DataBreachToday.com

Experts Urge Preparedness, Nonstop Vigilance, See Ongoing Risk of Online Reprisals
Seven days into the United States and Israel continuing "major combat operations" against Iran, Tehran continues to respond with kinetic attacks against neighboring countries. While no cyberattacks have emerged, experts see unpredictability and continue to urge caution, monitoring and preparedness.

Also: Anthropic Claude Code Security Impact on AppSec, RSAC Conference Preview
In this week's panel, four ISMG editors discuss the potential cyber spillover from escalating tensions in the Iran-Israel-U.S. conflict, the market disruption sparked by Anthropic's Claude Code Security launch and a preview of RSAC Conference 2026.

New CEO John Heyman Says Enterprises Need Tools to Manage Thousands of AI Agents
New OneTrust CEO John Heyman said enterprises rapidly deploying generative AI will soon manage hundreds or thousands of AI agents across their organizations. They must monitor AI agents' data flows and third-party technologies as privacy risk and security oversight increasingly converge.

Also: Trojanized RedAlert App, Tycoon 2FA Takedown, CyberStrikeAI Attacks
This week, Cisco patches and hacks. Trojanized app targeted Israelis. Bye-bye, Tycoon 2FA. Also bye-bye LeakBase. A LexisNexis breach. Woman sentenced for trafficking Microsoft licenses. Silver Dragon targeted governments. Broadcom patch. A Mississippi medical clinic resumed operations.

Compromise Affects Healthcare Clients of Co.'s Revenue Cycle Management Services
Billing services vendor Trizetto Provider Solutions is notifying 3.4 million individuals of a hacking incident discovered in October 2025 that investigators have now determined started nearly a year earlier, when threat actors accessed the company's healthcare clients' insurance related data.

Lawmakers, Industry Warn Supply-Chain Risk Label Sets Dangerous Precedent for Tech
Major tech firms, defense leaders and lawmakers are rallying behind Anthropic as the Pentagon threatens to label the AI developer a supply-chain risk after a dispute over surveillance safeguards, raising fears the move could chill AI investment and reshape government tech contracting.

System Meant to Dispel FUD Faces Uphill Climb to Widespread Adoption
Hurricanes, tornados, earthquakes - and now operational technology cyber incidents - all can receive a numerical score based on their severity, although a new effort promoting an "OT Incident Impact Score" faces an uphill climb to get the traction it needs to succeed.

Millisecond Detection and Layered Controls Will Shape Future Payment Security
Stablecoins can remove chargebacks and make transactions irreversible in fraud cases. This trend is forcing banks to analyze risks before a payment executes. AI models must work within milliseconds while maintaining accuracy and minimizing friction for legitimate users.

State CIOs Are Exploring How AI Agents Can Boost Productivity, Efficiency
Reputation aside, most pen pushers in state governments don't actually like pushing paper. They also don't care to force citizens to fill out forms in triplicate. Two decades of promises to minimize those chores may be on the cusp of gloriously coming true with the advent of agentic AI.

Series A Funding Aims to Give Security Teams Visibility Into Complex SecOps Stacks
Fig Security has raised $30 million in Series A funding to help organizations modernize their SOC infrastructure. The startup said CISOs lack visibility into complex SecOps pipelines spanning SIEMs, data lakes and automation tools, which can lead to silent failures that undermine threat detection.

CHIME, AHA, Others Contend Privacy, Security Burden Would Shift to Providers
Proposals to eliminate certain longstanding health IT certification criteria - including privacy and security related controls - will shift regulatory burden from health IT developers to healthcare providers, some industry groups contend in their public response to proposed federal rulemaking.

CEOs and CISOs on Dealing With the ‘Work From Anywhere’ Challenge
In this era of "work from anywhere," identity and access management solutions are challenged more than ever. What are the strategies and solutions recommended by top CEOs and CISOs in the cybersecurity sector? An expert panel weighs in.

Blueprint Model From Ex-CrowdStrike Product Leader Targets MCP Servers, Cost Sprawl
JetStream has raised $34 million in seed funding to tackle enterprise AI governance challenges. The startup introduced blueprint-based controls to manage shadow AI, MCP servers and token-level spending while helping CISOs gain visibility and enforce guardrails across cloud and SaaS environments.

Juniper Tells Customers to Tune Their Firewall
A critical vulnerability in Juniper Networks' primary operating system could give threat actors root level privileges to execute code on Juniper’s PTX Series routers. Successful exploitation would give attackers full command and control over devices without the need for authentication.

Fired Employee Illegally Downloaded 1M Patient Records
A former Nuance Communications IT worker has pleaded guilty in a criminal case that alleged he downloaded and stored on a personal hard drive containing 1.2 million patient records of a client, Geisinger Health, two days after he was terminated from his job in 2023.