Regulatory
Policy updates, framework guidance, and enforcement actions that may affect your AI governance posture.
Advancing Product Security: New IoT Guidance and New Engagement
It may be summertime, but the NIST Cybersecurity for the Internet of Things (IoT) Program isn’t hitting the hammock! Organizations are managing growing device complexity, evolving threats, and pressure to turn guidance into operational decisions…so we remain focused on helping…
Source: NIST Cybersecurity — Read full article →
The Advisory Forum: What Is It And How Does It Work?
The Advisory Forum (the Forum) is a general advisory body to the European Commission and the AI Board, established to provide technical expertise, advise them, and to contribute to their tasks under the EU AI Act. It sits within the…
Source: EU AI Act Tracker — Read full article →
Incidents & Breaches
Real-world failures and breach reports — what happened when controls were absent or ignored.
India’s central bank mandated use of .bank domains to enhance trust – but its registry leaked sensitive info
Open API leaked everything an attacker needs to impersonate bank officials
Source: The Register — Security — Read full article →
Security researchers tricked LLMs into giving them cocaine recipes by abusing role models for prompt injection
If you want a picture of the future of LLM security, imagine Whac-a-Mole meets Groundhog Day
Source: The Register — Security — Read full article →

Meta Contractors Posed as Teens to Prompt Rival Chatbots About Suicide, Sex, and Drugs
Hundreds of contractors working on a project for Meta pretended to be kids in order to see how other chatbots like Gemini and ChatGPT would respond to high-risk subjects, WIRED found.
Source: Wired — Security — Read full article →

Top Google Security Staff Warn Search Data Could Be Hacked if EU Rules Change
Europe’s pro-competition proposals could see Google Search and Android systems opened up. The company claims there are serious privacy flaws.
Source: Wired — Security — Read full article →
Threat Intelligence
Active threats and vulnerabilities relevant to mid-market IT and security teams.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant…
Source: CISA — Read full article →
Vendor Updates
What enterprise AI vendors are shipping — tools already in your environment or heading there.
Chromium extension uses AI‑related branding to redirect browser search
A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure. The post Chromium extension uses AI‑related branding to redirect browser search appeared first on Microsoft Security Blog.
Source: Microsoft Security Blog — Read full article →
Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in Europe and Asia. The campaign uses photo-themed ZIP archives and fake image shortcut files to deliver a persistent Node.js implant and evade detection. The post Photo ZIP…
Source: Microsoft Security Blog — Read full article →
Security News
General security industry news — only promoted to Insights when AI governance relevant.

‘Djinn’ Stealer Targets Cloud, AI Credentials
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.
Source: Dark Reading — Read full article →

Vulnerabilities Expose Private Data in Indian Government Systems
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.
Source: Dark Reading — Read full article →
InfoDefenders
Practitioner commentary and analysis from the InfoDefenders team.
What Auditors Actually Want in an AI Governance Evidence Pac
AI governance audits require specific evidence, not just policies. Here’s what auditors ask for and how to build your evidence pack before they knock.
Source: InfoDefenders — Read full article →
EU AI Act Compliance Checklist for US Companies
US mid-market companies using AI tools with EU exposure need an AI governance plan now. Here’s a practical checklist to close your biggest gaps fast.
Source: InfoDefenders — Read full article →