CU InfoSecurity
Unknown date
Security
TX
The breach at Conduent affected nearly 14.8 million Texans; the victim count has increased after a new regulatory disclosure by the company.
Why Are Third-Party Vendor Breaches So Hard to Figure Out? The victim tally of a 2024 hacking incident at medical services provider Conduent again soared after a new regulatory disclosure by the company, in this case to Texas authorities. The company told Lone Star state officials the breach affected nearly 14.8 million Texans, alone.
CU InfoSecurity
Unknown date
Security
Covenant Health notified 480K patients of a data theft incident in May 2025; hackers claimed to have stolen 852 GB of health information.
Ransomware Gang Qilin Had Claimed It Stole 852 GB of Health System's Data Nearly half a million patients of a Catholic healthcare network that serves New England and parts of Pennsylvania began the new year by receiving notifications that hackers may have stolen their health information in a May 2025 hacking incident.
CU InfoSecurity
Unknown date
Security
- 22.65 million people potentially affected by Aflac's data theft incident.
- The breach could be the largest U.S. health data breach reported in 2025.
Insurer's Hack Could Rank as Largest US Health Data Breach Reported in 2025 Supplemental health insurer Aflac is notifying 22.65 million people whose sensitive health and personal information, including Social Security numbers, was potentially compromised in a June data theft incident. The incident will likely rank as the biggest U.S. health data breach reported in 2025.
CU InfoSecurity
Unknown date
Security
• The RondoDox botnet campaign exploits the React2Shell vulnerability in open-source React framework across various devices. • This security breach could affect IoT devices at scale, posing a significant risk for Texas credit unions.
The Campaign Compromises Open-Source Vulnerability to Hack IoT Devices at Scale Security firm CloudSEK has uncovered a botnet campaign that is exploiting the React2Shell vulnerability in the Meta-developed, open-source React framework across a variety of devices since December. The security firm attributed the campaign to RondoDox.
CU InfoSecurity
Unknown date
Security
Aflac notified 22.65 million people of a June data theft incident compromising sensitive health and personal information, including Social Security numbers; the breach could rank as the largest U.S. health data breach in 2025.
Insurer's Hack Could Rank as Largest US Health Data Breach Reported in 2025 Supplemental health insurer Aflac is notifying 22.65 million people whose sensitive health and personal information, including Social Security numbers, was potentially compromised in a June data theft incident. The incident will likely rank as the biggest U.S. health data breach reported in 2025.
CU InfoSecurity
Unknown date
Security
The webinar discusses vulnerabilities in Credit Union Point of Sale (POS) systems and provides strategies to prevent cyber attacks. Attendees learn about common failures in defense mechanisms and receive actionable steps to secure their CPS.
CU InfoSecurity
Unknown date
Security
The webinar emphasizes the importance of a comprehensive cybersecurity program rather than relying on isolated point solutions. It highlights the risks associated with fragmented security measures and stresses the need for an integrated approach to protect against cyber threats.
CU InfoSecurity
Unknown date
Guidance
Key points: The webinar discusses the importance of measuring and managing human risk in cybersecurity. Participants learn about best practices for identifying, assessing, and mitigating risks posed by employees and third parties.
CU InfoSecurity
Unknown date
Security leaders in 2026 will face increased pressure from AI-driven risks, limited resources, and a complex threat landscape; AI is reshaping cybersecurity strategies.
Also: Leadership Decisions Shaping Cybersecurity in 2026 Security leaders are heading into 2026 facing growing pressure from AI-driven risks, limited resources and an increasingly complex threat landscape. Sean Mack, who leads ISMG's CXO Advisor practice, joined ISMG editors to discuss how these forces are reshaping security.
CU InfoSecurity
Unknown date
Security
Ex-Coinbase support agent arrested over $7 million Trust Wallet hack; U.S. sues alleged perpetrators of a $14M scam; Polymarket and Grubhub-linked Bitcoin scams reported.
Indian Police Arrests Ex-Coinbase Staffer Over Data Breach Charges This week, a $7 million Trust Wallet extension hack, arrest of an ex-Coinbase support agent, the U.S. sued alleged perpetrators of a $14M scam, Polymarket hack update, early release scheduled for former Alameda CEO, backlash on Flow's post-exploit rollback plan and Grubhub-linked holiday Bitcoin scam.
