CU InfoSecurity
Unknown date
Security
Kettering Health notified patients and affiliates of a potential data breach in May 2025; cybercriminal group Interlock claimed responsibility. The incident involved personal, health, and financial information.
Cybercrime Group First Listed Ohio Health System as a Data Theft Victim Last June Ohio-based Kettering Health is notifying current and former patients and "affiliates" that their personal, health and financial information was potentially compromised in a May 2025 ransomware attack and data theft incident claimed by cybercriminal gang Interlock.
CU InfoSecurity
Unknown date
Security
The webinar discusses the use of a Security Data Fabric for modernizing GRC processes by automating evidence collection and compliance controls. Attendees learn about the benefits of automation in improving efficiency and reducing risk.
CU InfoSecurity
Unknown date
Enforcement|guidance
• New HHS breach reporting website and guidance materials launched for substance use disorder record confidentiality. • Aligns with HIPAA privacy rule enforcement mandates effective as of Monday.
New HHS Enforcement Program Focuses on Patient Confidentiality, Aligning With HIPAA The U.S. Department of Health and Human Services has launched a new breach reporting website and guidance materials to support its duties of enforcing compliance mandates that went into effect Monday to better align the confidentiality of substance use disorder records with the HIPAA privacy rule.
CU InfoSecurity
Unknown date
Guidance
The webinar discusses the importance of continuous assurance for real-time risk visibility to boards. It emphasizes the need for proactive risk management strategies.
CU InfoSecurity
Unknown date
Guidance
The webinar focuses on ensuring data disposal practices meet audit standards in a compliance-intensive environment. Participants learn how to manage and dispose of data securely to avoid regulatory issues.
CU InfoSecurity
Unknown date
Security
• RMM tools can be exploited by hackers using ransomware variants like VoidCrypt.
• Cybersecurity firm Huntress highlights the risks associated with RMM tools, which are simultaneously open to remote connections and have privileged local access.
VoidCrypt Ransomware Variant Taps RMM Tools, Says Huntress Management isn't the only advocate for employee monitoring software, according to new research from cybersecurity firm Huntress. RMM tools - simultaneously open to remote connections and with privileged local access - are good for wiggling into corporate networks.
CU InfoSecurity
Unknown date
Enforcement
TX
- The Texas attorney general has launched an investigation into Conduent Business Services and BCBS Texas following a significant data breach affecting 15.5 million Texans.
- This incident could potentially break U.S. data breach records.
Will the Back-Office Services' Firm Incident Shatter US Data Breach Records? The Texas attorney general office has launched an investigation into the Conduent Business Services hacking incident, which affected about 15.5 million Texans, including about 4 million Blue Cross Blue Shield of Texas members. Will the nationwide victim tally shatter data breach records in the U.S.?
CU InfoSecurity
Unknown date
Security
State-backed hackers weaponized Google's Gemini AI for cyberattacks; Google has disabled accounts and strengthened defenses. Cybersecurity measures should be reviewed and updated.
China, Iran, North Korea Hackers Exploit Gemini Across Attack Life Cycle State-backed hackers weaponized Google's artificial intelligence model Gemini to accelerate cyberattacks, using the productivity tool as an offensive asset for reconnaissance, social engineering and malware development. Google said it has disabled accounts and strengthened defenses.
CU InfoSecurity
Unknown date
Security
• Agentic AI is transforming security models faster than traditional defenses can keep up.
• Organizations will shift from deterministic risk models to adaptive, autonomous systems by 2026.
Agentic AI Is Reshaping Security Faster Than Traditional Defenses Can Keep Up Agentic artificial intelligence is fundamentally altering organizational workflows and how risk materializes. In 2026, emerging cybersecurity trends will push organizations to move from deterministic, rule-based risk models toward adaptive models built for autonomous, non-deterministic systems.
CU InfoSecurity
Unknown date
Security
Bretton AI has raised $75 million for scaling AI solutions in anti-money laundering and KYC compliance; the technology aims to reduce manual investigations and improve auditability.
AI Agents Target Anti-Money Laundering at Major Global Banks, Cut Manual Probes Bretton AI has raised $75 million in Series B funding led by Sapphire Ventures to scale AI agents for anti-money laundering sanctions and KYC compliance. CEO Will Lawrence says the company is targeting large banks with automation designed to reduce manual investigations and improve auditability.
CU InfoSecurity
Unknown date
Guidance
The webinar focuses on ensuring data disposal practices meet audit standards in the current high-risk compliance environment. Participants learn how to prepare for audits by properly managing and disposing of sensitive information.
CU InfoSecurity
Unknown date
Security
Bretton AI has raised $75 million for automating AML compliance; targets large banks with reduced manual investigations and improved auditability.
AI Agents Target Anti-Money Laundering at Major Global Banks, Cut Manual Probes Bretton AI has raised $75 million in Series B funding led by Sapphire Ventures to scale AI agents for anti-money laundering sanctions and KYC compliance. CEO Will Lawrence says the company is targeting large banks with automation designed to reduce manual investigations and improve auditability.
CU InfoSecurity
Unknown date
Enforcement|security
- SafeMoon CEO sentenced to eight years for fraud;
- Sam Bankman-Fried seeks a new trial.
