BankInfoSecurity.com

Why Human-Centric Zero Trust Models Fail in a World of Autonomous AI Agents
Zero trust was built for humans, not autonomous AI agents. As organizations adopt agentic AI at scale, human-centric security assumptions break down - creating a paradox between utility and least privilege that traditional zero trust models cannot resolve.

Targeted Threat Intel Firm Shares Details With Police After Honeypot Hit
Getting owned by deception technology isn't good news for one's criminal brand or ability to remain at large. Just ask the band of young hackers behind "Scattered Lapsus$ Shiny Hunters," when one of their ilk fell into a security firm's honeytrap, revealing his actual IP address in the process.

Congress Holds Cyber Funding at 2024 Levels Across Key Civilian Agencies
The fiscal year 2026 budget deal largely locks in federal cybersecurity funding at 2024 levels, stalling growth across key civilian agencies even as lawmakers call for global technology leadership as the U.S. government faces mounting nation-state cyber threats.

Patent Board Decision Invalidating 3 Orca Patents Weakens Case, Leads to Dismissal
After 30 months of legal sparring, Wiz and Orca Security have agreed to dismiss all claims in their cloud security patent dispute. The end of the case comes after a significant setback for Orca: A federal board invalidated three of its asserted patents.

2023 Incident Affected More Than 650,000 Patients, Employees
An upstate New York orthopedic practice has agreed to pay state regulators a $500,000 settlement and implement stronger security practices following a 2023 hack involving the theft of 650,000 individuals' sensitive information. Cybercrime group INC Ransom reportedly claimed credit for the incident.

Agency: Guidance Favors Market Innovation Over Federal Scrutiny
New artificial intelligence-enabled health wearable devices and clinical decision support software will not face U.S. Food and Drug Administration regulatory scrutiny, providing the technology meets certain criteria, such as being "low-risk," the agency said this week.

FCC Lacks Lead for Cyber Trust Mark Program After UL Solutions Steps Down From Post
UL Solutions has exited its role as lead administrator of the FCC's Cyber Trust Mark, leaving the flagship consumer IoT labeling program without oversight just months after internal security reviews raised concerns over foreign influence in program management.

Geopolitics Puts OT at Greater Risk From Nation States, Criminals and Hacktivists
Attacks against critical infrastructure are expected to increase in scope and intensity including hacks on operational technology systems. State actors are now looking for ways to cause damage and disrupt operations, rather than simply steal secrets, according to cybersecurity experts.

Deal Represents Return to Tuck-In M&A for Palo After 3 Multi-Billion Dollar Deals
Palo Alto Networks is in talks to buy Washington D.C-based endpoint security startup Koi for $400 million. Koi is focused on securing extensions, AI models, code packages and containers, and its differentiation lies in mapping, assessing risk and govern the software landscape at enterprise scale.

Terabytes of Data Stolen From Cloud-Based Collaboration Tools, Researchers Warn
Dozens of organizations that use real-time content collaboration platforms appear to have lost not only credentials but also terabytes of hosted data to information-stealing malware being wielded by an initial access broker with a sideline in auctioning large volumes of stolen data.

Why Are Third-Party Vendor Breaches So Hard to Figure Out?
The victim tally of a 2024 hacking incident at back office services provider Conduent again soared after a new regulatory disclosure by the company, in this case to Texas authorities. The company told Lone Star state officials the breach affected nearly 14.8 million Texans, alone.

Chipmaker CEO Huang Launches Alpamayo Models, Rubin Platform
Nvidia CEO Jensen Huang launched Alpamayo, an open reasoning AI model family for autonomous vehicles, and Rubin, a six-chip platform promising AI tokens at one-tenth prior costs. Mercedes Benz CLA will feature the technology in the US this year.

Despite Cisco's Cyber Struggles, the Perks of Offering Asset Management Are Clear
Cisco is eyeing what would be its third-largest cybersecurity acquisition ever, Calcalist reported: a $2 billion buy of New York-based asset management vendor Axonius. The Israeli business publication said Sunday the two sides are in advanced negotiations. Axonius denied the Calcalist report.

CyberArk and Accenture Experts Discuss Modernization, Identity Sprawl, Securing AI
Financial services organizations are accelerating modernization efforts by adopting artificial intelligence, automation and DevOps-driven cloud development, but these initiatives have dramatically expanded their attack surface. As banks and financial enterprises rely more heavily on non-human identities to power applications, integrations and AI-driven workflows, security leaders are struggling to manage the volume, velocity and variety of machine identities across cloud and on-premises environments, said Barak Feldman, senior vice president of solutions engineering at CyberArk, and Rex Thexton, senior managing director at Accenture.

Paper Traces Pandemic-Era Spike in Attacks
One way to look at the novel coronavirus pandemic: A societal experiment in how an oft-overlooked yet essential element of secure networking would stand up to an exploding user base. Unsurprisingly, the rapid uptake of virtual private networks by companies suddenly managing a remote workforce came with significant security costs.

Ransomware Gang Qilin Had Claimed It Stole 852 GB of Health System's Data
Nearly half a million patients of a Catholic healthcare network that serves New England and parts of Pennsylvania began the new year by receiving notifications that hackers may have stolen their health information in a May 2025 hacking incident.

Experts Say Grid Disruption Amid Venezuela Operation Signals Cyber's Expanding Role
Uncertainty surrounds a Caracas blackout that coincided with a U.S. raid to capture Venezuela President Nicolas Maduro, with analysts weighing the plausibility of U.S. forces using cyber as a tool in layered, covert action amid the historic operation.

Insurer's Hack Could Rank as Largest US Health Data Breach Reported in 2025
Supplemental health insurer Aflac is notifying 22.65 million people whose sensitive health and personal information, including Social Security numbers, was potentially compromised in a June data theft incident. The incident will likely rank as the biggest U.S. health data breach reported in 2025.

Critics of South Korea's Coupang Dismiss Offer as Marketing More Than Compensation
After suffering a data breach that exposed personal data for two-thirds of South Korea' population, online retailer Coupang promised to distribute $1.2 billion in vouchers to "restore customer trust." But critics have accused the move of being more about marketing than true compensation.

Cyber Command Involved in Strikes on Caracas
Here's what we don't know: Whether the Caracas grid outage triggered by the U.S. incursion was caused - or at least aided - by a cyberattack. A coordinated attack involving a cyber component against an adversarial electrical grid wouldn't be unprecedented.