Industry News: ESG5

The Target:​ Capita is a major UK-based outsourcing and professional services company that provides consulting, digital, and software services to local councils, the NHS, the Ministry of Defense, and organizations in the banking, utilities, and telecommunications sectors.

The Take: Hackers had accessed 4% of Capita’s internal IT infrastructure, and exfiltrated private files hosted on the breached systems.

The Vector: The company announced that it had been targeted by hackers who attempted access to its internal Microsoft 365 environment, forcing some systems offline as part of its response.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

2025-11-05

Business Wire: Armis, the cyber exposure management and security company, announced a pre-IPO funding round of $435 million, bringing the company’s valuation to $6.1 billion. 

Read more...

2025-11-05

SecurityWeek: The investment round was led by Shasta Ventures, with additional support from Fusion Fund and an unnamed venture. Founded in 2019, California-based Portal26 has built a platform that provides organizations with comprehensive visibility into their gen-AI consumption.

Read more...

2025-11-05

Yahoo Finance/Reuters: Cybersecurity company Wiz has cleared a U.S. Justice Department ​(DOJ) antitrust review of its ‌acquisition by Google-parent Alphabet, Wiz CEO said in a ‌Wall Street Journal event.

Read more...

2025-11-04

Dark Reading: As ransomware groups continue to operate faster than ever, European organizations are facing an increasingly large portion of attacks, accounting for nearly 22% of global ransomware and extortion victims.

Read more...

2025-11-04

Bleeping Computer: Japanese publishing giant Nikkei announced that its Slack messaging platform had been compromised, exposing the personal information of over 17,000 employees and business partners.

Read more...

2025-11-03

CSO Online: An October decision of the 4th US Circuit Court of Appeals in Virginia has — yet again — altered the risk calculus of data breaches by easing litigants’ ability to successfully sue breached companies in limited situations.

Read more...

2025-11-03

Yahoo Finance/Reuters: Prosecutors said three American cybersecurity professionals secretly ran a ransomware operation aimed at shaking down companies across the United States.

Read more...

The Target:​ Conduent is an American business process outsourcing (BPO) company that provides digital platforms and services for governments and enterprises.

The Take: The data breach notifications state that people's name, Social Security Numbers, full date of birth, health insurance policy or ID number, or medical information was exposed.

The Vector: An investigation into the scope of the data breach has now determined that the attack impacted millions of people. Furthermore, although the breach was discovered in January 2025, the environment had been compromised much earlier, on October 21, 2024.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

2025-10-30

Yahoo News: The Federal Communications Commission will vote next month on whether to eliminate cybersecurity requirements for telecom carriers that the commission enacted under its previous leadership following sweeping Chinese government cyberattacks on telecoms.

Read more...