DataBreachToday.com

Chinese-Linked Malware Campaign Targets Critical Environments With Weak Monitoring
U.S. and Canadian cyber authorities say Chinese state-backed actors used a backdoor dubbed BRICKSTORM to maintain long-term access into critical infrastructure, exploiting VMware environments to exfiltrate credentials and evade detection through encrypted covert channels.

Plan Aims to Modernize Workflow, Expand AI Use Across Agencies, Improve Cyber
The U.S. Department of Health and Human Services on Thursday unveiled "version 1" of a strategic plan to implement artificial intelligence as a "practical layer" across the department and its agencies aimed at helping to break down silos, improve collaboration and increase efficiencies.

Security Minister Dan Jarvis Endorses Security Researcher Protections
The U.K. government is considering amending its three-decade-old hacking law to include a "statutory defense" cover for security researchers. The announcement comes amid concerns that the law penalizes white hat hackers for essential security practices.

Skills Needed: Enterprise Architecture, Configuration and Vulnerability Management
When a critical vulnerability surfaces in ERP systems such as the Oracle E-Business Suite flaw, attackers can go well beyond a single compromised server. The flaw exposed the need for cyber professionals who understand enterprise architecture, secure configuration and vulnerability interpretation.

Federal Cuts Threaten Grid Security as Nation-State Hackings Escalate, Analysts Say
Cybersecurity leaders told Congress that U.S. energy systems are already compromised by state-backed actors - chiefly China - and warned that shrinking federal support for grid security programs threatens to worsen exposure as utilities face escalating threats with limited resources.

Mirion Medical Says Bugs Are Fixed in New Release of BioDose/NMIS Software
U.S. federal authorities are warning that several high-severity vulnerabilities discovered in Mirion Medical Co. inventory tracking software used by nuclear medicine departments could allow attackers to modify program executables and gain access to sensitive information.

Organizations are adopting agentic artificial intelligence as the next phase of AI. Kim Basile, CIO of Kyndryl, explains how organizations can prepare teams to work with agentic AI, emphasizing culture, training and governance as the crucial drivers of AI readiness and adoption.

China Still Relies on US Technology, Experts tell Senate
Washington spent years constructing export barriers around America's most sensitive artificial intelligence technology. Witnesses told the U.S. Senate Foreign Relations Committee that China is finding ways to move around them. Where one pathway closes, Beijing opens another.

Attackers Could Hijack Developer Machines via Tampered Config Files
OpenAI patched a command injection flaw in its Codex CLI tool that let attackers run arbitrary commands on developer machines by hiding malicious configuration files inside code repositories. Hackers could turn ordinary repository files into execution vectors.

CEO Matt Garman Shares Plans for Developing Billions of Autonomous Agents
For two decades, AWS has been the undisputed leader in cloud computing, but listening to AWS CEO Matt Garman at the re:Invent 2025 conference, the future isn't in the infrastructure layer. Garman envisions a fundamental shift from applications in the cloud to a cloud of autonomous AI agents.

Government Opts for Voluntary Frameworks Over Enforceable Safeguards
Australia's federal government has quietly shelved the mandatory AI guardrails it proposed just three months ago, replacing enforceable requirements with voluntary guidance in its National AI Plan released today.

Chinese Developer Formerly Employed by Company Suspected of Data Theft
South Korea's biggest online retailer, Coupang, said a five-month breach exposed personal data pertaining to 34 million customers, and only came to light after it received an extortion demand. Police said a former developer at the company, a Chinese national who fled the country, is a suspect.

Industry Wants to Stick to Voluntary Measures
U.S. telecommunications networks are still vulnerable to foreign intrusion, national security and industry panelists told senators during a Tuesday hearing, warning that China and other adversaries are refining long-term access into American infrastructure.

Class Action Litigation Alleges Web Trackers Shared Patient Data With Tech Firms
Kaiser Permanente has agreed to pay up to $47.5 million to settle litigation stemming from its use of tracking codes in its websites, patient portals and mobile apps. Claimants alleged the trackers unlawfully shared patients' information with third parties, including Google and Microsoft.

MuddyWater Hides Malware With Game Delay Technique
Iranian nation-state hackers took inspiration from a mobile phone time-killing mainstay, say security researchers who spotted hackers downloading malware masquerading as the Snake video game. A callback to the game isn't nostalgia, say researchers at Eset.

Rapid7's Christiaan Beek on Ransomware Tactics and How to Mitigate Attacks in 2026
Ransomware attacks are reaching record highs, and 2026 may be even worse, said Christiaan Beek, senior director of threat intel and analytics at Rapid7. He warns that hackers are exploiting vulnerabilities as soon as they're disclosed, and they're focusing on flaws in devices on the network edge.

Hackers Could Adjust Life Support Settings of At-Home Life 2000 Ventilation System
The Food and Drug Administration is warning that Life 2000 - an at-home ventilation system built by medical device maker Baxter - has been permanently recalled due to a cyber issue that could allow individuals with physical access to tamper with the gear's life support settings.

Proposed Tech Modernization Fund Allocation Falls to $5M Despite Bipartisan Support
Congressional appropriators have proposed significant reductions to federal cybersecurity and modernization initiatives in the 2026 budget, signaling a potential retreat from centralized cyber federal oversight even as agencies struggle with aging infrastructure and escalating nation-state threats.