Trellix Source Code Breach: When a Cybersecurity Vendor Becomes the Target
On May 2, 2026, Trellix โ the cybersecurity company formed from the merger of McAfee Enterprise and FireEye, serving more than 50,000 enterprise and g...
Compliance & Regulatory Articles
719 articles on privacy laws, security frameworks, and regulatory compliance.
GemStuffer: How 150+ Malicious RubyGems Were Used as a Data Exfiltration Channel
The GemStuffer campaign, disclosed in May 2026, weaponized the RubyGems open-source package registry as a data exfiltration channel by publishing more...
Cushman & Wakefield's Vishing-Triggered Breach: ShinyHunters, 500K Salesforce Records, and Third-Party Risk
In late April and early May 2026, Cushman & Wakefield confirmed a cyberattack originating from a voice phishing operation that gave ShinyHunters acces...
Instructure Canvas Breach: ShinyHunters Stole 275 Million Student Records โ Twice
ShinyHunters breached Instructure's Canvas learning management system twice in May 2026, stealing an estimated 275 million records โ names, email addr...
EU's Digital Markets Act Two-Year Review: AI and Cloud Are Now Priority Enforcement Areas
The European Commission published its first formal review of the Digital Markets Act on April 28, 2026, finding the regulation fit for purpose but ide...
240 Health AI Bills in 43 States: The Quiet Compliance Wave Reshaping Healthcare AI in 2026
While the national AI regulation debate focuses on federal frameworks and the EU AI Act, a quieter but operationally significant legislative wave is a...
FINRA's 2026 GenAI Governance Requirements: What Broker-Dealers Must Have in Place Now
FINRA's 2026 Annual Regulatory Oversight Report includes a substantially expanded standalone section on generative AI โ the most detailed statement ye...
After SolarWinds: What the SEC's Cybersecurity Disclosure Rules Actually Require in 2026
The SEC voluntarily dismissed its cybersecurity enforcement case against SolarWinds and CISO Timothy Brown in November 2025, ending the first-ever SEC...
The UK CMA's Agentic AI Guidance: The First Regulatory Framework for Autonomous AI Agents in Consumer Markets
On March 9, 2026, the UK Competition and Markets Authority published the first regulatory guidance specifically addressing how autonomous AI agents mu...
FTC vs. OkCupid: How Sharing 3 Million User Photos With an Undisclosed Third Party Became a Federal Enforcement Action
On March 30, 2026, the FTC took action against OkCupid and parent company Match Group for sharing nearly three million user photos and location data w...
OCR Begins Enforcing 42 CFR Part 2: What Health Systems, Behavioral Health Platforms, and Their Vendors Must Know
On February 16, 2026, HHS Office for Civil Rights commenced enforcement of the updated 42 CFR Part 2 rules governing substance use disorder treatment ...
Reddit Fined ยฃ14.47 Million by ICO: Why Age Self-Declaration Is No Longer a Defense
The UK Information Commissioner's Office fined Reddit ยฃ14.47 million in February 2026 for unlawfully processing children's personal data. The central ...