Also: SafeMoon CEO Gets 8 Years for Fraud, SBF Seeks New Trial This week, a 20-year sentence in a $73 million scam, SafeMoon CEO got eight years for fraud, Sam Bankman-Fried sought a new trial, Epstein's early crypto investments, a U.K. lawsuit against HTX, a probe of a Trump-linked crypto deal, a crypto-linked home invasion and a $43 billion Bithumb error.
CU InfoSecurity
Unknown date
Security
Sophos acquired Arco to enhance cybersecurity assurance and compliance with a new CISO Advantage capability. The rollout will start in the U.K., integrating risk and regulatory mapping with threat intelligence operations.
UK Rollout to Link Arco's Cybersecurity Assurance With Sophos's Threat Intelligence Sophos acquired Arco to expand into cybersecurity assurance and compliance, launching a new CISO Advantage capability. The company plans a phased rollout starting in the U.K., integrating Arco’s risk and regulatory mapping platform with Sophos Central and its global threat intelligence operations.
CU InfoSecurity
Unknown date
Security
A new cybercriminal gang called Insomnia has targeted healthcare-related entities; 18 victims have been reported with more than half linked to the health sector.
Newcomer 'Insomnia' Appears to Favor US Healthcare-Related Entities A new cybercriminal gang, Insomnia, appears to have its eyes wide open for potential healthcare-related targets. Since surfacing on the darkweb in recent weeks, the apparent data theft group has chalked up 18 alleged victims on its data leak site, with more than half having ties to healthcare.
CU InfoSecurity
Unknown date
Governments should now be considered adversaries in threat modeling; CISOs need to reassess dependencies and trust boundaries due to state control over infrastructure.
Why Modern Threat Modeling Must Account for State Control of Infrastructure CISOs for decades viewed governments as partners. That assumption is weakening. Today, state control over infrastructure needs be part of threat modeling and business continuity planning for global security leaders - and it's time for CISOs to reassess dependencies and trust boundaries.
CU InfoSecurity
Unknown date
Security
AI-generated malware exploited React2Shell vulnerability; 91 hosts were targeted and funds mined in Monero. Attackers with no coding expertise could build functional exploits.
LLM-Built Toolkit Hit 91 Hosts, Mined Funds in Monero Security researchers detected artificial intelligence-generated malware exploiting the React2Shell vulnerability, allowing attackers with no coding expertise to build functional exploits. The attacker may have circumvented an AI model's safeguards by framing the malicious coding request as homework.
CU InfoSecurity
Unknown date
Security
Microsoft introduces two desktop security initiatives: enhanced runtime security for app access to sensitive resources and blocking legacy authentication protocols to promote multifactor authentication. These updates aim to improve overall system security.
Redmond Rolls Out 2 Desktop Security Initiatives Microsoft is touting changes to Windows meant to ensure better runtime security and user prompts when apps access sensitive desktop resources such as files, a camera or microphone. Other controls include blocking legacy authentication protocols to ensure use of multifactor authentication.
CU InfoSecurity
Unknown date
Security
Ransomware gang Everest Group claims it has leaked data from medical diagnostic labs; patients of these labs may have sensitive information compromised.
Ransomware Gang Everest Claims It Has Leaked All Stolen Data A revenue cycle management software firm is notifying an undisclosed number of patients of several medical diagnostic labs that their sensitive information, including diagnoses and treatments, was stolen in a November hack. Ransomware gang Everest Group claims it has leaked all the data.
CU InfoSecurity
Unknown date
Security
- 0APT ransomware group is considered a likely scam operation due to AI-generated victim lists and a 1 bitcoin joining fee for affiliates.
- The malware used by the group is outdated.
Bitcoin Joining Fee for Affiliates and No Proven Victims Cited by Researchers Newcomer ransomware group 0APT is being branded a "likely scam operation," not least after a list of over 200 supposed victims turned out to be bogus, if not entirely AI-generated - never mind a 1 bitcoin joining fee for would-be affiliates and outdated crypto-locking malware.
CU InfoSecurity
Unknown date
Key points: Ransomware attackers using AI face limitations; known tactics remain prevalent and can be detected. Security expert Candid Wuest warns against relying on AI for cyber operations due to the ease of blocking these methods.
Attackers that want to use artificial intelligence tools to build ransomware or help run their cyber operations risk getting much less than they bargained for, said security expert Candid Wuest, in part because they'll still rely on known tactics that can be readily spotted and blocked.
CU InfoSecurity
Unknown date
Security
Key points: The webinar discusses lessons in cyber collaboration from city, county, and state leaders. Participants learn about best practices for enhancing cybersecurity resilience.
CU InfoSecurity
Unknown date
Security
The webinar discusses strategies for moving from compliance to a state of readiness in cybersecurity. Key points include the importance of continuous monitoring and updating security measures, as well as the integration of cybersecurity into overall risk management practices.
CU InfoSecurity
Unknown date
Guidance|security
Key points: The webinar discusses strategies for enhancing cyber resilience beyond basic compliance. It emphasizes the importance of a comprehensive approach including incident response planning, employee training, and continuous monitoring.
CU InfoSecurity
Unknown date
Security
A financially motivated threat actor hacked domain name system resolvers and connected them to a Russian bulletproof hosting service. The hosting service was sanctioned by the U.S. Department of Treasury for criminal links.
Shadow Aeza International Directed Traffic to Malicious Adtech A financially motivated threat actor hacked dozens of domain name system resolvers, connecting them to the infrastructure of a Russian bulletproof hosting service sanctioned by the U.S. Department of Treasury for its criminal links, researchers found.