"The White House is ordering agencies to place its new app on all employees’ government phones"

What could possibly go wrong, right?

https://www.govexec.com/management/2026/05/white-house-ordering-agencies-place-its-new-app-all-employees-government-phones/413738/

#govsec #infosec

NEW:

Radiology Associates of Richmond discloses second data breach

266k people affected by this one, and I have unanswered questions about both breaches:

https://databreaches.net/2026/05/22/radiology-associates-of-richmond-discloses-second-data-breach-266k-people-affected/

#HIPAA #hack-and-leak #databreach #incidentresponse #transparency

I'm watching the House Homeland Security Committee subcommittee hearing, “State and Local Cybersecurity: Escalating Threats, Federal Partnership, and the Resilience of America's Communities.”

(https://homeland.house.gov/hearing/state-and-local-cybersecurity-escalating-threats-federal-partnership-and-the-resilience-of-americas-communities/)

The opening statement by Colin Ahern, Director of Security and Intelligence for the State of New York, was really good, and Warren Sponholtz of Florida nodded in agreement at several points. When it was his turn to make his opening statement, I almost expected Mr. Sponholtz to simply say, "What he said."

Fingers crossed that this hearing stays nonpartisan.

I haven't worked through the Verizon 2026 DBIR report yet, but right off the bat, I'm surprised that 48% of all breaches are ransomware/malware events. I really thought that the majority had shifted to hack-and-leak.

I look forward to finding time to read the whole report and would like to thank all those who contributed their time and data to making the report such a great resource each year.

#DBIR2026 #ransomware #malware #vulnerabilities

RE: https://infosec.exchange/@PogoWasRight/116575881343595279

Updating: As of last night, the DSD Law Firm's leaky bucket has been secured. Whether they secured it because they discovered their data was in the hands of the #KillSec3 gang or whether the NYS Attorney General's Office contacted them after I alerted them to the leak is unknown.

But the last time they secured it, they unsecured it later. I'll keep checking the bucket to verify that it remains locked down. That will not help the firm, though, because it appears KillSec3 has already acquired clients' data.

As always, there's no need to hack when it's leaking.

#databreach #DSDLaw

RE: https://infosec.exchange/@amvinfe/116592954548436698

I seem to be making even more enemies than usual for my refusal to simply parrot or repeat what is being claimed by experts who aren't willing to back up their assertions or claims with any actual data, when asked.

I hope even more journalists do what we are supposed to do -- dig in, investigate, and report, noting critical gaps in evidence when experts aren't citing evidence in making claims.

We do not have a well-informed public when journalists just repeat what experts say. They may give us good quotes or "exclusives," about criminal gangs or cybercrime, but where is the data to support their claims?

Smearing me -- or trying to -- because I keep asking for evidence is its own attempt at censoring a free press.

#cybercrime #journalism #ShinyHunters #pressfreedom #defamation

@euroinfosec @politico @zackwhittaker @L0renz_H @guardian @PierluigiPaganini @jgreig @aj_vicens
@pressfreedom

NEW by me:

Illuminate wins another round in court, but it may not all be over despite the California Supreme Court reversing the Court of Appeal:

https://databreaches.net/2026/05/16/illuminate-wins-another-round-in-court-but-it-may-not-all-be-over/

#edtech #illuminate #databreach #classaction #CMIA #CRA