DataBreachToday.com

Risk Scoring to Enable Real-Time Action by Imprivata on Suspicious Access Attempts
Imprivata's acquisition of Verosint adds 150 real-time behavioral and environmental signals to its access management suite. CEO Fran Rosch says the combined risk scoring system will enable smarter authentication, especially for remote and third-party users.

Symantec Says It Spotted Likely Supply Chain Hack
Suspected Chinese state-linked hackers reportedly breached a Russian IT service provider in an espionage campaign targeting government-related networks. Symantec uncovered Chinese hackers they named Jewelbug, infiltrating a Russian company between January and May.

Point Wild's Zulfikar Ramzan Says Cryptography Is Crucial Against Quantum Risks
Cyber resilience is a critical part of defense strategies today, and resilience is rooted in strong, well-managed cryptography, said Zulfikar Ramzan, chief technology officer at cybersecurity firm Point Wild. He shares key drivers for organizations to move toward quantum migration.

The Payments Giant Is Creating Digital Rails for Secure, AI-Driven Commerce
Visa is doubling down on both B2C and B2B agentic AI use cases. Early experiments focus on automating repetitive, trust-sensitive financial tasks, but the company is rapidly expanding into more sophisticated scenarios, positioning itself at the center of the next major shift in global payments.

Study Finds Weak Authentication Practices Across AI Agent Servers
Tools developers use to connect artificial intelligence tools with external applications and data sources typically are secured by static credentials such as API keys and personal access tokens, exposing AI agent systems to theft or misuse, research shows.

Eclypsium Researchers Find UEFI Weakness in Framework Laptops and Desktops
Roughly 200,000 laptops and desktops made by modular sensation Framework contain a firmware vulnerability allowing attackers to disable Secure Boot and run unsigned code, say security researchers.

Recent Cybersecurity Conferences Highlight Resilience and Shoring Up Critical Infrastructure Systems
Learn how recent cybersecurity conferences focused on resilience and shoring up critical infrastructure systems spotlight the need for virtual segmentation, OT visibility and zero trust adoption.

Cybereason Deal Bolsters LevelBlue's XDR, DFIR and Global Incident Response Reach
LevelBlue is acquiring Cybereason to enhance its extended detection and response, digital forensics, and global threat intelligence capabilities. The move brings top talent, expands the firm's footprint in Japan and follows LevelBlue's acquisitions of Aon and MDR provider Trustwave.

Cambodian Firm Worked Directly With North Korea, Say US Officials
The U.S. and U.K. imposed sanctions on Cambodia’s Huione Group and 146 affiliates linked to the Prince Group TCO, citing human trafficking, forced labor and over $4 billion in laundered cybercrime proceeds tied to North Korean hacks and Western-targeted scams.

NCSC Chief Says Recent Retailer Hacks Should Be 'Wake-Up Call' for Cyber Defenders
The number of cyberattacks in the United Kingdom surged 50% in the past year, with ransomware continuing to be the top threat. National Cyber Security Centre CEO Richard Horne said recent high-profile hacks at major retailers exposed supply chain vulnerabilities and are a "wake-up call" to defenders.

Researchers Show Minimal Data Poisoning Can Disrupt Large Language Models
Only a couple hundred malicious training documents are needed before a large language model puts out meaningless text when prompted with a specific trigger phrase, say researchers.

Jumio's Joe Kaufmann on How CPOs Drive Value by Aligning Privacy With Business
Privacy leaders are taking on strategic roles as artificial intelligence and data protection laws evolve. Jumio's Global Privacy Head Joe Kaufmann said chief privacy officers now help build data trust, manage compliance and enable business growth through responsible data use.

3 Private Equity Firms Kick the Tires, But Proposed Price Wasn't to Snyk's Liking
Slowing growth, continued losses and increased competition have turned a Snyk IPO into an increasingly unlikely prospect. The Information reported this month that Snyk has spoken with at least three private equity firms about a potential deal, but has been unable to reach an agreement on price.

Medusa Group Tied to Attack on SimonMed and Threats to Leak Stolen Data
Two radiology practices are notifying nearly 1.5 million people of separate hacking incidents compromising their sensitive health information. Cybercrime gang Medusa claimed credit for attacking Arizona-based SimonMed Imaging in January and threatened to leak the stolen data of nearly 1.3 million patients on the darkweb.

Dutch Ministry Invokes National Security Law to Impose Domestic Control
The Dutch government said it is severing semiconductor chipmaker Nexperia from control by its Chinese parent after invoking a national security law allowing it to impose domestic control. Partially Chinese state-controlled Wingtech Technologies acquired a three quarters stake in Nexperia in 2018.

Today's Hapless Hackers Are Tomorrow's Threat, Warns Forescout
A pro-Russian hacktivist group boasted on Telegram that it hacked a Western water treatment plant - but actually succeeded in attacking a honeypot left by security researchers at Forescout, the firm said. TwoNet appears to have ceased operations on Sept. 30.

EU Justice and Home Affairs Council Halts Voting, Sees Opposition
A European content scanning proposal intended to enhance online child safety stalled after German lawmakers voiced opposition and member states canceled a planned vote on the measure's adoption. The EU Justice and Home Affairs Council was set to vote Tuesday on Chat Control.