DataBreachToday.com

Congressional Funding Standoff Still Unresolved
The Cybersecurity and Infrastructure Security Agency has told furloughed workers to report to work despite an ongoing funding lapse. U.S. DHS officials in recent days directed all furloughed personnel to return to work on their next scheduled shift, amid increasing concerns from cybersecurity analysts.

Malware-as-a-Service Operations Favors Russian-Speaking Customers
An emerging remote access Trojan targeting Android devices in Spanish-speaking nations is propagating fraudulent advertisements as an initial access point on Meta-owned applications.

OpenAI Unveils GPT‑5.4‑Cyber in Pointed Rejoinder to Anthropic
OpenAI unveiled Tuesday its answer to AI rival Anthropic's much-touted private release of a cybersecurity model by announcing the broader availability of GPT‑5.4‑Cyber. Internal safeguards, customer verification and "trust signals" will safeguard the world from misuse, the company asserted.

Why Cyber Risk Is Now Shaped as Much by Nations as by Hackers
Wars are becoming more frequent, and are no longer only kinetic. They are just as active in the cyber world, with impacts much larger than can be imagined. This also leads to state-sponsored hacktivists targeting the critical infrastructure of nations.

Veteran Hardware Hacker's Chip Facilitates More Trustworthy and Secure Devices
How can we trust hardware to not betray us? Enter the Baochip-1x, a piece of largely open-source silicon created by Andrew "Bunnie" Huang, which he said is designed to give developers an affordable, security-focused and attestable chip, not least for building high-assurance, embedded devices.

European Governments Grow Suspicious of Silicon Valley
French abandonment of American software for open-source alternatives continues apace, with all government ministries now facing a fall deadline for outlining plans to reduce their dependence on U.S. tech. France must "regain control of our digital destiny," said public action minister David Amiel.

Patients Allege Health Entities Did Not Get Consent to Record Conversations
Proposed federal class action litigation alleges that two California healthcare organizations violated patient privacy in their use of an AI-enabled ambient tool that records, transcribes, and processes sensitive conversations between clinicians and patients without individuals' consent.

Ex-Microsoft CIO: Mythos Could Surface Known Flaws Faster Than Vendors Can Fix Them
Former Microsoft CIO Jim DuBois and IDC's Frank Dickson say Claude Mythos Preview could rapidly surface long-known but unfixed software flaws at scale, forcing vendors and enterprises to strengthen patch validation, orchestration and deployment before attackers exploit the backlog.

Operational Discipline and Judgment Are Critical in Managing Cyber Risk
Transitioning from armed forces can feel like stepping into unfamiliar terrain. Nowhere is this perception stronger than in cybersecurity. The good news: Many of the skills veterans have already developed translate directly to cybersecurity roles.

Anthropic's AI Model Exposes How Unprepared Enterprises Are to Respond
Anthropic's announcement this week of Claude Mythos Preview frontier model capable of finding zero-days flaws humans may miss is both a warning and a call to action for CIOs: The way enterprises have been managing cybersecurity is about to change forever, and they need to get ready.

Early Tests of New Anthropic AI Model Show Fast Detection, Better Flaw Correlation
CrowdStrike's early testing of Anthropic's new Claude Mythos Preview AI model shows faster vulnerability detection and improved cross-system context, signaling a shift toward AI-driven security operations that compress discovery-to-response timelines and force new defensive frameworks.

DOD Official: AI Firm Wanted 'Approval Role in the Operational Decision Chain'
Internal memos used to by the Department of Defense to justify its decision to blacklist artificial intelligence firm Anthropic said the firm's models could not be reliably controlled for military use.

CFOs Should Know: Lackadaisical Security Carries a Price
Bad cybersecurity is bad for business. A badly secured business may pay as much as ten extra basis points for a loan than its posture had been up to scratch, find academic studies examining how U.S. banks price debt. The bill for poor cybersecurity could run hundreds of thousands of dollars.

Start Here: Strong Monitoring, Behavior-Based Controls, Virtual Patching
Thanks to Anthropic's Mythos presaging a world in which zero-day exploits are common, one cybersecurity expert says the new mantra is this: "assume you are unpatched." Vendors and customers must focus more than ever on strong monitoring, behavior-based controls and virtual patching.

Experts Warn of Faster and Higher Volume Attacks, Rising Patient Safety Worries
Emerging powerful AI tools - such as Anthropic's new Claude Mythos - that are capable of autonomously identifying and exploiting software bugs in a flash could reshape the healthcare cyber landscape by accelerating attacks and raising the risk of widespread operational disruption, experts said.

Project Glasswing Strengthens Key Platforms, Leaves Broad Exposure Untouched
Project Glasswing is giving select cybersecurity giants early access to Anthropic’s Claude Mythos Preview, boosting investor confidence in leaders Palo Alto Networks and CrowdStrike while raising concerns that smaller vendors, vulnerability firms and the broader internet will fall further behind.

Also, Medusa Ransomware, Grafana Flaw, German Political Party Breach
This week, German police unmasked a REvil leader, a critical Docker flaw, Medusa ransomware surged, DPRK hackers abused GitHub, Grafana AI bugs enabled data theft, scams hit $20B in the United States, Ivanti exploited and attacks hit Northern Ireland schools and a German political party.

Ruling Keeps Claude Models Out of Defense Systems During Separate Legal Challenges
A federal appeals court allowed the Pentagon to enforce its "supply-chain risk" designation against Anthropic, keeping its AI models barred from defense contracts while parallel litigation continues to challenge the policy's legality and constitutional limits.