DataBreachToday.com

Singapore Signals Heightened Vigilance Against State-Linked Threat Actors
Singapore conducted a yearlong, multi-agency cyber defense operation to expel UNC3886 from all four major telecom providers after the advanced threat actor accessed segments of critical communications infrastructure and extracted limited technical data without disrupting services.

AI Is Transforming Economics But Enterprise IT Architecture Issues Are Still Here
While AI systems such as Claude lower the marginal cost of writing code and automating discrete tasks, especially when it comes to early-stage work including prototyping and front-end design, the idea that AI will lay waste to the industry is overblown, analysts say.

Accel-Led Funding Round Fuels AI-Native Detection and Response
Vega raised $125 million led by Accel to expand its AI-native security operations platform. The funding will boost product development and global go-to-market efforts as enterprises seek faster threat detection, broader analytics and support for complex multi-cloud and on-premises environments.

Acting Chief Tells Lawmakers Most Staff Would Be Furloughed Amid Partial Shutdown
More than half of the U.S. cyber defense agency's workforce would be furloughed under a DHS funding lapse, the agency's acting chief warned Wednesday, pausing incident reporting rulemaking, security assessments and proactive cyber programs while significantly limiting operations.

Attackers that want to use artificial intelligence tools to build ransomware or help run their cyber operations risk getting much less than they bargained for, said security expert Candid Wuest, in part because they'll still rely on known tactics that can be readily spotted and blocked.

Ransomware Gang Everest Claims It Has Leaked All Stolen Data
A revenue cycle management software firm is notifying an undisclosed number of patients of several medical diagnostic labs that their sensitive information, including diagnoses and treatments, was stolen in a November hack. Ransomware gang Everest Group claims it has leaked all the data.

European Commission Rejects Claims of Reduced Multi-Cloud Competition
The European Commission has unconditionally approved Google's takeover of cloud security vendor Wiz, saying customers will retain alternatives in the cloud infrastructure and security markets even as critics warned the $32 billion deal could entrench Google's ecosystem.

Nation State Hackers Escalating Attacks on US Defense Industrial Base, Report Says
A new report from Google Threat Intelligence Group warns that state-backed hackers are escalating attacks on the defense industrial base, shifting from classic espionage to supply-chain compromise, workforce infiltration and battlefield-adjacent cyber operations.

Redmond Rolls Out 2 Desktop Security Initiatives
Microsoft is touting changes to Windows meant to ensure better runtime security and user prompts when apps access sensitive desktop resources such as files, a camera or microphone. Other controls include blocking legacy authentication protocols to ensure use of multifactor authentication.

Enabling Practical Endpoint Control Without Productivity Trade-offs
Removing local admin rights often creates helpdesk and user friction. An identity-first model reduces risk while keeping business operational. Join CyberArk's practical webinar session to learn how identity-first endpoint control replaces standing admin rights with just-in-time access.

2023 and 2024 Ransomware Breaches Affected More Than 2.5M
Michigan-based McLaren Health Care has agreed to pay $14 million to settle consolidated class action litigation involving two ransomware attacks - allegedly by Alphv/BlackCat in 2023 and by Inc Ransom in 2024 - that affected about 2.5 million patients and employees.

AI Elevates CDO Job From Gatekeeper to Data-Driven Change Agent
The chief data officer is being pushed out of the shadows and into the C-suite spotlight with the rise of AI. While the role emerged as one rooted in compliance and risk management, it has evolved to be a business driver, holding the keys to value creation and human-centered transformation.

Security Service Says China-Linked Actor Compromised Vulnerable Network Devices
Norway's security service confirmed it was targeted by the China-linked Salt Typhoon campaign, marking one of Europe’s clearest public acknowledgements that the cyberespionage operation extended beyond U.S. telecom and federal networks into allied infrastructure.

Shadow Aeza International Directed Traffic to Malicious Adtech
A financially motivated threat actor hacked dozens of domain name system resolvers, connecting them to the infrastructure of a Russian bulletproof hosting service sanctioned by the U.S. Department of Treasury for its criminal links, researchers found.

European Commission Intends to Force Meta to Open Chat App to Third Party AI
The European Commission said Meta appears to have broken antitrust law by blocking third-party AI assistants from interfacing with their users through WhatsApp. It gave notice to parent company that Europe intends to open up WhatsApp to third-party general-purpose AI assistants.