Regulatory
Policy updates, framework guidance, and enforcement actions that may affect your AI governance posture.
Advancing Product Security: New IoT Guidance and New Engagement
It may be summertime, but the NIST Cybersecurity for the Internet of Things (IoT) Program isn’t hitting the hammock! Organizations are managing growing device complexity, evolving threats, and pressure to turn guidance into operational decisions…so we remain focused on helping…
Source: NIST Cybersecurity — Read full article →
Incidents & Breaches
Real-world failures and breach reports — what happened when controls were absent or ignored.
Even the Secret Service won’t use company-issued phones
Personal cell phones on protective missions, no threat detection on government-issued devices among the litany of sins
Source: The Register — Security — Read full article →
Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
Researchers warn many AI coding assistants now execute commands from project configurations
Source: The Register — Security — Read full article →
The Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security Officials
Exposed records from the private group included the personal information of a senior White House intelligence official and an active-duty special operations officer.
Source: Wired — Security — Read full article →
British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted
As UK police embrace the AI revolution, a WIRED investigation reveals the messy inside story of one region’s experiment with predictive analytics.
Source: Wired — Security — Read full article →
Threat Intelligence
Active threats and vulnerabilities relevant to mid-market IT and security teams.
Russian Intelligence Services Continue to Target Commercial Messaging Applications
CISA and the Federal Bureau of Investigation (FBI) issued an updated Public Service Announcement (PSA) warning of Russian Intelligence Services (RIS) cyber threat actors targeting commercial messaging applications in ongoing phishing campaigns. This PSA is an update to the March…
Source: CISA — Read full article →
Schneider Electric PowerLogic P7
View CSAF Summary Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product. The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical network applications. Failure to apply the remediation provided below may…
Source: CISA — Read full article →
Vendor Updates
What enterprise AI vendors are shipping — tools already in your environment or heading there.
Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in Europe and Asia. The campaign uses photo-themed ZIP archives and fake image shortcut files to deliver a persistent Node.js implant and evade detection. The post Photo ZIP…
Source: Microsoft Security Blog — Read full article →
Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms
Microsoft named a Leader in the Forrester Wave™: Endpoint Management Platforms, Q2 2026, with the highest scores in the current offering and strategy categories. The post Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms appeared first on…
Source: Microsoft Security Blog — Read full article →
AI Industry
Products and trends that will become shadow AI in your org if they haven’t already.
AI Decline? Confidence in Autonomous Penetration Testing Falls
Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.
Source: Dark Reading — Read full article →
Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions
Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into the primary control plane.
Source: Dark Reading — Read full article →
InfoDefenders
Practitioner commentary and analysis from the InfoDefenders team.
The Four-Phase Framework Behind Real AI Governance
Most AI governance programs fail because they start in the wrong place. Here’s the order it actually has to happen in — and why sequence matters.
Source: InfoDefenders — Read full article →