Hello. Training artificial-intelligence models demands massive amounts of fresh data. Mercor, a $10 billion startup that hires contractors to provide AI training feedback, is among those leading the high-stakes hunt.

Sometimes that quest for data leads to contentious territory.

The San Francisco startup, whose clients have included OpenAI, Anthropic and Meta, has been hit with at least seven class-action lawsuits in recent weeks following a third-party data breach. Allegedly, it exposed Mercor contractor information ranging from recorded job interviews to facial biometric data and screenshots of workers’ computers. Read more from WSJ.

More news below.

The Trump administration announced criminal charges, sanctions and multimillion-dollar rewards aimed at combating online scams coming out of Southeast Asia and targeting Americans. The measures—some of which were directed at a Cambodian senator featured in a recent Wall Street Journal investigation into cyber-scam operations in the country—are the latest attempt by the U.S. to stem the fast-growing illicit industry. (WSJ)

Malware linked to nation-state hackers has been found in already-patched Cisco network security devices, U.S. and U.K. cybersecurity officials said Thursday. Backdoor software called Firestarter stays operational even after the devices have been updated, the Cybersecurity and Infrastructure Security Agency said in an alert with Britain's National Cyber Security Centre. (CyberScoop)

• CISA and Cisco didn't tie the malware to a particular country. Other security researchers have linked it to China.

• Also, Hungary’s election could mark a significant shift in European politics. 

Catch new episodes every Friday on Apple Podcasts, Spotify and Amazon.

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.