Ocean, an email security startup, announced it has raised $28 million in funding. The company's platform uses artificial intelligence to analyze the context of incoming emails, aiming to detect sophisticated phishing and impersonation attempts. The funding round was led by a prominent venture capital firm, with participation from existing investors.

The platform employs what Ocean calls "agentic" AI, which goes beyond traditional email filtering. Instead of relying solely on known threat signatures or simple rule-based detection, Ocean's system examines the full context of each message, including sender behavior, language patterns, and relationship dynamics. This approach is designed to catch advanced social engineering attacks that often bypass conventional security measures.

Ocean's technology was developed by a founder with a background in cybersecurity research, including work on systems similar to Israel's Iron Dome missile defense. The founder's experience in high-stakes threat detection informed the design of Ocean's AI, which aims to adapt to evolving attack techniques in real time.

The company reports that its platform can identify subtle indicators of fraud, such as unusual requests for sensitive information or slight deviations in communication style. Ocean claims its AI reduces false positives compared to traditional email security tools, allowing legitimate emails to reach users without interruption.

Ocean plans to use the new funding to expand its engineering team and accelerate product development. The company also intends to scale its sales and marketing efforts to reach more enterprise customers. Ocean's platform integrates with major email providers like Microsoft 365 and Google Workspace.

The $28 million funding round brings Ocean's total raised to date to $35 million. The company did not disclose its valuation. Ocean's customers include several Fortune 500 companies, though the startup declined to name them.

Ocean's platform is available now for businesses of all sizes. Pricing is based on the number of users and starts at $5 per user per month. The company offers a free trial for prospective customers.

"Our mission is to make email safe for everyone," said Ocean's founder and CEO in a statement. "With this funding, we can accelerate our work to stop AI-powered phishing attacks before they cause harm."

A federal law compelling social media platforms to expeditiously delete sexual deepfakes and other nonconsensual intimate imagery took full effect on May 19, 2026. The Take It Down Act, signed by President Donald Trump in May 2025, criminalized the distribution of nonconsensual intimate imagery (NCII) upon signing, covering both real and AI-generated content. Many states already had partial laws addressing such material. The law's more expansive takedown provision, however, required a one-year implementation period before becoming enforceable.

The provision now obligates social networks to remove reported NCII within a specified timeframe or face legal consequences. The legislation aims to address the growing proliferation of deepfake pornography and revenge porn, which have caused significant harm to victims, including minors. Proponents argue the law provides a critical tool for victims to quickly scrub abusive content from major platforms.

Critics, however, raise concerns about the law's potential for misuse. Free speech advocates warn that the broad definition of NCII could be exploited to censor legitimate content, such as political speech or artistic expression. The requirement for rapid takedowns may pressure platforms to err on the side of removal, potentially suppressing lawful material without due process.

Victim advocacy groups also question the law's effectiveness. They note that while the takedown provision targets hosting platforms, it does not address the original uploaders or the creation of deepfakes. The law's criminal penalties for distribution may deter some offenders, but enforcement remains challenging, especially for content originating overseas.

The law applies to all social media platforms operating in the United States, including major players like Facebook, Instagram, TikTok, and X. Companies must establish clear reporting mechanisms and respond to valid takedown requests promptly. Failure to comply could result in fines or other penalties from the Federal Trade Commission.

Implementation details have been closely watched by tech companies, which have lobbied for clear guidelines to avoid over-censorship. The law includes exceptions for content posted with consent or for legitimate public interest purposes, such as news reporting. However, critics argue these exceptions are narrowly defined and may not adequately protect free expression.

As the law takes full effect, its impact remains uncertain. The Verge reports that experts are divided on whether the measure will meaningfully reduce the spread of nonconsensual imagery or simply shift the burden onto platforms. Some predict an increase in automated content moderation, which could lead to errors and false removals.

The Take It Down Act represents a significant federal intervention in online content moderation. Its success or failure may shape future legislation addressing AI-generated abuse and platform accountability. For now, victims have a new legal avenue to request removal, but the law's broader consequences are yet to be seen.

New York City Health and Hospitals Corporation disclosed a data breach that compromised the personal and medical information of at least 1.8 million people. The attack, which occurred earlier this year, also exposed biometric data including fingerprints, according to the organization's notification filed with state regulators.

The breach was discovered in late February, though the intrusion may have begun months earlier. Hackers gained access to systems containing patient records, treatment histories, and insurance details. The compromised biometric data includes fingerprint scans used for identity verification within the healthcare system.

NYC Health and Hospitals operates the city's public hospitals and clinics, serving a large population of low-income and uninsured residents. The organization stated that the attackers exfiltrated data from a third-party vendor's system used for patient management. The vendor, whose name was not disclosed, is cooperating with the investigation.

Affected individuals are being notified by mail, and the healthcare system is offering free credit monitoring and identity theft protection services. The breach is one of the largest involving biometric data, raising concerns about the irreversible nature of compromised fingerprints.

New York State Attorney General Letitia James has opened an investigation into the incident. The healthcare system faces potential lawsuits and regulatory fines under state and federal data protection laws, including HIPAA.

NYC Health and Hospitals has since implemented additional security measures, including multi-factor authentication and enhanced monitoring. The organization urged affected patients to remain vigilant for signs of identity theft or medical fraud.

The breach notification was filed with the Maine Attorney General's office, as required by state law, and posted publicly on April 15, 2026. The healthcare system said it is working with law enforcement and cybersecurity experts to determine the full scope of the attack.

Grafana Labs, the company behind the popular open source observability platform, revealed that attackers breached its systems and exfiltrated its proprietary source code. The incident came to light after the threat actors contacted the company with a ransom demand, threatening to publish the stolen code if payment was not made.

The company confirmed the breach in a security advisory, stating that the attackers gained access to its internal code repositories. Grafana Labs emphasized that the stolen code includes proprietary components that are not part of the open source project. The company declined to pay the ransom, citing its commitment to transparency and the belief that paying would not guarantee the data's safety.

Grafana Labs has not disclosed the exact method of intrusion or the number of repositories affected. However, the company noted that it has since rotated credentials, reviewed access controls, and implemented additional security measures. The investigation is ongoing, with assistance from external cybersecurity experts.

The stolen code does not include customer data or production systems, according to Grafana Labs. The company reassured users that the open source Grafana platform remains unaffected, as its code is already publicly available. The proprietary code, which includes enterprise features and integrations, is the primary target of the extortion attempt.

This incident highlights the growing trend of ransomware groups targeting software supply chains and source code repositories. By threatening to leak proprietary code, attackers aim to pressure companies into paying ransoms, often with the added risk of exposing intellectual property or trade secrets.

Grafana Labs has not received any indication that the stolen code has been published or misused. The company is monitoring for any unauthorized distribution and has notified relevant authorities. It also advised customers to remain vigilant and report any suspicious activity related to Grafana software.

The company reiterated that it will not engage with the attackers or pay the ransom. Grafana Labs stated that its focus remains on securing its infrastructure and ensuring the integrity of its products. Users are encouraged to update to the latest versions of Grafana and follow best security practices.

Grafana Labs has not provided a timeline for when the investigation will conclude. The company plans to share more details as they become available, emphasizing its commitment to transparency throughout the process.