DataBreachToday.com

New Research Uncovers Tokenizer Blind Spots in Leading LLMs
Subtle obfuscation techniques can systematically evade the guardrails that today's large language models rely on. Researchers from Mindgard team found that adversaries can "smuggle" malicious payloads past tokenizers using emojis, zero-width spaces and homoglyphs.

Loss of 5% of Staff Is Cybersecurity Industry's Second-Largest Workforce Reduction
CrowdStrike plans to ax 500 employees as the endpoint security behemoth looks to operate more efficiently and uses artificial intelligence to "flatten[s] our hiring curve. The company revealed plans to reduce its nearly 10,000-person staff by 5% to scale its business with more focus and discipline.

Glilot Capital Partners' Kleinstein on How Gen AI Transforms the Security Landscape
Arik Kleinstein, co-founder and managing partner, Glilot Capital Partners, says startups have an advantage over incumbents because they don't have to deal with legacy technology. But he shared some steps startups can take to secure their data and AI models.

Breach Tally Keeps Growing Since Firm Filed Initial Breach Reports Last Month
The count of individuals affected by a hack discovered in December 2024 by Maryland-based Kelly & Associates Insurance Group continues to climb with a new total of 413,032 - up by nearly 150,000 since the company updated its breach disclosure last month. The list of clients affected has also grown.

Ex-Deputy NSA Anne Neuberger on Preparing for AI-Driven Threats
Anne Neuberger, former deputy national security advisor for cyber and emerging technologies, White House, outlines the urgent need for resilient critical infrastructure, strategic AI use in cybersecurity, and enhanced federal-state coordination to protect against evolving cyberthreats.

Don't Fall for Easy Social Engineering Traps, Advises Mandiant
The teenage hackers behind Scattered Spider tend to launch attacks in waves against specific sectors - and it may be the retail sector's turn. High street British mainstays Marks & Spencer, Co-op and Harrods have all felt a wave of incidents.

Google's Phil Venables on How AI Creates Structural Advantage in Security
Amid rising cyberthreats, security leaders are using AI tools to drive business enablement and risk management across their organizations, creating unprecedented opportunities for team transformation and career advancement, said Phil Venables, strategic security advisor at Google.

RSA CEO Rohit Ghai on Security Amid Evolving Threats, Tech Disruption
AI, geopolitical instability and sophisticated cyberthreats are reshaping how organizations must think about risk, resilience and identity. RSA CEO Rohit Ghai discusses identity overhaul for enterprises, moving beyond passwords and an approach to AI-based threats.

AllegisCyber Capital's Bob Ackerman Examines Machine-Speed Defense Requirements
Traditional security analysts can no longer keep pace as attackers use AI to compress breach timelines from months to mere hours, fundamentally altering the cybersecurity landscape, said Bob Ackerman, founder and managing director at AllegisCyber Capital.

Hackers Bypass MFA to Steal Australians' Banking Credentials
Melbourne-based ANZ Bank will introduce passwordless authentication for digital banking services amid news that hackers have stolen the banking credentials of tens of thousands of Australians. Cybercriminals used infostealer malware to steal the credentials of more than 30,000 Australians.

Critics Say Public Benefit Corporation Model May Undermine AI Safety and Oversight
OpenAI’s nonprofit parent will retain control as its for-profit subsidiary becomes a public benefit corporation. While the company frames the change as mission-driven, critics fear it may strip the nonprofit of meaningful control and expose AGI development to uncontrolled commercial interests.

Hacker Breaches Government-Approved Messaging App Used by Top Trump Officials
A Signal clone messaging app apparently being used by top advisers to U.S. President Donald Trump abruptly went dark Monday following a reported hacking incident. TeleMessage said it temporarily suspended messaging services "out of an abundance of caution."

Huione Group Helped Criminals Launder Over $4 Billion Worth of Cybercrime Proceeds
The U.S. Department of Treasury set in motion a process to ban a Cambodian company's access to the dollar financial system for running a vast illicit marketplace for cybercrime tools and laundering billions of dollars on behalf of North Korean and other cybercrime groups.

Wiz's Ami Luttwak on Managing the 'Speed of AI' Trade-Off in Security Control
"AI is the fastest adopted technology in the history, in the enterprise," said Ami Luttwak, co-founder and chief technology officer at Wiz, explaining how AI-enabled application development has outpaced the speed at which security personnel try to attain complete visibility over stored data.

Elastic CEO Ash Kulkarni on How AI Transforms Security Data Analysis
Ash Kulkarni, CEO at Elastic, discussed how bug bounty projects and close scrutiny by millions of developers worldwide have made open-source projects more secure than proprietary solutions. He recommends open APIs and interoperability as the future of effective security solutions.

Ex-Interpol Director Craig Jones on How Geopolitics Affects Global Cybercrime
Geopolitical conflicts have affected intergovernmental cooperation. Craig Jones, immediate past director of cybercrime at Interpol, says geopolitical instability has pushed countries to shift their focus toward data sovereignty, scrutinizing data storage, access and regulations.

Phosphorus Cybersecurity's Phillip Wylie on Asset Inventory, Password Hygiene
Organizations inadvertently create cybersecurity gaps by trusting connected devices. Threat actors are shifting tactics to exploit IoT vulnerabilities when traditional attack vectors strengthen, said Phillip Wylie, xIoT security evangelist at Phosphorous Cybersecurity.

Mickey Bresman Discusses Gaps in Preparedness and Tabletop Execution
Security leaders are placing more focus on cyber resilience as regulations tighten worldwide. Mickey Bresman, CEO at Semperis, said frameworks such as the SEC’s cybersecurity disclosure rule and Europe's DORA regulation are forcing organizations to build and test disaster recovery plans.

Ulla Coester on Ethical Design and the Role of the EU AI Act
Unclear threats and unpredictable behavior complicate global trust in AI. Building a shared understanding through adaptable governance helps create consistent expectations for responsible development across societies, said Ulla Coester, project director, Fresenius University of Applied Sciences.