CU InfoSecurity
Unknown date
Security
AI and deepfakes will blur the lines between real and fake; nation-state hacking and geopolitical shifts will continue to pose significant risks.
Experts on Cyberattacks, Deepfakes, AI and Geopolitical Strife in the Year Ahead Cyberattacks, nation-state hacking and geopolitical shifts dominated 2025, but the year will also be remembered as a turning point - where AI blurred the lines between real and fake and AI agents introduced new enterprise risks. Our panel of experts discusses the top 10 trends to watch in 2026.
CU InfoSecurity
Unknown date
Guidance
• NCUA has activated its disaster relief policy for Colorado flooding.
• Credit unions in affected areas can help protect consumers and ensure service continuity.
In the wake of the flooding in Colorado, the National Credit Union Administration has activated its disaster relief policy to help protect consumers and ensure the continuity of credit union services in affected areas.
CU InfoSecurity
Unknown date
Enforcement
• Craftsman Credit Union of Detroit was liquidated by the Michigan Department of Insurance and Financial Services. • NCUA was appointed as the liquidating agent.
The Michigan Department of Insurance and Financial Services liquidated Craftsman Credit Union of Detroit and appointed the National Credit Union Administration as liquidating agent.
CU InfoSecurity
Unknown date
Enforcement
Taupa Lithuanian Credit Union of Cleveland has been liquidated by the Ohio Division of Financial Institutions; NCUA was appointed as the liquidating agent.
The Ohio Division of Financial Institutions has liquidated the Taupa Lithuanian Credit Union of Cleveland, Ohio, and appointed the National Credit Union Administration as liquidating agent.
CU InfoSecurity
Unknown date
Guidance
The webinar discusses how tool sprawl can reduce visibility and response capabilities in financial institutions. It emphasizes the importance of maintaining a cohesive technology environment for effective compliance management.
CU InfoSecurity
Unknown date
Security
Polymorphic malware can evade traditional email security measures; credit unions need to stay informed about emerging threats and update their cybersecurity strategies accordingly.
CU InfoSecurity
Unknown date
Security
AI-driven attacks pose a significant threat as autonomous AI agents can now perform entire cyberattacks from scanning servers to launching phishing campaigns. Credit union compliance officers should be aware of these evolving threats.
AI is changing cybercrime in a big way. Autonomous AI agents could soon carry out entire attacks on their own -scanning servers, testing vulnerabilities, refining exploits and even launching phishing campaigns from start to finish, said David Sancho, senior threat researcher at Trend Micro.
CU InfoSecurity
Unknown date
Fraudsters continue to rely on traditional methods such as synthetic identities and account takeovers. These techniques remain effective despite advancements in AI-related threats.
A Look Back at 3 Key Identity Fraud Trends in 2025 Fraudsters stick to the basics, because the basics work. Synthetic identities, fake accounts and tried-and-tested account takeovers still work, even in an age of artificial intelligence-related threats. Scammers are happy to keep on stealing the old-fashioned way.
CU InfoSecurity
Unknown date
Security
• Attackers continue targeting edge devices and using infostealers and ransomware. • The pace of attacks and the response required by defenders seems to be accelerating.
Attackers Continue to Hit Edge Devices and Wield Infostealers and Ransomware As the year comes to a close, what's notable is how much doesn't seem to have fundamentally changed on the cyberattack front, across edge device targeting, breaches, ransomware and more. But the pace at which attacks unfold and defenders must respond, mitigate or triage seems to keep accelerating.
CU InfoSecurity
Unknown date
Security
- Cybersecurity job interviews are seen more as risk assessments than just skill evaluations.
- Hiring managers focus on candidates' judgment and behavior under stress, rather than perfect technical skills.
Job Seekers Need to Demonstrate Good Judgement and Trust - Not Just Skills Cybersecurity job interviews function much more like risk assessments. Hiring managers are not searching for perfection. They are working to reduce uncertainty about how someone will think, decide and behave when systems fail, pressure mounts and information is incomplete.