Regulatory
Policy updates, framework guidance, and enforcement actions that may affect your AI governance posture.
Advancing Product Security: New IoT Guidance and New Engagement
It may be summertime, but the NIST Cybersecurity for the Internet of Things (IoT) Program isn’t hitting the hammock! Organizations are managing growing device complexity, evolving threats, and pressure to turn guidance into operational decisions…so we remain focused on helping…
Source: NIST Cybersecurity — Read full article →
Incidents & Breaches
Real-world failures and breach reports — what happened when controls were absent or ignored.
Security boss thought MFA would be too much security
One rule for the workers, another for execs
Source: The Register — Security — Read full article →
Chinese cybersecurity company claims it’s built a better-than-Mythos bug finder
Qihoo 360, which the US has banned, says it’s needed as a deterrent to weaponized Anthropic models
Source: The Register — Security — Read full article →
British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted
As UK police embrace the AI revolution, a WIRED investigation reveals the messy inside story of one region’s experiment with predictive analytics.
Source: Wired — Security — Read full article →
Threat Intelligence
Active threats and vulnerabilities relevant to mid-market IT and security teams.
Yokogawa FAST/TOOLS and CI Server
View CSAF Summary Successful exploitation of this vulnerability may return a response containing the CI Server setting information. The following versions of Yokogawa FAST/TOOLS and CI Server are affected: FAST/TOOLS >=R9.01|<=R10.04 Collaborative Information Server (CI Server) >=R1.01|<=R1.04 CVSS Vendor Equipment…
Source: CISA — Read full article →
pydicom pynetdicom Library
View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. The following versions of pydicom pynetdicom Library are affected: pynetdicom >=v1.0.0|<v3.0.4 CVSS Vendor Equipment Vulnerabilities v3 9.1 pydicom pydicom pynetdicom Library…
Source: CISA — Read full article →
Vendor Updates
What enterprise AI vendors are shipping — tools already in your environment or heading there.
Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in Europe and Asia. The campaign uses photo-themed ZIP archives and fake image shortcut files to deliver a persistent Node.js implant and evade detection. The post Photo ZIP…
Source: Microsoft Security Blog — Read full article →
Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms
Microsoft named a Leader in the Forrester Wave™: Endpoint Management Platforms, Q2 2026, with the highest scores in the current offering and strategy categories. The post Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms appeared first on…
Source: Microsoft Security Blog — Read full article →
AI Industry
Products and trends that will become shadow AI in your org if they haven’t already.
In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw
The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.
Source: Dark Reading — Read full article →
Russian APT ‘Gamaredon’ Upgrades Its Arsenal, Requiring New Defenses
The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers.
Source: Dark Reading — Read full article →