Ransomware DataBreachToday.com

Analyzing Measuring What Matters, Not What Models Practice
In the frenzy to top leaderboards, AI teams optimize for benchmarks rather than genuine progress, and as a result, scores on static tests tell us more about a model's memorization tactics than its ability to navigate real world environments.

Unauthenticated Hackers Exploit CVE-2025-31324 to Upload Webshells
Threat actors are exploiting a zero-day flaw in a partially deprecated SAP tool still widely used by governments and businesses. On Friday, SAP's security division, Onapsis, disclosed that CVE-2025-31324 is "actively exploited in the wild."

Co. Is Already Facing Several Lawsuits Based on Its Much Lower Victim Estimates
Employee benefits administrator Verisource Services Inc. has told regulators that a hack discovered in February 2024 has affected 4 million individuals, up significantly from initial estimates reported last summer. The company already faces several lawsuits involving its earlier lowball estimates.

4-Day Cybersecurity Event Covers Emerging Tech, Latest Cyberthreats
ISMG Editors convened in San Francisco for coverage of RSAC Conference. Panelists shared an overview of opening-day speakers and hot topics, including the growth of AI, uncertainties in the global threat landscape, the Innovation Sandbox contest and Cryptographers' Panel session.

US Cyber Agency Denies Looming Deadlines Amid Reports of Expanded Workforce Buyouts
The U.S. Cybersecurity and Infrastructure Security Agency on Friday dismissed as false reports of a looming buyout deadline and expanded resignation offers, calling them misinformation. There is no Monday deadline, a spokesperson said.

Company Eyes Product Innovation and Strategic M&A After Rapid 30x ARR Growth
CEO Varun Badhwar says Silicon Valley-based Endor Labs will use its $93 million Series B funding to build AI-powered code security tools, boost community outreach and target key acquisitions, helping enterprises secure faster, AI-assisted software development.

Challengers Include Ex-OpenAI Staff, Geoffrey Hinton, Margaret Mitchell
A coalition comprising AI experts and former OpenAI staffers urged regulators to halt the artificial intelligence giant's plan to convert into a for-profit corporation. They contend that handing over full operational reins could dismantle safeguards to ensure AI serves humanity, not shareholders.

Tests Suggest OpenAI's Latest Model May Not Meet Alignment Expectations
OpenAI touted GPT-4.1's debut earlier this month as a landmark in instruction-following finesse, but independent testers have discovered errors that its predecessor GPT-4o appeared to handle better. The company rolled out GPT-4.1 without its customary deep-dive safety dossier.

Tyler Buchanan, a 23-year-old Scottish Man Extradited to the US on Wednesday
Spanish authorities extradited on Wednesday the suspected head of the Scattered Spider cybercrime group to the United States, where he is being held without bail in a downtown Los Angeles federal prison. Tyler Buchanan, 23, faces charges for wire fraud, aggravated identity theft and conspiracy.

Hackers Hit Maryland Medical Group and California Hospital, Claim 480 GB Data Theft
Two separate ransomware hacks of a Maryland medical group and a California hospital resulted in data thefts affecting more than 1.1 million patients, according to recent reports to regulators. Cybercriminals claim to have leaked 480 gigabytes of data from one of the attacks.

Hackers Deploying Infostealers for Data and Credential Theft
Hacks targeting cloud infrastructure rose significantly last year, with attackers exploiting misconfiguration and single sign-on features to deploy infostealers for data and credential theft. Hackers target centralized cloud assets secured with single sign-ons.

Experts Say White House AI Plan May Spur Innovation But Leave School Data at Risk
The White House issued an executive order Wednesday to expand the use of new artificial intelligence tools in U.S. K–12 schools, drawing expert warnings over the lack of cybersecurity safeguards to prevent data leaks or misuse by AI firms for model training.

Also: Braiscompany Execs Sentenced, Addressing Bitget's Trading Anomaly
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, stolen KiloEx funds returned, Braiscompany execs sentenced, Bitget trading anomaly, Bybit case update, SEC's new chair, eXch shuttering, Oregon attorney general sued Coinbase, new Android malware and bug in XRP Ledger.

Also, Blue Shield Breach Exposes 4.7M, Cyberattack Disrupts City Systems in Texas
This week, Cookie Bite bypasses MFA in Azure Entra ID, Microsoft fixed RDP Freezes, a ransomware attack in Catalonia, Blue Shield exposed data to Google, a cyberattack disrupted city systems in Texas, South Korean telecom breach exposed USIM data and a warning about North Korean IT deepfakes.

Incident Is Largest Health Data Breach Reported So Far to Feds in 2025
Yale New Haven Health System is notifying more than 5.5 million patients that their information was potentially among data stolen in a March hack. The incident, which is among several other recent major hacks, ranks is the largest health data breach reported to federal regulator so far this year.

Void Dokkaebi Campaigns Using Russia for Cryptocurrency Theft
North Korean hackers look north toward Russia for the internet infrastructure behind the many online scams that Pyongyang has built to funnel stolen cash into the rouge nation. Void Dokkaebi hackers participate in the North Korean scam of social engineering IT job seekers.

AI-Powered Tools Protect Containerized Environments Against Sophisticated Attacks
Container security experts skilled in AI-driven defense tools are becoming critical as organizations rely more on containerized applications. These experts must contend with ephemeral workloads, secure CI/CD pipelines and implement real-time anomaly detection to protect cloud-native environments.

European Commission Also Fines Apple 500 Million Euros
European regulators said Facebook conducted an end run around privacy regulations by requiring users to pay a monthly subscription fee or else accept that their personal data would be fed to advertisers. The European Commission fined the social media giant 200 million euros.

Breach Victim Tally Soars Since Firm Filed an Initial Breach Report in Early April
Kelly Benefits is notifying nine large clients and nearly 264,000 individuals that their sensitive personal information was potentially compromised in a December data theft incident. The tally of affected people has climbed eight-fold since the company’s first estimate earlier this month.

2019 Phishing Incident at California-Based PIH Health Affected Nearly 190,000
A regional healthcare network with three California hospitals serving Los Angeles and Orange Counties has agreed to pay federal regulators $600,000 and implement a corrective action plan to resolve potential HIPAA violations identified during an investigation into a 2019 phishing breach.