BankInfoSecurity.com

Also: US Sanctions UK-Registered Exchanges Over Iran Ties
This week, Step Finance and CrossCurve hacks, the United States sanctioned U.K.-registered exchanges over Iran ties, forfeiture finalization of funds linked to Helix, Coinbase data breach, 2025's illicit crypto flows and a UK regulator banned Coinbase ads.

As the compliance deadline quickly approaches for changes to align the federal rules for the confidentiality of substance use disorder records with HIPAA, entities that participate in so-called Part 2 programs still face critical unanswered questions, said attorney Aleksandra Vold of BakerHostetler.

Leaked Financial and Admissions Data Includes Contact Details for 'Top Donors'
Harvard University has been named as a victim and doxed by hack-and-leak group ShinyHunters, apparently as a result of the cybercrime group's ongoing "live phishing" attacks that often attempt to trick IT help desks into giving attackers direct access to a victim's network and cloud-based data.

Acquisition Adds Okta and Ping Coverage to Semperis' Identity Security Platform
Semperis has acquired MightyID to extend its identity-first security and cyber resilience strategy beyond Active Directory and Entra ID into Okta and Ping. CEO Mickey Bresman says the deal addresses customer demand for multi-identity provider protection backup recovery and migration.

Southern Connecticut State University CIO Tom Armstrong on Modernization Priorities
Like other schools, Southern Connecticut State University is under pressure to modernize legacy systems, strengthen security and adopt AI. CIO Tom Armstrong must balance expanding research ambitions, student expectations and operational efficiency in an increasingly complex risk environment.

Funding at $1B Valuation Targets AI-Driven Investigations and Compliance Tools
TRM Labs has secured $70 million in Series C funding led by Blockchain Capital reaching a $1 billion valuation. CEO Esteban Castano says the money will boost AI-powered investigations, compliance automation and intelligence as criminals use AI to scale cybercrime faster than defenders can respond.

New Study Shows AI Agents Can't Work Without Humans in the Loop, But Give Them Time
AI agents are quickly moving from experimental demos to enterprise pilots, and they're already being used for tasks such as financial analysis, document review and drafting. But as AI gains momentum, one question goes largely unanswered: How can we measure the effectiveness of AI agents?

Analysts Warn of Patchwork Federal Assurance Standards After Rollback
The White House rescinded two key software security policies requiring vendors to attest to secure development practices, citing excessive compliance burdens - but analysts warn the move risks weakening federal software assurance without strong, agency-level replacements.

Experts: Problems Are Frequent Weaknesses Across Healthcare Sector Entities
Security weaknesses in web-facing apps used at a large U.S. hospital could leave the facility's IT systems and sensitive patient information vulnerable to cyberattacks, found federal auditors. Those same problems also haunt many other healthcare entities, experts said.

San Francisco-Based Startup Eyes AI Adjacencies and Supply Chain Risk Reduction
Software supply chain security firm RapidFort has raised $42 million in Series A funding to expand sales operations and build out its platform. Founder and CEO Mehran Farimani says the company will focus on reducing developer lift while addressing emerging risks tied to AI-enabled workloads.

Hacked Infrastructure Delivered Chinese Nation-State Group's Backdoor, Experts Warn
The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors.

Social Media Network Faces Legal Barrage From France, United Kingdom and Spain
In the space of a few hours, French authorities raided X's office in Paris, the British privacy regulator opened an investigation into X and xAI, and Spanish Prime Minister Pedro Sánchez announced legal proposals that would criminalize algorithmic manipulation and amplification of illegal content.

Class Action Stems From 2023 Ransomware Attack Affecting More Than 500,000
Capital Health, which operates hospitals and other facilities in New Jersey and Pennsylvania, agreed to pay $4.5 million to settle consolidated class action litigation involving a 2023 LockBit ransomware and data theft attack affecting more than a 500,000 patients and employees.

ITRC Report: 2025 Breach Notices Lack Critical Details as AI-Based Attacks Surge
The Identity Theft Resource Center tracked a record 3,322 U.S. data breaches in 2025, more than any previous year. Yet, only 30% of breach notices included actionable details that other defenders need. ITRC's James Lee warns that this lack of transparency puts people and businesses at greater risk.

CEO David Bellini Says Level Equity Investment Accelerates AI and Acquisitions
CyberFox has raised a nine-figure growth investment from Level Equity marking its first outside capital after years of bootstrapping. CEO David Bellini says the funding will fuel AI-driven development international expansion and acquisitions as the company builds a full cybersecurity platform.

New NSA Guidance Demands Continuous Access Checks, Implementation Overhaul
The National Security Agency's new zero trust guidance instructs agencies to move beyond login-based security by continuously assessing user behavior and app-layer activity in real time, aiming to close gaps that allow post-authentication abuse and elevate federal defenses against modern threats.

Britain will likely ban at least some types of ransom payments as it revamps the nation's cybersecurity laws, but many open questions remain, including sectors and the organizational sizes to be covered, and if all payments might be required to pass sanctions checks, said policy expert Jen Ellis.