DataBreachToday.com

ShinyHunters Campaign Uses Voice Phishing to Bypass MFA and Steal Corporate Data
Security experts warn that "an active and ongoing campaign" being waged by ShinyHunters extortionists has at least 150 organizations in its sights across a range of sectors, with attackers using live voice phishing to bypass multifactor authentication, steal cloud data and hold it to ransom.

Web-Based Client on Local Host Didn't Sanitize Inputs
Video camera surveillance management software made by South Korean manufacturer Idis is susceptible to a one-click attack giving hackers the power to execute arbitrary code. The vulnerability allows an attacker to escalate beyond the browser sandbox and achieve code execution on the host.

Reported Victim Tally in HCIactive's Health Data Theft Incident Soars
The victim count in a 2025 hack against a Maryland-based firm that provides "AI-powered" administrative and technology services to healthcare practices soared to nearly 3.1 million nationwide, according to an updated breach report from Healthcare Interactive.

CIO Elliott Cheu on Identity Upgrades, Unified Support and Research-Ready Systems
The University of Arizona is advancing a campus-wide modernization and security agenda by centralizing a previously fragmented IT environment and unifying core platforms that support teaching, research and operations, said Elliott Cheu, CIO at the university.

CISA Urges Agencies to Treat Quantum Readiness as a Standard Buying Expectation
The Cybersecurity and Infrastructure Security Agency is urging agencies to treat post-quantum cryptography as a near-term procurement expectation, signaling that information technology products should embed quantum-resistant security now to avoid rushed retrofits before federal migration deadlines.

Trellix Says Email, Identify Failures Are Among Top Vectors in Health Compromises
Of the millions of threats detected in healthcare IT environments last year, email phishing, identity failures and device vulnerabilities were among the top vectors for non-clinical IT compromises - often "cascading" and disrupting patient care, said a new report from security firm Trellix.

Digital Risk Protection Startup to Expand Preemptive Scam Detection Tools
With brand impersonation and account takeover attacks surging, Memcyco raised $37 million in Series A funding to scale its preemptive scam detection platform. The firm plans to grow its sales team, develop AI-based features and support new product launches in the coming year.

Cisco Research Shows How AI Is Reshaping Data Privacy and Governance
Enterprise data privacy and governance are undergoing fundamental shifts as the promised speed and efficiency of artificial intelligence come crashing into the realities of data risk and regulatory uncertainty.

How Consolidation Is Forcing CISOs and CIOs to Rethink Security Architecture
For more than a decade, enterprise security has relied on point solutions. Companies invested in separate tools - endpoint detection, firewalls, cloud security and IAM - each designed to address a specific threat or compliance requirement. But that approach is starting to break down.

Booz Allen Loses Treasury Work in Move Tied to Trump Waste Crackdown
The U.S. Department of Treasury said it canceled all active contracts with Booz Allen Hamilton, citing data protection failures in handling taxpayer information. Treasury cited a criminal case against Charles Littlejohn, a former employee who leaked the tax returns of President Donald Trump.

Claroty CEO Yaniv Vardi Outlines IPO Strategy and Growth Through Acquisition
Claroty’s $150 million Series F funding round will help scale its platform for protecting critical infrastructure with embedded AI. CEO Yaniv Vardi says the company aims to reach profitability, pursue M&A and strengthen verticalized offerings for the healthcare, manufacturing and industrial spaces.

Series B Round at $1.5B Valuation Backs Push Into AI, Application and Data Security
Cloud security startup Upwind has raised $250 million to expand its CNAPP capabilities beyond detection and response. The company aims to accelerate engineering investment and move into high-demand categories such as AI and data security, achieving a $1.5 billion valuation.

Nearly 60% of Tech Students Said They'd Violate HIPAA If the Price Was Right
Budding IT insiders can be corrupted into giving up protected health information of a very famous patient, say State University of New York at Buffalo researchers who also found a correlation between an interest in white hat hacking and illegal breaches.