DataBreachToday.com

Juvenile Male Tied to Hack Attacks Against MGM Resorts and Caesars Entertainment
The net continues to close on suspected members of the notorious ransomware-wielding group called Scattered Spider, with Las Vegas police announcing the arrest of a teenage, juvenile male suspect tied to 2023 attacks that hit MGM Resorts and Caesars Entertainment.

CISOs, Regulators and Innovators Unite in New York to Safeguard Healthcare's Future
From discussions on health data explosion to the keynote on AI deployment, the Healthcare Security Summit: New York offered practical strategies to manage data risks, ensure continuity of patient care and prepare for a regulatory landscape that is rapidly reshaping cybersecurity priorities.

Speaker for Upcoming CS4CA Europe London Event Discusses OT Risk and Collaboration
IT and OT teams at critical infrastructure companies face the imperative of balancing digitalization and automation with cybersecurity. In advance of the CS4CA Europe London Conference (Sept. 30 - Oct. 1, 2025), event speaker Marta Majtenyi previews some of the major themes.

Major European Airports Continue to Face Service Disruptions Following Friday Hack
European cyber defenders classified as a ransomware attack an incident that disrupted several major European airports including London Heathrow resulting in flight cancelations and delays over the weekend and Monday.

Airports in Brussels, Berlin, and the UK and Ireland Impacted
Flight cancellations and delays lasting hours at several major European airports including London's Heathrow on Saturday occurred after a cyberattack against a provider of check-in and boarding systems. Hackers late Friday targeted software developed by Collins Aerospace.

New Texas health information legislation that began to go into effect on Sept. 1 includes several noteworthy provisions including requirements related to health record data storage and artificial intelligence, said regulatory attorney Rachel Rose. Rose explains the significance of the new state law.

Hackers Accessed Backup Firewall Preference Files
Firewall maker SonicWall is telling customers to reset credentials after hackers stole firewall configuration backup files stored in its cloud service. Hackers launched brute force attacks against servers storing backup files. They stole configuration data of roughly 5% of the install base.

Funding Supports Threat Hunting, Natural Language to Replace Legacy Detection
Vega aims to replace patchwork AI integrations with an analytics layer that enables real-time, natural language detection across distributed data. Backed by Accel, the company will double headcount, improve detection tuning and reduce false positives without a SIEM rip-and-replace required.

FBI Director Claims 'Supremely Qualified' Unnamed Leaders Replaced Cyber Officials
The FBI is facing growing scrutiny over reported unfilled cyber leadership roles and morale issues following politically charged dismissals, even as cybercrime hits $16.6B and hackers spoof FBI platforms - raising concerns about the bureau’s readiness to counter digital threats.

Startup Simulates Offensive and Defensive AI to Test and Thwart AI-Based Threats
Irregular secured $80 million in funding to turn its research into scalable security tools for businesses adopting AI. With growing offensive AI capabilities, the company is racing to productize simulations that detect vulnerabilities before attackers do.

Default credentials, weak passwords, misconfigurations and a variety of other security shortcomings are exposing millions of medical devices and their data on the internet, said Soufian El Yadmani, CEO and co-founder of Modat, who shared recent research findings.

Users Download Malware in Bid to Placate Meta
A newly surfaced FileFix social engineering campaign puts a new spin on ClickFix attacks by goading users into loading malware under the guise of reporting a wrongful account suspension to social media giant Facebook. Victims likely get sucked into the scam by following a link from a phishing email.

Also, Colt Services Outage Persists, Finland Charges Americans in Vastaamo Hack
This week, Microsoft hit RaccoonO365, Colt Technology Services, Finland charged a U.S. citizen in Vastaamo hack. RevengeHotels hackers used AI, Meta can't overturn a privacy case verdict. Chinese hackers unleashed spear phishing emails. Prosper confirmed a data breach, as did Kering fashion houses.

Silicon Valley Startup Brings AI Agent and Prompt Injection Protections to Falcon
CrowdStrike plans to purchase Pangea to add native AI detection and response capabilities to its Falcon platform. The company says the acquisition will help secure AI models and users alike from preventing prompt injection to tracking agent activity across enterprise environments.

Senate Homeland Security Cancels Markup Session
Lawmakers are racing to extend a key cyber sharing law before it expires Sept. 30, but partisan gridlock and proposed restrictions on the U.S. cyber defense agency's disinformation work threaten reauthorization - risking federal insight into active threats and chilling private cooperation.

A new AI-powered clinical decision support system developed by Google and NASA aims to help astronauts diagnose and treat medical issues during space missions - even when real-time communication with Earth is unavailable, said Chris Hein, field CTO of Google Public Sector.

JavaScript Repository Contends With Wormable Malicious Code
An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has called one of the most severe JavaScript supply-chain attacks so far. A malicious script exfiltrated data to GitHub repositories named "Shai-Hulud."

New Safeguards Follow Teen Suicides Linked to ChatGPT and Other AI Chatbots
OpenAI is rolling out new safeguards in ChatGPT to protect younger users by adding age estimation tools and, in some cases, requiring ID verification for those claiming to be over 18. The move follows growing scrutiny over the impact of chatbots on teenagers.