Hello. A Senate bill to end the 40-day federal government shutdown includes a provision extending the 2015 Cybersecurity Information Sharing Act.

But beyond a possible extension until the end of January, CISA’s future remains uncertain. So do its liability and antitrust protections for businesses. Read our story. 

Other news: 

• Samsung devices vulnerable to spyware
• Japanese brewer Asahi still suffering after ransomware; rivals swoop in
• EU to debate letting tech firms use personal data to train AI
• U.K. medical testing provider Synnovis has details on breach 17 months after hack
• Any guesses on the most popular breached password? 

Operations are still largely manual at Japanese brewer Asahi Group a month after a ransomware attack forced the company to shut down tech systems for online order processing. Shipments are at about 10% of typical volume, Asahi said. The company has postponed its earnings report, originally due out Wednesday. 

• Rivals Kirin Holdings, Sapporo and Suntory have swooped in with incentives to wholesalers. (Bloomberg)

EU might allow U.S. tech firms to use Europeans' personal data to train AI. The European Commission next week plans to propose changes to the bloc's strict General Data Protection Regulation that would allow Google, OpenAI and other companies such access. Member states would then negotiate details and could reject the proposal, which privacy advocates have denounced. (Reuters)

Unstructured data complicated the breach investigation at Synnovis, a U.K. medical-testing provider hacked in June 2024. The company had since been trying to determine which patients' information was breached and has now completed the process and is notifying hospitals, medical practices and clinics, the National Health Service said in a notice on its website.

• "This investigation has taken more than a year to complete because the stolen data was unstructured, incomplete and fragmented. It took a long time to piece together and work out which of its customers the data related to," NHS said.
• The ransomware attack upended lab-testing operations, delaying and disrupting care at London hospitals for months. 

A classic: "123456" remains the most popular password among two billion account credentials posted on data-breach forums this year, according to a study from tech researcher Comparitech. More than 7.6 million breached accounts used it, followed by "12345678" in second place with more than 3.6 million accounts. 

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.