DataBreachToday.com

Multiple US Government Agencies Have Used the Now-Patched Message Archiving App
Attackers are actively attempting to exploit a vulnerability that exists in older versions of the Signal message app clone TeleMessage TM SGNL, built by Smarsh to keep copies of all communications, including the ability to comply with federal record-keeping requirements.

Incidents Rank Among the Top Five Health Data Breaches in 2025 - So Far
A Maryland dermatology practice and a Virginia radiology organization have each reported to regulators separate hacking incidents that in total affected the information of more than 3.3 million patients. The incidents rank among the five largest health data breaches reported in 2025 so far.

Joe Sykora Set to Scale Coro's SMB Cybersecurity Platform Globally Via MSP Partners
As Coro's new CEO, Joe Sykora is steering the SMB cybersecurity platform provider toward rapid international growth with a 100% partner-focused strategy, revamped operations and new tools for MSPs in an effort to dominate the underserved small and midsize business cybersecurity market.

Semperis Warns of Flaw in Windows Server 2025 Delegated Managed Service Accounts
A critical cryptographic flaw in Windows Server 2025's delegated Managed Service Accounts, or dMSAs, allows attackers to generate passwords for every managed service account across an Active Directory forest and create a backdoor, Semperis researchers found.

3 State-Sponsored Groups Spear-Phish Semiconductor Ecosystem
Chinese state-aligned hackers have ramped up espionage efforts against Taiwan's semiconductor ecosystem through spear-phishing campaigns. Three distinct threat actors targeted chipmakers, packaging and testing firms, equipment suppliers and financial analysts.

In this 15-minute podcast, identity experts examine key findings from recent industry research on machine identity governance and how you can secure them

Why do AI agents require new identity governance approaches and the current controls not enough?

Also: Scammer Gets 12-Year Sentence for Dodging Restitution
Abacus Market's suspected exit scam, crypto scammer gets 12 years for dodging restitution, GMX exploiter returns funds, BigOne's $27M hack, Arcadia Finance's $3.5M theft, NZ woman's trial for alleged murder and a DOJ crypto fraud filing's potential unmasking of MoonPay victims.

COO Francis deSouza Explains Google Cloud's Push for Unified Multi-Cloud Security
COO Francis deSouza shares insights into Google Cloud’s security priorities as it pursues the $32 billion acquisition of Wiz. He explains the need for seamless multi-cloud protection, the value of Mandiant's threat intelligence, and how AI is changing threat detection and response at scale.

Also: CISA Warns of Unpatched Train Brake Vulnerability
This week: Louis Vuitton and Co-op confirm breaches, unpatched train brake flaw, Barclays fined £42M pounds for financial crime failures, secret U.K. program relocated thousands of Afghans, ex-soldier pleads guilty to hacking, Ukrainian hackers claim hit on Russian drone supplier.

CyXcel's Megha Kumar on Aligning Enterprise Strategy With Geopolitical Realities
Geopolitical tensions are no longer limited to headlines or high-level diplomacy. They drive cyber risk, supply chain disruption and regulatory fragmentation. CyXcel's Megha Kumar makes the case for why companies need to take notice and embed geopolitical risks in ongoing security planning.

Most Compromises Trace to Financial Services, Healthcare, Professional Services
Data breaches rage on. In the first half of this year, the Identity Theft Resource Center counted 1,732 total data breaches affecting 166 million people, marking a rise in data breaches but a decline in victims, likely due to a drop in mega-breaches.

How Focused Skill Building Solves Real Problems in Cyber Roles
The pressure to grow doesn't come from curiosity alone. It comes from real friction in the systems you work with. That's why the smartest way to continue learning is not to try to master everything. Instead, focus on the next thing that will actually help you move forward in your role.

Experts Aim to Probe How AI Models Reason, and Why It Matters
AI researchers from OpenAI, Google DeepMind and Anthropic and others have urged deeper study into chain-of-thought monitoring, a technique to track how reasoning models arrive at answers. Their joint paper warns that transparency may erode if not prioritized.

5G OT Security Summit Speakers on Delicate Balance Between Innovation, Cyber Risk
Digital transformation - which now includes a convergence of cloud-based applications, AI and OT systems - introduces new threat vectors particularly as legacy systems struggle to adapt. Speakers at the 5G OT Security Summit discussed cyber defenses and policies and for securing OT systems.

67 Malicious Packages, XORIndex Loader Target JavaScript Code-Sharing Platform
North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm Registry as part of the ongoing Contagious Interview campaign. The malware targets open-source JavaScript developers with malware loaders.