BankInfoSecurity.com

AI Is Now the Top Focus for Modernization to Relieve Budget, Staffing Pressures
According to the National Association of State CIOs, this year AI tech - including generative and agentic AI - is the top strategic initiative for state CIOs - marking an "unprecedented" shift in IT priorities, said NASCIO Executive Director Doug Robinson. In fact, AI first appeared on the organization's annual survey of state and territory CIOs just three years ago.

Secure-by-Design Startup Uses AI Agents to Safeguard Containers, VMs and Libraries
Cloud security startup Echo has closed a $35 million Series A funding round to boost development of its AI-native OS. The platform starts with secure container images and aims to extend to VMs and libraries, helping enterprises minimize risk from open-source software.

Deal Would Move ServiceNow's Cybersecurity Ambitions From the Shadow to Spotlight
ServiceNow's security business has long been a sleeping giant inside the workflow orchestration behemoth's portfolio that in recent months appears to have awoken. With the buy of Armis possibly imminent, ServiceNow's security ambitions appear to be moving from the shadows to the spotlight.

2 More Vulnerabilities Need Patching in React Server Components, Warns Vercel
Mass exploitation of the "React2Shell" - CVE-2025-55182 - vulnerability remains underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals running everything from cryptomining malware to DDoS services, security experts warn.

ServiceNow's Neeraj Jain on Risk Mitigation and Real-Time Data Access for AI Agents
Enterprises that embed governance from intake to deployment scale AI faster than those that bolt it on afterward. Clear frameworks mitigate risk, ensure compliance and increase operational efficiency, says Neeraj Jain, director of product management, hyperscalers and multi-cloud at ServiceNow.

National Accident Health Says Breach Exposed Medical Info of 181,000 People
A Maine-based third-party administrator that handles healthcare claims involving day care centers, youth sports and NCAA athlete accidents is notifying more than 181,000 individuals that their medical information and personal identifiers may have been accessed or stolen in a hacking incident.

Cyderes Aims to Fuse Identity, AI and Risk Signals in One Platform With Lucidum Buy
Cyderes has acquired Lucidum to expand its identity threat detection capabilities. Lucidum’s unique tagging and data integration will strengthen Cyderes' AI engine, enabling earlier detection of threats and human risk-based response by unifying off-SIEM telemetry with identity data.

Black Hat's Jeff Moss: 'We're in a Political Situation, Whether You Like It or Not'
Technology doesn't exist in a vacuum, and by extension neither does cybersecurity. But in recent years, Black Hat founder Jeff Moss said he's been "struggling" with the "uncomfortable truth" that unlike the largely risk-free early days of hacking, today "all tech is political."

Defense Bill Expands Cyber Authorities, Tech Adoption and Talent Pipeline
Congress advanced a $15.1 billion military cyber budget in the fiscal year 2026 National Defense Authorization Act, boosting core operations, workforce recruitment and tech modernization as civilian cyber teams face sharp staffing losses and budget constraints.

Companies Are Among the Latest HIPAA Business Associates Revealing Recent Hacks
New York-based medical supply fulfillment company Fieldtex is notifying its clients and more than 274,000 people about an August hack. Meanwhile, revenue cycle software firm TriZetto is also contacting its customer and patients about its own hacking incident.

Also: Australia's AI Policy Backtrack, Legal Protections for White Hat Hackers
In this week's ISMG Editors' Panel, four editors explored Australia's shift in artificial intelligence regulatory policy, a resurgence of white hat hackers in the news and the shadow Telegram market of Russian fraudsters who are selling identities of former U.S. immigrants for $1,000 a person.

Hackers Target French Interior Ministry, Germany Summons Russian Ambassador
The French Ministry of Interior is investigating a suspected nation-state cyberattack that targeted its email server. Additionally, the German government on Friday attributed a 2024 hacking incident on air traffic control systems to Russian nation-state hackers.

Elastic Is Scaling Security Training With Modular Learning, Hands-On Skills-Building
Elastic is evolving its security training to modular, on-demand formats - at no cost - to reach more learners. It is focusing on short, feature-focused modules that provide flexible, practical skill-building without replacing premium instructor-led courses.

Ukrainian National Twice Indicted in Los Angeles for Pro-Russian Hacking
U.S. and allied agencies warned of low-skill Russian-linked hacktivists breaching critical infrastructure by exploiting weak remote access tools, as federal prosecutors charged a Ukrainian national with helping orchestrate operations targeting water and energy systems.

Boards are becoming increasingly focused on understanding the mechanics and implications of agentic artificial intelligence, but traditional governance processes aren't built for the speed and complexity of today's AI-driven innovation cycles, said JoAnn Stonier, former chief data and AI officer at Mastercard.

Also, Dutch Defend the Nexperia Takeover, Hikvision Challenges FCC, Qilin Strikes
This week, likely North Korean hackers exploited React2Shell. The Dutch government defended its seizure of Nexperia. Prompt injection may be here to stay. Hikvision pushed back against a new U.S. crackdown. Qilin claimed it hacked Scientology, Microsoft Patch Tuesday and MuddyWater activity.

AI Firm Says New Models May Be 'High Risk' as Dual-Use Capabilities Grow
OpenAI said Wednesday it is preparing for artificial intelligence models to reach "high" cybersecurity risk levels, marking an escalation in the dual-use capabilities that could strengthen defenses or enable sophisticated attacks.