DataBreachToday.com

Four Principles Positioning the Nuclear Ecosystem for Long-Term Cyber Resilience
OT weaknesses are compounding across utilities, with 22% of critical infrastructure firms reporting OT incidents and external access driving half of breaches. U.K. NCSC's new guidance outlines connectivity principles that utilities can embed to avoid costly retrofits and compliance issues.

OpenAI Tests Promos, Anthropic Rejects Them Amid Rising Compute Costs
OpenAI has a problem: Most users don't pay for access to ChatGPT. The company is now doing what almost every Silicon Valley company before it has done and turning to digital advertising. Whether ads can bridge OpenAI's well-documented revenue gap without users fleeing is another question.

CIOs Say Stalled Pilots, Vendor Regret and Growing Fatigue Stifle AI Ambition
These may be the halcyon days for enterprise artificial intelligence, where money and ambition are only hindered by imagination as tech vendors race to gain a competitive edge. But CIOs say they're feeling increasing pressure to show ROI - and the reckoning is coming soon.

Deal Targets GenAI Risks, Prompt Injection Attacks and Autonomous Agents
Proofpoint has acquired AI security startup Acuvity to address fast-evolving risks tied to generative AI, prompt injection and autonomous agents. The company says intent-based guardrails and deep AI forensics will help enterprises secure tools such as ChatGPT, Claude and emerging agent frameworks.

VoidCrypt Ransomware Variant Taps RMM Tools, Says Huntress
Management isn't the only advocate for employee monitoring software, according to new research from cybersecurity firm Huntress. RMM tools - simultaneously open to remote connections and with privileged local access - are good for wiggling into corporate networks.

Agentic AI Is Reshaping Security Faster Than Traditional Defenses Can Keep Up
Agentic artificial intelligence is fundamentally altering organizational workflows and how risk materializes. In 2026, emerging cybersecurity trends will push organizations to move from deterministic, rule-based risk models toward adaptive models built for autonomous, non-deterministic systems.

AI Agents Target Anti-Money Laundering at Major Global Banks, Cut Manual Probes
Bretton AI has raised $75 million in Series B funding led by Sapphire Ventures to scale AI agents for anti-money laundering sanctions and KYC compliance. CEO Will Lawrence says the company is targeting large banks with automation designed to reduce manual investigations and improve auditability.

Futurex's Ruchin Kumar on CBDC Adoption and HSM Security for Transactions
CBDCs are expanding, with 90% of central banks exploring them. India's e-rupee pilot shows strong adoption, backed by RBI standards and HSM-secure transactions. Ruchin Kumar, VP for South Asia at Futurex, underscores awareness, interoperability and encryption as keys to CBDC success and PQC readiness.

McKinsey Reveals How Top Performing Firms Are Redefining Tech Leadership
Before artificial intelligence dominated every technology conversation, the successful CIO focused on keeping business systems up and running while keeping costs in line. But in 2026, the picture is changing, according to McKinsey's Global Tech Agenda 2026.

Review Finds Access Control, Incident Response Gaps for 2 DHHS Data Repositories
A lack of access controls, poor record request handling, weak incident response plans and other security deficiencies related to two critical data repositories are potentially putting millions of Utahans sensitive personal and health information at risk, said a state audit report.

AI Agents Target Anti-Money Laundering at Major Global Banks, Cut Manual Probes
Bretton AI has raised $75 million in Series B funding led by Sapphire Ventures to scale AI agents for anti-money laundering sanctions and KYC compliance. CEO Will Lawrence says the company is targeting large banks with automation designed to reduce manual investigations and improve auditability.

Also: Spanish Hacker Granted Russian Asylum, Microsoft Patches Zero-Days
This week, a CISA warning, Nest footage in Nancy Guthrie case, Signal phishing. Spanish hacker, Russian asylum. Spanish ministry services offline. BYOVD ransomware. The Conduent breach hit Volvo. Microsoft patched zero-days. ZeroDayRAT targeted devices. The SmarterMail breach. Another Fortinet flaw.

Plaintext Emails Trigger Police Probes Into Potential Leaks of State Secrets
A trove of documents connected to American financier Jeffrey Epstein published by the U.S. Department of Justice show that the rich and powerful who orbited the now-deceased convicted child sex offender practiced horrible operational security.

Also: SafeMoon CEO Gets 8 Years for Fraud, SBF Seeks New Trial
This week, a 20-year sentence in a $73 million scam, SafeMoon CEO got eight years for fraud, Sam Bankman-Fried sought a new trial, Epstein's early crypto investments, a U.K. lawsuit against HTX, a probe of a Trump-linked crypto deal, a crypto-linked home invasion and a $43 billion Bithumb error.

Critics Say Regulation Amendments Would Chip Away at Fundamental Rights
A slew of amendments to European tech regulations touted by the European Commission as necessary for boosting continental competitiveness is receiving pushback from privacy watchdogs unhappy with changes that could water down EU privacy laws.

Accel-Led Funding Round Fuels AI-Native Detection and Response
Vega raised $120 million led by Accel to expand its AI-native security operations platform. The funding will boost product development and global go-to-market efforts as enterprises seek faster threat detection, broader analytics and support for complex multi-cloud and on-premises environments.

Why Modern Threat Modeling Must Account for State Control of Infrastructure
CISOs for decades viewed governments as partners. That assumption is weakening. Today, state control over infrastructure needs be part of threat modeling and business continuity planning for global security leaders - and it's time for CISOs to reassess dependencies and trust boundaries.

Singapore Signals Heightened Vigilance Against State-Linked Threat Actors
Singapore conducted a yearlong, multi-agency cyber defense operation to expel UNC3886 from all four major telecom providers after the advanced threat actor accessed segments of critical communications infrastructure and extracted limited technical data without disrupting services.