Vendor incidents and hacks, especially data thefts and ransomware attacks, continue to plague the healthcare sector, accounting for the majority of major data breaches reported so far this year. The advent of AI tools in the hands of bad actors, will only heighten the threats, experts predict.
Threat actor 888 claims it stole Accenture source code and cloud credentials, prompting researchers to warn that any exposed Azure tokens, encryption keys or DevOps secrets could enable follow-on intrusions and downstream supply-chain attacks even as Accenture says operations remain unaffected.
Anthropic's Claude Fable 5 and Mythos 5 demonstrate major advances in coding and reasoning while raising new questions about exploit generation, enterprise AI spending, data governance and the growing urgency of faster vulnerability remediation, according to the panelists on Selling Cyber.
A publicly traded home medical equipment and services supplier has told U.S. regulators that hackers recently stole a potentially large volume of patients' health and personal information, including data from external electronic health record system portals, in a social engineering scam.
Belgian software vendor Aikido Security acquired Boston-based Root for $70 million to embed automated vulnerability remediation into its application security platform, enabling enterprises to deploy hardened open-source packages and container images while reducing software supply-chain risk.
A Tennessee-based vendor of AI-powered business decision support software for healthcare providers and insurers is notifying nearly 1.4 million people that their information was compromised in a recent hack. Experts said the incident spotlights growing risks to healthcare by AI-tech vendors.
Microsoft says North Korean-linked BlueNoroff compromised a Mastra npm maintainer account and published more than 140 malicious packages, using a software supply-chain attack to distribute infostealers, backdoors and credential theft tools through AI development environments.
The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation pipelines, has been poisoned by attackers, and Microsoft-owned GitHub has advised all developers to downgrade Mastra, pending compromised packages being found and eradicated.
Medical laboratory testing giant Labcorp has agreed to pay $35 million to settle class action litigation stemming from a 2018 hacking incident on now-defunct American Medical Collections Agency. Labcorp reported the vendor breach in 2019 as affecting nearly 10.3 million patients.
Geopolitical exposure has quietly moved to the front of the security agenda, and most organizations are only now realizing how little they understand about where their risks originate, says Melanie Garson, associate professor of international security at UCL.
Security leaders can't afford to treat resilience as a response to crisis. Security expert Ragna Sveinsdottir stresses that organizations must build resilience into services from the outset, while balancing AI adoption, supply chain risk and the growing need for collaboration across teams and industries.
Healthcare organizations are getting better vetting third-party vendors, including suppliers of medical devices, software and other products. But once these vendors are on board, healthcare firms still struggle with monitoring their security posture and ensuring they keep their promises.
Hacked code repository GitHub warned administrators of self-hosted git servers to rotate public encryption keys following a May 18 incident involving a poisoned VS Code extension used by an employee. GitHub CISO Alexis Wales in a Tuesday update said the repository is rotating all keys.
Socket raised $60 million in a Thrive Capital-led Series C at a $1 billion valuation to expand its supply-chain security platform beyond package managers as AI coding tools increase enterprise exposure to malicious dependencies, browser extensions and developer tooling.
SecurityScorecard acquired internet reconnaissance startup Driftnet to expand real-time visibility into hidden infrastructure, exposed assets and AI-driven third-party risks while strengthening threat hunting, attribution and internet-scale intelligence capabilities.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.