Telecom Sector Launches Its Own Private Information-Sharing Group

Telecom sector launches its own private ISAC

Major U.S. telecommunications companies launched a new information sharing group on Tuesday in a bid to redouble their collective efforts to combat AI-powered cyberattacks, state-sponsored espionage and other increasing threats to communications networks.

The Communications Cybersecurity Information Sharing and Analysis Center, or C2 ISAC, will give telecoms a private venue for exchanging sensitive information such as newly discovered vulnerabilities and tips about threat actor behavior. The eight founding members are AT&T, Charter, Comcast, Cox, Lumen, T-Mobile, Verizon and Zayo.

Their chief information security officers will sit on the C2 ISAC’s board, while Valerie Moon, a former top official at the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI’s Cyber Division, will serve as the group’s executive director.

NYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people

New York public health provider NYC Health + Hospitals says a months-long data breach that allowed hackers to steal personal data, medical records, and fingerprints scans affects at least 1.8 million people.

NYCHHC is the largest public health system in the United States and provides healthcare to over a million New Yorkers, the majority of whom are uninsured or receive state healthcare benefits, such as Medicaid.

The healthcare system reported the number to the U.S. Department of Health and Human Services, making it one of the largest healthcare-related data breaches of the year so far. Healthcare organizations have been repeatedly targeted by financially motivated cybercriminals in recent years in efforts to steal their vast banks of highly sensitive patients’ personal, medical, and billing information.

‘The Future of Truth’ Contains Quotes Made Up by A.I.

The author of a nonfiction book about the effects of artificial intelligence on truth acknowledged on Monday that he had included numerous made-up or misattributed quotes concocted by A.I.

The author, Steven Rosenbaum, whose book “The Future of Truth” was released this month to great fanfare, incorporated more than a half-dozen misattributed or fake quotes in sections of the book reviewed by The New York Times.

The Times asked Mr. Rosenbaum about the quotes on Sunday and Monday. On Monday night, Mr. Rosenbaum acknowledged in a statement that the book had “a handful of improperly attributed or synthetic quotes” and said that he had started his own investigation.

He said that the inclusion of the incorrect quotes was an accident and that he had “no intention of fabricating any viewpoints” while writing the book.

Liberty Mutual sued over ransomware data breach

Liberty Mutual is being sued in a class action alleging it failed to safeguard the personal information of thousands of policyholders during a recent data breach.

Plaintiffs claim Liberty Mutual failed to protect their personally identifiable information, including health information, which was accessed by a criminal ransomware group called Everest, according to TopClassActions.com.

“Plaintiffs have since discovered that Everest has added [Liberty Mutual] to its dark web leak site, where their private information, including their highly sensitive medical records, may be posted for any nefarious actor to view, download and use to commit crimes against plaintiffs and class members, including identity theft and fraud,” the lawsuit says.

The lawsuit alleges that Liberty Mutual failed to encrypt or redact the sensitive information. Plaintiffs claim the data was compromised due to the company’s negligent failure to protect customers.

Communicating cyber risk in dollars boards understand

In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting people, processes, and organizational dynamics.

He unpacks the gap between security teams and boards, pointing to weak risk communication and a reliance on qualitative heatmaps over hard evidence. He pushes back on root cause analysis as a reductionist habit, makes the case for treating resilience as a serious capability, and outlines what stronger organizations do differently, including investment in communication, rehearsed playbooks, and continuous learning across the security function.

AI Agents Are Here. Security Must Be an Accelerator for Transformation

AI agents are no longer experimental. They now plan, decide, and act across enterprise systems, reading files, invoking tools, executing workflows, and communicating with other agents, at times with minimal human intervention.

Adoption is accelerating rapidly: most enterprise leaders expect to deploy agents within the next 12 to 18 months, and large organizations will likely manage tens of thousands of them operating concurrently.

As agent capabilities have been advancing, security controls need to adapt. Most organizations are still relying on security controls designed for human users and static applications.