ShinyHunters defaced Canvas login pages Thursday and set a May 12 deadline, putting Instructure’s claimed 275-million-record haul at the center of FERPA, GDPR and litigation-hold work for 9,000 schools.
Canvas Breach Moves from Disclosure to Demand as ShinyHunters Sets May 12 Deadline Read More »
Two former cybersecurity professionals, one from Sygnia and one from DigitalMint, were sentenced April 30 to four years each for running BlackCat ransomware against U.S. companies — the first federal prison term in this country for an incident-response and ransomware-negotiation insider conspiracy.
A 48-Month Federal Benchmark Resets the Incident-Response Insider Question Read More »
A multinational advisory on China-nexus covert networks reframes SOHO routers and IoT devices as enterprise risk points, raising new questions for cybersecurity, privacy, compliance, eDiscovery preservation, vendor risk, and cyber-insurance readiness.
The Router on the Shelf is Now a National Security Problem Read More »
: The DOJ secured $52 million across nine cybersecurity-related False Claims Act settlements in FY 2025, tripling the prior pace and establishing cyber FCA enforcement as an operational program — with private equity firms, medical device makers, and defense subcontractors now in the crosshairs.
Mandiant’s latest M-Trends report describes a threat landscape where access can change hands inside a compromised network in just 22 seconds and where ransomware crews now begin by targeting the systems that govern recovery. As AI reshapes both attack and defense, cybersecurity, information governance, and eDiscovery professionals are being forced to rethink how they detect intrusions, preserve evidence, and explain their decisions under scrutiny.
Twenty-Two Seconds to Hand-Off: Inside Mandiant’s M-Trends 2026 Findings Read More »
Autonomous code is quietly taking a seat at the national security table. The 3rd Edition of the Guide to Developing a National Cybersecurity Strategy is an attempt to build guardrails around this machine-driven reality—and to spell out what “acceptable” risk looks like
The Algorithmic Guardrail: National Defense in the Age of Autonomous Risk Read More »
The ESA breach reveals a critical disconnect between system labeling and risk exposure. What were termed “collaboration servers” were actually integral to software development, housing source code, API tokens, and CI/CD pipelines. This article unpacks the governance, security, and operational oversight lessons for organizations managing external development environments.
ESA Breach: Collaborative Networks Expose Critical Development Infrastructure Read More »
Jaguar Land Rover’s 2025 cyber incident triggered a production pause, a £559 million quarterly loss, and a UK government-backed £1.5 billion loan guarantee. Weeks later, payroll data exposure for thousands of employees added a long-tail identity risk dimension.
Jaguar Land Rover Shutdown Shows How Cyber Incidents Cascade Through UK Supply Chains Read More »
A brutal home invasion at the San Francisco residence of tech investor Lachy Groom has resulted in the theft of $11 million in cryptocurrency, highlighting a deadly new trend of “wrench attacks.” As organized crime shifts focus from digital hacking to physical coercion, executives and investors must urgently rethink their personal security strategies to protect against this hybrid threat.
Kinetic Cybercrime: The Terrifying Shift from Hacking Code to Hacking People Read More »
A new CrowdStrike report exposes Europe as a frontline in the global ransomware crisis, with attack volumes and velocities reaching record highs. From AI-augmented adversaries to nation-state convergence, the report highlights why cybersecurity, information governance, and legal discovery teams must prepare for threats that blend financial extortion with geopolitical espionage.
As regulatory scrutiny intensifies, the ability to conduct efficient, accurate, and defensible data mining during cybersecurity incident response is essential. This article details a five-stage workflow designed to reduce risks, ensure compliance, and manage the rising complexity and costs of breach notification obligations.
Data Mining and Breach Notification in Cyber Incident Responses Read More »
Seven arrests and 49 million fake accounts expose how cybercrime-as-a-service platforms have industrialized fraud, transforming digital anonymity into a weapon that enables phishing, smishing, and financial crimes across Europe—and what the €4.9 million SIMCARTEL takedown reveals about detecting and preventing telecommunications fraud at scale.
