DataBreachToday.com

Researchers Say AI Prompt Injection Has Emerged As a Dangerous New Class of Attacks
The large language model industry has mostly treated prompt injection attacks as a risk analogous to traditional web server prompt injection attacks. Researchers now say feeding rogue instructions to an artificial intelligence system merits its own classification as "promptware."

Incident Responders Detail Top Ransomware and Business Email Compromise Tactics
There's no need to invest into sophisticated hacking operations when moving fast and exploiting well-trod techniques gives threat actors all the access they want. Threat actors are prioritizing "low-complexity entry points, rather than investing in sophisticated exploits," say incident responders.

Fraud Specialist David Barnhardt on Addressing Authentication Risks of Agentic AI
Financial institutions are racing to deploy AI agents that can initiate payments, approve transactions and freeze accounts. But traditional authentication frameworks assume there's a human on the other end. As agentic AI use grows, banks are facing an authentication crisis that demands new controls.

Cyber threats are continuous, unpredictable, and increasingly sophisticated. This session provides actionable insights to help organisations prepare, respond, and recover with confidence—while enabling innovation and growth.

Why Reducing Data Volume Matters More Than Ever for SOCs and CISOs
Data minimization is often perceived as a constraint on innovation. In reality, it is the ultimate enabler of resilience. It reduces the impact of breaches, weakens ransomware leverage, improves SOC efficiency and secures the AI frontier.

AI chatbots rank as the number-one health tech hazard in 2026, followed by "digital darkness" and legacy medical device cyber issues, said Rob Schluth and Scott Luney, technology and security experts at patient safety group ECRI Institute, which compiles an annual top 10 list. They explained why.

Cybercrime Group First Listed Ohio Health System as a Data Theft Victim Last June
Ohio-based Kettering Health is notifying current and former patients and "affiliates" that their personal, health and financial information was potentially compromised in a May 2025 ransomware attack and data theft incident claimed by cybercriminal gang Interlock.

CISO Sean Atkinson on Moving From 'GRC Theater' to Continuous GRC Engineering
As NIST, ISO, SOC 2, NIS2 and DORA expand compliance pressure, many organizations are optimizing for audit success instead of risk reduction. Sean Atkinson warns that “GRC theater” creates false confidence. Adversaries operate continuously and so should GRC engineering, he said.

As Innovation Sandbox Turns 21, AI-Based Solutions Dominate Annual Contest
Next month in San Francisco, the Innovation Sandbox at RSAC Conference will celebrate its 21st year of choosing key emerging solutions in cybersecurity. Past winners and finalists range from EDR and XDR giant SentinelOne in 2014 to cloud security phenom Wiz in 2021.

Series C Funding Round Focuses on Secrets Remediation, Agent Governance Expansion
Backed by a $50 million Series C, GitGuardian plans to accelerate U.S. expansion and enhance secrets detection remediation and non-human identity controls as AI agents multiply across enterprises, increasing exposure to credential abuse and lateral movement.

Steinberger to Lead AI Giant's Multi-Agent Development Team
Peter Steinberger is joining OpenAI to lead development of personal agents, culminating weeks of viral attention paid to his OpenClaw open-source artificial intelligence assistant project. Security experts dubbed it a "dumpster fire" after hackers were quick to add malicious functions.

AI Fumbles, Not Hackers, Pose Next Shutdown Threat by 2028: Gartner
A misconfigured artificial intelligence system could do what hackers have tried and failed to accomplish: shut down an advanced economy's critical infrastructure. The warning centers on scenarios where AI autonomously shuts down vital services, misinterprets sensor data or triggers unsafe actions.

New HHS Enforcement Program Focuses on Patient Confidentiality, Aligning With HIPAA
The U.S. Department of Health and Human Services has launched a new breach reporting website and guidance materials to support its duties of enforcing compliance mandates that went into effect Monday to better align the confidentiality of substance use disorder records with the HIPAA privacy rule.

'Malicious Server Threat Model' Threatens 'Zero Knowledge Encryption' Guarantees
Claims by leading stand-alone password managers that their implementation of "zero knowledge encryption" means stored passwords can withstand the worst of hacker assaults are vastly overblown, say academic security researchers. They said vendors are in the process of patching the flaws they found.