Major Verizon Partner and Aura Hit by Data Breaches

Verizon retailer data breached, hackers claim

More than six million telecom customer records are now allegedly up for sale online, raising fresh fears about how deeply attackers may have penetrated a major Verizon partner.

While the Netherlands is still reeling from a catastrophic breach of its major telecommunications provider, Odido, in which the personal data of 6.2 million customers was exposed, another US telcom giant might also be facing a cyber heist.

Russell Cellular, one of the largest Verizon Authorized Retailers in the United States, has allegedly been compromised in a cyber incident exposing more than 6.3 million customer records.

With over 2000 employees, the company operates over 750 locations nationwide and plays a significant role in the US telecommunications retail ecosystem.

A database allegedly belonging to Russell Cellular is now circulating on a well-known hacker forum. It is being offered for sale for $1,200. According to the threat actor, the dataset spans roughly 61GB and is organized across 209 tables.

Aura confirms data breach exposing 900,000 marketing contacts

Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses.

The company states that the incident was caused by a voice phishing attack targeting an employee, which exposed the sensitive data of 20,000 current and 15,000 former customers.

In a communication this week, Aura states that the data originated from a marketing tool used by a company acquired by Aura in 2021, which exposed limited information.

Aura is a consumer digital safety firm that sells identity theft protection, credit and fraud monitoring, and online security tools for phishing protection, positioning itself as an all-in-one service for online protection.

Earlier this week, the threat group ShinyHunters claimed the attack on their data extortion site, stating that they stole 12GB of files containing personally identifiable information (PII) on customers, as well as corporate data.

Bank software vendor Marquis says more than 670,000 impacted by August breach

The cyberattack on bank vendor Marquis Software exposed the information of 672,075 people, according to regulatory filings.

The company, which provides software that allows financial institutions to communicate with customers, previously warned in November that at least 74 banks, credit unions and financial institutions were impacted by a data breach that occurred in August. At the time, the company did not say how many people were affected.

In letters to victims, the company said it discovered the breach on August 14 and notified law enforcement before hiring cybersecurity experts to assist with the recovery. The investigation revealed that the hackers copied files from Marquis Software’s systems.

The information leaked includes names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, dates of birth and financial account information.

The company previously filed notices with regulators in Maine, South Carolina, Washington, Iowa and other states but did not reveal the full number of people impacted. Marquis Software also provided breach notifications on behalf of several financial institutions.

Threat groups target cyber-physical systems to disrupt critical infrastructure providers

Threat groups are increasingly targeting critical infrastructure for malicious attacks by using direct access to cyber-physical systems, according to a report released Wednesday by Claroty, a firm that specializes in industrial security.

These attackers, which often are state-sponsored or hacktivist groups, are abusing virtual network protocol in a majority of cases to gain remote access to exposed internet-facing assets.

In two-thirds of the tracked incidents, attackers are compromising human-machine interfaces or supervisory control and data acquisition systems, which are used to control various industrial processes in factories and other operational technology environments.

“When examining these attacks, we see a common methodology of ‘no vulnerabilities needed,’ in which attackers abuse misconfigured devices, insecure-by-design protocols and outdated insecure devices,” said Noam Moshe, head of Claroty’s Team82. “In their target picking, these opportunistic attackers look for internet-exposed devices, abusing default credentials/insecure protocols that do not have authentication, etc.”

Every Fortune 500 CEO's nightmare: the Iran War and the Pandora's Box of AI cyber warfare

When U.S. and Israeli forces launched a sweeping air and sea campaign against Iran’s military infrastructure in late Feb. 2026, the missiles weren’t the only weapons that flew. Within hours, more than 60 Iranian-aligned cyber groups mobilized, according to Palo Alto Networks’ Unit 42, armed with AI-assisted reconnaissance tools and a mandate to strike back where it hurts most: America’s corporate nervous system.

Within hours, cybersecurity agencies in the UK and Canada both warned about heightened threat levels, followed by similar warnings from Europol and the Department of Homeland Security.

For Fortune 500 CEOs, the message couldn’t be clearer—or more unsettling. The Iran war has blown open a Pandora’s box of AI-powered cyber warfare, and no firewall, no matter how expensive, was built for what’s coming next.

Colorado releases new AI Policy framework aimed revising the state’s 2024 law

Colorado lawmakers are moving closer to rewriting one of the nation’s first comprehensive artificial intelligence laws, after a state working group on Tuesday released a framework aimed at resolving months of tension between consumer advocates and the tech industry.

The proposal is expected to guide legislative changes to the state’s landmark 2024 AI law, which drew national attention and criticism for its sweeping requirements on businesses and government users of high-risk AI systems. The recommendations focus on clarifying how companies must disclose the use of AI in high-stakes decisions, such as hiring, housing and lending, and how responsibility should be split if something goes wrong.

…

Under the new proposal, developers would be required to share key details about how their systems work, including data sources and limitations, while businesses and government agencies using the tools would need to notify people in plain language when AI is involved in decisions.