DataBreachToday.com

Scenario Planning Must Model Disruption, Strengthen Cyber Basics, Build Redundancy
IT organizations know how to plan for outages, but even the most rigorously designed strategy is vulnerable to the shifting winds of geopolitics. CIOs and technology leaders need to know how their organizations will respond to geopolitical disruptions, and scenario planning needs to be a priority.

How to Deal With Having Influence Without Authority in Cybersecurity Roles
In some cybersecurity organizations, expertise and visible leadership don't reside in the same role. Usually, the person with the most influence on cybersecurity decisions is the owner, but it does not always work out that way. Fortunately, there are things you can do to change that for your career.

Stealthy Group Taps Blockchain 'EtherHiding' to Facilitate Victim Communications
The DeadLock ransomware group, a newly emerged digital extortion group, is using blockchain smart contracts to store proxy server addresses for facilitating ransomware negotiations with victim organizations. The technique suggests the group is made up of experienced cybercriminals.

3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging Face
Researchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by models with tens of millions of Hugging Face downloads, allowing attackers to hide malicious code in model metadata.

$420M Deal Enables Web Detection and Response, Secures AI-Driven Browser Activity
CrowdStrike is bolstering its Falcon platform with browser-native web detection and response by acquiring Seraphic for $420 million. The technology helps protect AI workflows by securing any browser against data leakage, session hijacking and other web-based threats.

Cause Unknown But Many Previous Outages Due to Software Misconfiguration
Verizon customers along the Eastern Seaboard and Southern parts of the United States lost mobile phone connectivity Wednesday in an incident that appears to have peaked around 1 p.m. Eastern Standard Time.

University of Hawaii Cancer Center Paid Ransom
Cancer patients who participated in University of Hawaii Cancer Center studies during the 1990s may soon receive a notification that ransomware hackers stole their data in an August 2025 incident. Experts said the hack spotlights concerning risks involving compromises of medical research data.

Startup Targets MSSPs and MDR Vendors, Shadow AI Detection and Global Growth
WitnessAI has raised $58 million to scale its AI network and agent protection platform worldwide. The funding will help the firm build MSSP-ready offerings, detect unauthorized AI agents and enforce security policies across employee and customer LLM use cases.

Analysts Warn Foreign Adversaries Gaining Footholds in US Networks
Cyber policy analysts told lawmakers that the United States' cyber deterrence efforts are failing, allowing China and others to embed in critical infrastructure networks with minimal cost, while calling for faster, coordinated offensive actions across federal agencies.

Experts on How CIOs Can Avoid 'Geopolitical Lock-In' in AI, Cloud and Supply Chains
Geopolitical instability is a part of reality in 2026, and the stakes are high for CIOs who must rely on global supply chains to develop IT, artificial intelligence, cloud and cybersecurity strategies.

How UX Decisions Are Becoming Regulatory Liabilities for CISOs
Children's data is entering a new regulatory era where dark patterns, defaults and monetization choices can signal breached fiduciary duty. As privacy, safety and consumer laws converge globally, CISOs must treat manipulative UX, consent flows and retention practices as core security and governance risks.

Growing Third-Party Breach Trend Is Spreading to AI Suppliers
IT organizations have built processes for reducing vendor risk, but in the AI era, that operating model is being dismantled. Modern AI environments are built on dynamic external foundational models, countless APIs, open-source components and continuous data pipelines that pose risks.

Black Duck Researchers Discover Flaw in Widely Used Broadcom Chipset
A flaw in Broadcom chipsets commonly used in wireless routers allows attackers to repeatedly knock offline the 5 gigahertz band, no matter how strong the security settings, say researchers.

Digital Skimming Attacks Spoof Stripe Payment Forms to Steal Payment Card Data
Magecart-style digital skimming attacks targeting payment card data continue, with researchers detailing an active campaign targeting the popular WooCommerce platform and Stripe. Separately, widely used ConnectPOS exposing its code repository for years, posing a supply-chain risk for customers.

CyberArk and Accenture Experts Discuss Modernization, Identity Sprawl, Securing AI
Enterprises are embracing modernization by adopting artificial intelligence tools, automation and DevOps-driven development in the cloud, but these new platforms have introduced an attack surface saturated with human and machine identities, said CyberArk's Barak Feldman and Accenture's Rex Thexton.

Former AWS Exec Nancy Wang to Lead 1Password's Agentic AI Security Strategy
1Password named former AWS executive Nancy Wang as chief technology officer to oversee the evolution of its platforms to manage new artificial intelligence-driven workflows. "Agents are really their own class of identities," Wang said.

NIST Seeks Input to Protect AI Systems Used in Government, Critical Infrastructure
The National Institute of Standards and Technology is seeking public input from security experts and stakeholders to weigh in on security threats from agentic AI warning they may be vulnerable to exploits like hijacking, backdoors and misaligned behavior across federal networks.

New CEO Jesper Zerlang Plans Global Growth, US Push and Vertical Expansion
Former Logpoint chief Jesper Zerlang, now CEO at SecurityBridge, says SAP security remains a weak link in enterprise risk strategies. As CEO of SecurityBridge, he’s launching a global expansion and leaning into the company's product differentiators to fill the gap.

Why Identity Life Cycles, Visibility and Privilege Are Falling Out of Sync
Modern enterprises are struggling to maintain control over identity management. While authentication still works, a systemic drift in how identities are created and discarded is creating an expanded attack surface that adversaries are increasingly exploiting.