience in an increasingly uncertain business climate.

Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for 'Evil Twin' Hack
This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth's Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi "evil twin" crimes. The US FTC will send $15.3 million to Avast users. A London council said attackers stole data.

Chinese-Linked Malware Campaign Targets Critical Environments With Weak Monitoring
U.S. and Canadian cyber authorities say Chinese state-backed actors used a backdoor dubbed BRICKSTORM to maintain long-term access into critical infrastructure, exploiting VMware environments to exfiltrate credentials and evade detection through encrypted covert channels.

Plan Aims to Modernize Workflow, Expand AI Use Across Agencies, Improve Cyber
The U.S. Department of Health and Human Services on Thursday unveiled "version 1" of a strategic plan to implement artificial intelligence as a "practical layer" across the department and its agencies aimed at helping to break down silos, improve collaboration and increase efficiencies.

Security Minister Dan Jarvis Endorses Security Researcher Protections
The U.K. government is considering amending its three-decade-old hacking law to include a "statutory defense" cover for security researchers. The announcement comes amid concerns that the law penalizes white hat hackers for essential security practices.

Skills Needed: Enterprise Architecture, Configuration and Vulnerability Management
When a critical vulnerability surfaces in ERP systems such as the Oracle E-Business Suite flaw, attackers can go well beyond a single compromised server. The flaw exposed the need for cyber professionals who understand enterprise architecture, secure configuration and vulnerability interpretation.

Federal Cuts Threaten Grid Security as Nation-State Hackings Escalate, Analysts Say
Cybersecurity leaders told Congress that U.S. energy systems are already compromised by state-backed actors - chiefly China - and warned that shrinking federal support for grid security programs threatens to worsen exposure as utilities face escalating threats with limited resources.