US Sanctions Aeza Group for Hosting Infostealers, Ransomware

David Perera • July 1, 2025

The United States cut off from the U.S.-dominated international financial system a Russian provider of digital infrastructure to cybercriminal groups, accusing St. Petersburg-based Aeza Group of hosting infostealers and ransomware operations. The U.S. said Aeza is a bulletproof hosting service.

Cyberwarfare / Nation-State Attacks

Managing Non-Human Identity Risks in the Public Sector

Latest

Artificial Intelligence & Machine Learning

Cloudflare Aims to Make AI Bots Pay for Crawling Websites

Rashmi Ramesh • July 1, 2025

An internet infrastructure firm that routes 16% of global web traffic will block AI bots from new domains it hosts unless it has explicit permission from the owner. Cloudflare on Tuesday launched "pay per crawl," a platform that allows publishers to charge AI crawlers each time they access a site.

Governance & Risk Management

LevelBlue, Trustwave Unite to Form $1B Managed Cyber Goliath

Michael Novinson • July 1, 2025

The merger of LevelBlue, Trustwave and Aon's cyber team brings together elite pen testing, IR and managed security services. The combined company will have a strong presence in the U.S. government and global markets and exceeds $1 billion in revenue and 2,000 employees.

Cloud Security

German BSI Head: Tech Sovereignty Needs Technical Solution

Akshaya Asokan • June 30, 2025

European ambitions to replace foreign tech solutions with domestic alternatives are "unrealistic" in the short term, warned the head of the German cybersecurity head cybersecurity agency in a call for greater technological control over cloud platforms.

Events

SIEM Vendors Fail to Address Migration Complexity

Michael Novinson • June 30, 2025

Next-generation SIEM vendors struggle to gain market traction because they focus on technological superiority rather than solving the fundamental challenge of migrating existing security infrastructure and operations, said Hugh Njemanze, founder and president of Anomali.

3rd Party Risk Management

Another Billing Software Vendor Hacked by Ransomware

Marianne Kolbasuk McGee • June 30, 2025

Horizon Healthcare RCM is the latest revenue cycle management software vendor to report a health data breach involving ransomware and data theft. The firm's breach notification statement suggests that the company paid a ransom to prevent the disclosure of its stolen information.

Endpoint Security

Rethinking IT Risk Assessments for OT Environments

Suparna Goswami • June 30, 2025

IT organizations can apply multiple frameworks to help reduce risk, but relying on them in OT environments could create blind spots. Security leaders must rethink compliance-driven strategies and adapt controls to meet the unique demands of industrial systems, said Sydney Trains' Maryam Shoraka.

Artificial Intelligence & Machine Learning

AI Boss Fails Spectacularly in Month-Long Business Test

Rashmi Ramesh • June 30, 2025

Unleashing an agentic AI on the office vending machine: What could go wrong? Anthropic and AI safety company Andon Labs found out when they turned over management of a small refrigerator that acted as a vending machine to Claude Sonnet 3.7. Researchers described the AI's conduct as "pretty weird."

Business Continuity Management / Disaster Recovery

Brave New Kernel: Microsoft Previews Safer Windows Ecosystem

Mathew J. Schwartz • June 30, 2025

Nearly one year after a faulty CrowdStrike software update disrupted 8.5 million Windows hosts, causing global IT chaos, Microsoft is previewing multiple resilience changes to Windows, including enabling third-party endpoint security tools to do their magic without needing kernel-level access.

Cyberwarfare / Nation-State Attacks

Canada Orders Hikvision to Shut Operations

Prajeet Nair • June 29, 2025

Chinese video surveillance manufacturer Hikvision must close operations in Canada, a government official said Friday, citing national security concerns. The ban is the latest in a string of Western prohibitions against equipment made by partially state-owned Hangzhou Hikvision Digital Technology.

Artificial Intelligence & Machine Learning

Misconfigured AI Servers and Weak Configurations Expose Data, Systems

Rashmi Ramesh • June 27, 2025

Hundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

Fraud Management & Cybercrime

Feds Warn Patients, Healthcare Entities of Phishing Scams

Marianne Kolbasuk McGee • June 27, 2025

U.S. federal authorities are warning the public and healthcare sector entities of email and fax phishing scams by fraudsters seeking to steal personal information about patients or payments. The warnings come as three large U.S. insurers continue to recover from recent cyberattacks.

Artificial Intelligence & Machine Learning

Berlin Regulator Orders Apple, Google to Remove DeepSeek

Akshaya Asokan • June 27, 2025

A German data regulator on Friday ordered Apple and Google to remove the Chinese artificial intelligence DeepSeek app from online stores over non-compliance with privacy and digital service rules. Commercial transfers of data outside of trading bloc members are governed by a complex legal system