CISA Director Nominee Sean Plankey Withdraws His Nomination

CISA director pick Sean Plankey withdraws his nomination

Sean Plankey, the long-sidelined nominee to lead the Cybersecurity and Infrastructure Security Agency, asked President Donald Trump on Wednesday to withdraw his nomination.

“At this point in time, I am asking the President to remove my nomination from consideration,” he said in a notification letter seen by CyberScoop. “After thirteen months since my initial nomination, it has become clear that the Senate will not confirm me.”

Plankey’s request comes weeks after the Senate confirmed MarkWayne Mullin to lead the Department of Homeland Security, CISA’s parent agency.

“The Nation and Department of Homeland Security Secretary MarkWayne Mullin requires a confirmed director of CISA without further delay,” Plankey wrote, adding thanks to Trump himself. “While I humbly request the removal of my nomination, I wholeheartedly support President Trump’s upcoming nomination for CISA and look forward to the continued success of the United States of America.”

Citizens Bank Data Breach Exposes Customer Info

Citizens Bank has confirmed that the personal information of thousands of its customers was compromised in a data breach linked to a third-party vendor, highlighting ongoing risks associated with external service providers in the financial sector. The exposed data includes sensitive details typically found on personal checks, such as customer names, addresses, and bank account numbers.

According to Citizens Bank spokesperson Rory Sheehan, there is no evidence that the bank’s internal systems were directly accessed by a malicious actor. However, he acknowledged that the incident originated from a vendor-related breach that affected a limited number of customers, raising concerns about third-party data security practices.

Sheehan stated that the bank has implemented enhanced monitoring measures and is actively notifying impacted customers with further guidance. He also noted that, at this stage, there have been no confirmed reports of fraud resulting from the compromised data. As a precaution, the bank is offering complimentary account monitoring services to affected individuals.

'The Gentlemen' Rapidly Rises to Ransomware Prominence

A ransomware gang known as "The Gentlemen" has made a name for itself, claiming hundreds of victims in a matter of months.

The Gentlemen is a ransomware-as-a-service (RaaS) outfit that first popped up in mid-2025. While it operates fairly typical double extortion attacks (using both encryption and data leaking as extortion levers), The Gentlemen is known for sophisticated tactics, techniques, and procedures (TTPs), such as antivirus killers and complex infection chains.

Check Point Research this week published its latest findings concerning the gang, noting that it has claimed hundreds of victims and uses malware including something called SystemBC, which researchers described as "a proxy malware frequently leveraged in human operated ransomware operations for covert tunneling and payload delivery."

Check Point observed victim telemetry connected to SystemBC's command and control (C2) server, revealing a botnet of more than 1,570 victims.

Workers Sue $10 Billion AI Startup for Collecting and Exposing Personal Data

Training artificial-intelligence models demands massive amounts of fresh data. Mercor, a $10 billion startup that hires contractors to provide AI training feedback, is among those leading the high-stakes hunt.

Sometimes that quest for data leads to contentious territory.

The San Francisco startup, whose clients have included OpenAI, Anthropic and Meta, has been hit with at least seven class-action lawsuits in recent weeks following a third-party data breach. Allegedly, it exposed Mercor contractor information ranging from recorded job interviews to facial biometric data and screenshots of workers’ computers.

The suits offered a window into how Mercor allegedly acquires the data used to serve its customers.

A class-action suit filed Tuesday in Northern California alleged that Mercor accumulated applicant-vetting data, including background checks, which it shared with partners, in breach of federal regulations.

ZeroFox data shows ransomware stabilizing at scale, with manufacturing absorbing nearly one in five attacks

New ZeroFox data from the first quarter of this year paints a picture of a threat landscape that has settled into a sustained high-volume rhythm rather than showing any sign of retreat.

The company recorded at least 2,059 ransomware and digital extortion (R&DE) incidents during the period, a marginal 1.5% decline from the record 2,091 incidents logged in the fourth quarter of 2025, a drop too small to signal any meaningful shift in attacker activity. Additionally, the data marked an increase in incidents year-over-year from 2025 and 2024, which saw at least 2,001 and 1,007 incidents, respectively.

In the first quarter of 2026, manufacturing remained the most targeted industry for R&DE, with at least 419 recorded incidents, up slightly from 413 in the fourth quarter of 2025. The sector accounted for nearly 20% of all attacks in the quarter, in line with the roughly 20% share observed in the previous quarter.

Luxury Cosmetics Giant Rituals Discloses Data Breach

Luxury cosmetics giant Rituals has disclosed a data breach impacting the personal information of its My Rituals members.

The incident, the company says, occurred earlier this month and involved the unauthorized access to and download of some My Rituals members’ data.

“Immediately upon discovery, we took measures and stopped the unauthorized access. The situation has been contained, and affected members are being informed directly,” the company told SecurityWeek.

Rituals says the potentially impacted information may include customers’ names, addresses, phone numbers, email addresses, dates of birth, and gender.

No passwords or payment information were compromised during the intrusion, the company said in a notice on its website.

“We have initiated an in-depth forensic investigation to understand how this happened and what measures we can take to prevent a similar incident in the future. We have also reported it to the relevant authorities,” Rituals said.