Identity Security Demands a Zero-Standing Privilege Approach

Tom Field • July 1, 2025

Organizations face growing risks from attackers who no longer hack in. They log in using compromised credentials. Chris Hills, chief security strategist at BeyondTrust, said this shift in tactics makes identity-first cybersecurity technology a key requirement.

Cybercrime

Rubrik to Purchase Predibase to Power Generative AI Growth

Latest

HIPAA/HITECH

20 States Sue HHS to Stop Medicaid Data Sharing with ICE

Marianne Kolbasuk McGee • July 1, 2025

California and 19 other states are suing the Trump administration to stop the U.S. Department of Health and Human Services from allegedly disclosing Medicaid beneficiaries' personal health information to the Department of Homeland Security and Immigration and Customs Enforcement.

Artificial Intelligence & Machine Learning

Senate Strips AI Moratorium Amid Sharp Bipartisan Opposition

Chris Riotta • July 1, 2025

Senate Republicans removed a state moratorium on artificial intelligence regulations from its version of President Donald Trump's "big, beautiful bill" following bipartisan warnings the component could risk data privacy and civil rights - particularly without a strong federal regulatory framework.

Artificial Intelligence & Machine Learning

'Skynet' Tries to Outwit AI Malware Analysis

Rashmi Ramesh • July 1, 2025

If you can't outsmart the antivirus, maybe you can sweet-talk the algorithm into looking the other way. Security researchers discovered what appears to be the first known attempt to deploy prompt injection against artificial intelligence-powered malware analysis.

Critical Infrastructure Security

Infrastructure Operators Leaving Control Systems Exposed

Mathew J. Schwartz • July 1, 2025

Many types of commonly used types of industrial control systems continue to be deployed in a manner that leaves them publicly exposed to the internet, often by U.S.-based critical infrastructure operators, in what amounts to a preventable security risk, researchers warn.

Artificial Intelligence & Machine Learning

Cloudflare Aims to Make AI Bots Pay for Crawling Websites

Rashmi Ramesh • July 1, 2025

An internet infrastructure firm that routes 16% of global web traffic will block AI bots from new domains it hosts unless it has explicit permission from the owner. Cloudflare on Tuesday launched "pay per crawl," a platform that allows publishers to charge AI crawlers each time they access a site.

Cloud Security

German BSI Head: Tech Sovereignty Needs Technical Solution

Akshaya Asokan • June 30, 2025

European ambitions to replace foreign tech solutions with domestic alternatives are "unrealistic" in the short term, warned the head of the German cybersecurity head cybersecurity agency in a call for greater technological control over cloud platforms.

3rd Party Risk Management

Another Billing Software Vendor Hacked by Ransomware

Marianne Kolbasuk McGee • June 30, 2025

Horizon Healthcare RCM is the latest revenue cycle management software vendor to report a health data breach involving ransomware and data theft. The firm's breach notification statement suggests that the company paid a ransom to prevent the disclosure of its stolen information.

Cyberwarfare / Nation-State Attacks

US Announces Crackdown on North Koreans Posing as IT Workers

Chris Riotta • June 30, 2025

Federal prosecutors announced major enforcement actions after a North Korean crime ring used stolen IDs, fake websites and U.S. shell firms to embed IT workers inside more than 100 American companies, stealing data and laundering over $5 million to fund Pyongyang's weapons programs.

Cybercrime

DOJ: Cartel Hacked Phones, Cameras to Track FBI Informants

Chris Riotta • June 30, 2025

A Justice Department watchdog found a Mexican cartel hired a hacker to tap mobile data and Mexico City cameras, helping track, intimidate and kill potential U.S. informants linked to El Chapo while calling for reforms to protect sensitive investigations from rapidly evolving technology threats.

Artificial Intelligence & Machine Learning

AI Boss Fails Spectacularly in Month-Long Business Test

Rashmi Ramesh • June 30, 2025

Unleashing an agentic AI on the office vending machine: What could go wrong? Anthropic and AI safety company Andon Labs found out when they turned over management of a small refrigerator that acted as a vending machine to Claude Sonnet 3.7. Researchers described the AI's conduct as "pretty weird."

Business Continuity Management / Disaster Recovery

Brave New Kernel: Microsoft Previews Safer Windows Ecosystem

Mathew J. Schwartz • June 30, 2025

Nearly one year after a faulty CrowdStrike software update disrupted 8.5 million Windows hosts, causing global IT chaos, Microsoft is previewing multiple resilience changes to Windows, including enabling third-party endpoint security tools to do their magic without needing kernel-level access.

Cyberwarfare / Nation-State Attacks

Canada Orders Hikvision to Shut Operations

Prajeet Nair • June 29, 2025

Chinese video surveillance manufacturer Hikvision must close operations in Canada, a government official said Friday, citing national security concerns. The ban is the latest in a string of Western prohibitions against equipment made by partially state-owned Hangzhou Hikvision Digital Technology.