DataBreachToday.com

Also: Cyber Insurers Brace for AI Risk, Shopping Agents Rewrite E-commerce
In this week's ISMG Editors' Panel, four editors examine how artificial intelligence is quietly reshaping trust, risk and decision-making, from identity verification and cyber insurance to the rise of AI agents in online shopping. The ISMG Editors' Panel runs weekly.

Machine-Written Pull Requests Contain 70% More Bugs
CodeRabbit analyzed 470 GitHub pull requests and found AI-generated code introduces more defects than human-written code across logic, security, maintainability and performance categories, with severity spiking higher as well. The use of AI code generation has expanded across the industry.

Former Unilever CISO to Lead Department of Defense IT
A former Unilever executive is officially the next U.S. Department of Defense CIO. The Pentagon CIO is the principal technology advisor to Pentagon leadership and manages the department's information management and IT, and many other critical systems.

Chinese Hacking Group Reportedly Behind the Hack
A top-ranking U.K. government official said that hackers targeted the government's foreign relations ministry but dismissed media reports that the attackers stole a large trove of data. "We managed to close the hole, as it were, very quickly," said Trade Minister Chris Bryant.

Precision Agriculture Boost Yields but Opens Farmers to Cybersecurity Risk
Precision agriculture is transforming U.S. farming with sensors, drones and automation, boosting productivity yields. But growing digital dependence is also expanding the attack surface, exposing farms to ransomware, disruption and rising cybersecurity risk.

Ransomware Gang Rhysida Leaks 3.7TB of Data Stolen From Maryland Hospital System
Maryland-based MedStar Health, which operates 10 hospitals, is notifying patients about a data theft incident affecting their personal information. Ransomware group Rhysida claims on its darkweb leak site to have 3.7 terabytes of MedStar's data, including "over 7 million pieces of patient data."

Also: Texas AG Sues Smart TV Manufacturers, Fortinet SSO Flaws
This week, a leadership shakeup at Coupang, attackers exploited critical Fortinet SSO flaws, Pornhub data hacked, Texas Attorney General Ken Paxton sued smart TV makers, auto finance provider 700Credit disclosed a breach affecting millions, A revived pro-Russia ransomware operation stumbled.

Cisco Talos Attributes Campaign to UAT-9686
Likely Chinese nation-state hackers are exploiting an unpatched flaw in Cisco email appliances as part of an ongoing campaign to gain persistent access. Hackers have been exploiting since mid-November a zero-day in the Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.

Security Needs to Document Risks and Push Back Against Retroactive Accountability
A recent CISO resignation letter exposes a structural flaw in how organizations manage cyber risk. It shows what happens when risk is accepted quietly and accountability is enforced retroactively, and it's a cautionary tale about why CISOs need to actively manage their careers.

More Dry Powder Will Help Cyera Compete Against Proofpoint, Rubrik in AI Agent Era
Cyera in just four years has raised $1.3 billion, the second-largest venture haul for any cyber startup behind only Wiz. The company set its sights even higher in 2026, with media reports that Cyera is set to receive another $400 million - this time from Blackstone - at a valuation of $9 billion.

Ink Dragon Compromised IIS Networks to Relay ShadowPad Malware
A Chinese hacking group is using compromised European government networks as relay nodes to route commands and support other hacking operations. Security firm Check Point attributed the campaign to a Chinese espionage group it tracks as "Ink Dragon."

Experts Say AI Is Already Enabling Faster and Harder-to-Detect Attack Campaigns
Artificial intelligence-fueled malware and automated cyber tools are enabling faster, more adaptive attacks at scale, with experts warning Congress that adversaries are now leveraging AI and quantum advances to outpace defenders and bypass outdated security architectures.

Push Comes as HHS Steps Up Enforcement of Data-Sharing and Record Access Regs
A privacy-minded senator is pressuring U.S. health tech companies to give patients more control over where their patient data goes, framing the matter as a matter of national security as well as privacy. Regulators have ramped up enforcement of rules that promote the interoperability.

Widely Used ukr.net Is a Repeat Focus for APT28 Cyberespionage Operations
Don't expect cyber spies to respect distinctions between military and civilian networks, especially in times of war, warn researchers tracking persistent Russian military intelligence credential-harvesting attacks against users of Ukraine's popular, commercial UKR.NET webmail platform.

Also: macOS Naughty or Nice, Cybercrime Karma, Spoofing Legacy Rail Infrastructure
London in December: Early to dark, quick to rain but also festive - and a mecca for cybersecurity researchers there for the annual Black Hat Europe conference. This year's event featured nearly 50 briefings that touched on everything from hardware hacking to combing infostealer logs for hidden gems.

Practical Steps That Effectively Strengthen Security and Resilience
Cyberattackers know SMBs think they're "too small to be a target" - and they're acting on it. Learn why small businesses are increasingly targeted and the five foundational steps that can significantly reduce cyber risk.