BankInfoSecurity.com

Google Cloud Capacity Could Help Anthropic Ease Model Growth Constraints
Google's up to $40 billion bet on Anthropic would deepen its role as investor, cloud supplier and Gemini rival while giving the San Francisco-based Claude maker critical compute capacity amid surging demand and scrutiny of circular AI infrastructure deals.

CIOs Face Growing Pressure on Risk, Data and Board Reporting
As AI moves deeper into enterprise operations, CIOs are being pushed to turn governance principles into practical controls, board reporting and risk oversight, according to a survey by The Conference Board's Governance and Sustainability Center.

Governments Have Long Warned About Kremlin Social Engineering Hacks
Signal is defending the security of its systems following a series of phishing attacks that took place on the encrypted messaging platform, and that reportedly compromised members of the German government including the president of the country's parliament.

Exclusion of OT From AI-Powered Vulnerability Discovery Poses Risks to National Security
Hyperscalers and IT behemoths are on the list, while OT companies are not. The list in question includes the companies that have special access to powerful new models from the two major U.S. frontier AI labs to identify vulnerabilities before hackers get access to similar technology.

How Risk-Centric Architecture, Unified Pricing Give SOC Managers Total Visibility
Security teams can't afford to leave assets unprotected, but per-endpoint pricing forces exactly that trade-off. Learn how abandoning rigid license models and adopting risk-centric architecture gives SOC teams total visibility and kernel-level prevention across every environment.

AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity Vulnerabilities
Researchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems.

Claude-Powered Tool Deletes Production Data, Then Explains Its Failures
A Claude Opus 4.6-powered coding agent erased three months of PocketOS production data in a single API call after misusing an over-permissioned token. The system later, when prompted, admitted to violating safety rules.

An On Demand video from ID Dataweb
Scattered Spider is rapidly expanding its reach, exploiting identity processes and help desks to infiltrate organizations. Discover their tactics and the steps you can take now to reduce risk. Watch the webinar.

Digital Passkeys That Synchronize Across Devices Are Easier, Faster, More Secure
Forget passwords: British cybersecurity officials now recommend using digital passkeys whenever they're available, finding that passkeys offer better and faster security, with lower costs for services that provide them, compared to widely despised passwords.

Why AI and Traditional Penetration Testing Must Converge
As artificial intelligence red teaming evolves beyond prompt injection, security teams must combine data science, model testing and traditional penetration testing to assess risks across the full attack surface.

Prolific ShinyHunters Extortion Group Made 'Pay or Leak' Threat to Victim
Home security giant ADT has suffered a data breach that appears to have exposed personally identifiable information tied to 5.5 million customers. Prolific extortionist group ShinyHunters claimed credit for the attack, saying it stole Salesforce data after socially engineering an ADT employee.

Video of Industry Figures Harvested During Meetings and Used to Lure Future Victims
North Korean hackers are pretending to be cryptocurrency insiders, in an attempt to trick targets into accepting Calendly calendar invites. The social engineering ruse is designed to infect Windows and macOS systems with crypto stealers, and to harvest video of real-life people for future lures.

Cybercrime Gang ShinyHunters Claimed to Steal 9M Records
Medtronic has told federal authorities that cybercriminals hacked its corporate IT systems, but said the incident did not affect the medical device makers' products, manufacturing or distribution operations. Cybercrime gang ShinyHunters reportedly claimed responsibility for the hack.

Former Officials, Tech Groups Say Anthropic Designation Is Illegal - and Dangerous
Former U.S. defense and intelligence officials argue the Pentagon's designation of Anthropic as a supply-chain risk was politically motivated and legally flawed, warning it could erode trust in government contracting and weaken the defense AI ecosystem.

Also: Embedded AI in Pharmaceutical Sector, the Story Behind Apple's CEO Change
In this week's panel, four ISMG editors examine what’s really behind Apple's CEO transition, how pharmaceutical giants are racing to embed artificial intelligence across core operations, and why AI-driven threats are forcing a rethink of how quickly defenders can respond.

'Firestarter' Backdoor Can Survive Reboots, Upgrades and Standard Fixes
The Cybersecurity and Infrastructure Security Agency issued an emergency directive warning a newly-discovered Cisco backdoor can survive routine remediation processes, forcing agencies to investigate edge devices that anchor federal firewall and VPN security.

HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis Failures
Faulty or non-existent security risk analyses cost a medical imaging provider, a women's healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn't do enough to prevent ransomware attacks.

Acquisition Adds Advisory, GRC and Vulnerability Services to ImagineX's MDR Core
TekStream acquired ImagineX’s cyber division to integrate advisory, vulnerability management and GRC with its MDR services, aiming to help CISOs defend against faster, AI-driven attacks by unifying proactive and reactive security into a single operational model.