On October 15, application security vendor F5, Inc. disclosed that a highly sophisticated nation-state threat actor maintained long-term, persistent access to certain F5 systems. The attackers exfiltrated portions of BIG-IP1...more
10/22/2025
/ China ,
Corporate Counsel ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Security ,
Government Agencies ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
National Security ,
Popular ,
Risk Management ,
Software ,
Supply Chain
A recent campaign by the CL0P ransomware group has targeted on-premises, customer-managed Oracle E-Business Suite (EBS) systems, resulting in the potential for widespread data exfiltration and extortion attempts. The...more
10/16/2025
/ Cyber Attacks ,
Cyber Threats ,
Cyberforensics ,
Cybersecurity ,
Data Breach ,
Data Security ,
Extortion ,
Incident Response Plans ,
Malware ,
Multi-Factor Authentication ,
Policies and Procedures ,
Ransomware ,
Risk Management ,
Risk Mitigation ,
Third-Party Risk ,
Vulnerability Assessments
Effective October 1, 2025, Colorado Senate Bill (SB) 24-041 significantly amends the Colorado Privacy Act (CPA) to impose heightened obligations on entities processing personal data of minors—defined as individuals under 18...more
10/1/2025
/ Colorado ,
Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Enforcement ,
Minors ,
New Legislation ,
Online Safety for Children ,
Personal Data ,
Privacy Laws ,
State Legislatures ,
State Privacy Laws ,
Targeted Digital Advertising
What’s Happening:
Recent investigations by leading threat intelligence and incident response teams have identified a sophisticated and persistent cyber campaign leveraging the BRICKSTORM malware, attributed to UNC5221 and...more
9/26/2025
/ China ,
Corporate Counsel ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Security ,
Forensic Examination ,
Incident Response Plans ,
Information Security ,
Malware ,
National Security ,
Network Security ,
Risk Mitigation ,
Technology Sector ,
Third-Party Risk ,
Threat Management ,
Vulnerability Assessments
The Maryland Online Data Privacy Act (MODPA) is set to take effect on October 1 and marks a significant shift in how personal data is protected at the state level. Falling in line with other states’ privacy laws, Maryland’s...more
9/25/2025
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Maryland ,
New Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
Risk Assessment ,
Sensitive Personal Information ,
State Privacy Laws ,
Targeted Digital Advertising
On July 24, 2025, the California Privacy Protection Agency (CPPA) Board unanimously approved a comprehensive set of final regulations under the California Consumer Privacy Act (CCPA), introducing significant new compliance...more
On August 28th, Mandiant issued an update to its previous Salesloft Drift advisory. Therein, Mandiant discussed that Salesloft issued a security notification on Aug. 26 regarding its Drift application. At that time, it...more
9/2/2025
/ APIs ,
Artificial Intelligence ,
Cloud Computing ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Information Technology ,
Risk Management ,
SaaS ,
Software ,
Third-Party Service Provider ,
Threat Management
Salesloft issued a security notification on August 26 regarding its Drift application. It appears to be a broad opportunistic attack on Salesloft/Drift instances integrated with Salesforce tenants. Salesloft issued updates...more
8/28/2025
/ Artificial Intelligence ,
Cloud Computing ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Information Technology ,
Popular ,
Risk Management ,
SaaS ,
Salesforce ,
Software ,
Third-Party Service Provider
On July 20, 2025, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) issued urgent warnings about new, actively exploited vulnerabilities in Microsoft SharePoint Server. These vulnerabilities, known as...more
On April 22, 2025, the Federal Trade Commission (FTC) published final updates to the Children’s Online Privacy Protection Act Rule (COPPA Rule). The final COPPA Rule goes into effect on June 23, 2025, 60 days after its...more
On March 10, 2025, the Office of the Attorney General of California (CAAG) announced an enforcement sweep of the California Consumer Privacy Act (CCPA) focused on the location data industry. Attorney General Rob Bonta stated...more
3/14/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Geolocation ,
Location Data ,
Privacy Laws ,
State Attorneys General
The National Institute of Science and Technology (NIST) has released NIST Cybersecurity Framework (2.0) (Framework 2.0). NIST released two earlier versions of the Framework for Improving Critical Infrastructure Cybersecurity...more