DataBreachToday.com

Cancer research and treatment innovation - and the tech that powers that - requires a great deal of collaboration and data sharing among multiple parties. But keeping that sensitive information secure and private is crucial - and requires adherence to standards, said Baxter Lee of Clearwater.

Dell's AI Blueprint for Identity, Agents and Agentic Infrastructure
Going all-in on AI with a top down strategy and a ravenous appetite for innovation has helped Dell transform its operations and grow revenue by $30 billion, and the company's evolution lays out a blueprint for how CIOs should think about building infrastructure for AI and managing an army of agents.

Startup Native Targets Enterprise Policy-to-Architecture Gap Across Clouds
Startup Native emerged from stealth with $42 million to advance a proactive cloud security model that enforces policy-driven controls, helping enterprises manage AI-driven threats and maintain consistent protections across complex multi-cloud environments.

AI, Robotics Leaders Warn Chinese Robots Could Disrupt Sensitive Operations
Witnesses told a U.S. House Homeland Security panel that Chinese-developed AI robotics platforms could give Beijing new avenues for surveillance, disruption and physical harm across critical sectors, and urged restrictions on federal use as China expands its industrial dominance.

Chinese Hacking Firm iSoon and Iran's Emennet Pasargad Among Targets
The European Union sanctioned three Chinese and Iranian hacking operations that have been under U.S. indictments or sanctions for over a year - or, in one case, since 2019. The sanctions freeze assets and forbid EU citizens and companies from funding or otherwise doing business with the targets.

State CIO Tim Galluzi on Identity Modernization, AI and Resident Services
The State of Nevada is accelerating its cybersecurity and digital modernization efforts after a major ransomware attack exposed the importance of resilience, workforce readiness and strong governance, said State CIO Tim Galluzi.

Individual Vulnerability Severity Not Always a Good Measure of Risk Exposure
A mainstay of IT security programs across the world, the Common Vulnerability Scoring System, may have terminal flaws when applied to the mirror universe of operational technology - a place where ordinary assumptions about risk don't apply.

Program Offers Up to $100K for Security Upgrades and $50K for Assessments
New York is rolling out new cybersecurity regulations for water and wastewater utilities, requiring operators to conduct risk assessments and deploy security controls while offering $2.5 million in grants to strengthen defenses against rising cyberthreats targeting critical infrastructure.

House Democrats Demand Probe Into Former CISA Head Gottumukkala Poly Failures
Five U.S. Democratic lawmakers called for an investigation into a series of escalating controversies surrounding Cybersecurity and Infrastructure Security Agency leadership, following allegations that ex-Acting Director Madhu Gottumukkala bypassed established intelligence protocols.

Directory Traversal Flaw Found in Companies House
The British government's company register service temporarily deactivated its online filing service after someone found a serious vulnerability that allowed people to access directors' sensitive personal data and potentially even amend companies' records or file bogus accounts on their behalf.

Rising Liability Risks Are Reshaping the CISO Role and Cybersecurity Leadership
As regulators pursue accountability after major breaches, CISOs face growing personal liability. This is changing how security leaders report risk, weakening security culture and making the role less attractive to experienced practitioners.

Real and intense financial pressures on rural and small healthcare clinics mandate making difficult decisions on allocating funds to cybersecurity, said Greg Sieg, CISO at the University of Michigan Regional Health Network. "The funding is just not there."

Attorneys can conduct security risks assessments under the color of client privilege, making it less likely to surface in discovery during litigation. But healthcare firms should consider the cons before they take that route, said attorney Adam Greene, partner at the law firm Davis Wright Tremaine.

An identity-based microsegmentation deployment at Main Line Health in Philadelphia is helping to control how its roughly 60,000 devices communicate across the network in order to protect clinical operations and limit the impact of potential cyberattacks, said Main Line Health CISO Aaron Weismann.

Cybersecurity Requirements Could Clash With Right-to-Repair
Automakers are generally on track to implement new EU cybersecurity requirements in tailpipe emissions regulations instigated by the long shadow of Volkswagen's emissions scandal, but there could be a clash between those new rules and others that are intended to guarantee the right-to-repair.

Bold Plan Raises Hard Questions About Execution, Liability and Oversight
The Trump administration's national cyber strategy calls for a stronger partnership between the federal government and private companies, heralding a shift in the ways private enterprise could participate in offensive operations against nation-state adversaries, ransomware gangs and cybercriminals.

Also: the Pentagon-Anthropic AI Legal Showdown, the New Reality of Document Fraud
In this week's panel, four ISMG editors discuss the cyber activity tied to the U.S.-Israel-Iran conflict, the Pentagon's standoff with AI firm Anthropic and a new report that reveals how document fraud reflects deeper weaknesses in verification systems.

New Startup Says Cloud-Heavy Models Do Not Scale for Large Enterprises
Bold Security exited stealth with $40 million to build an endpoint platform for the artificial intelligence era. CEO Nati Hazut said companies can no longer rely on older controls as employees and AI agents access data locally, creating new blind spots around apps, files and device activity.