Cybersecurity
Data breaches, cybercrime, security law, and cyber incident response
ShinyHunters Hack Disrupts Canvas, Exposes Data of 275M Users
Instructure's Canvas platform breached by ShinyHunters, compromising user data and disrupting exams at nearly 9,000 institutions. Legal professionals face rising LMS cyber risks.
CIRCIA Cyber Reporting Deadline Pushed to May 2026 After Industry Pushback
CISA has extended the CIRCIA cyber incident reporting deadline to May 2026, giving critical infrastructure and contractors more time to update compliance protocols and risk plans.
Medtronic Breach: ShinyHunters Claims 9M Records in Attack
Medtronic confirms a major data breach linked to ShinyHunters, highlighting cybersecurity risks for medical device firms and compliance teams across regulated industries.
Cushman & Wakefield Hit by Breach; Client Data Targeted in Twin Cyber Claims
Cushman & Wakefield confirms client data breach after cybercriminals claim access to Salesforce records. Legal teams face immediate risks under global data privacy laws.
Major Instructure Data Breach Exposes Student Information
A cyberattack on EdTech giant Instructure exposed student data from its Canvas platform, affecting millions and prompting urgent data security reviews for education providers.
CISA Flags Surge in Iranian Cyber Attacks on U.S. Critical Infrastructure
CISA and federal agencies warn legal and corporate sectors of a rise in Iranian-backed cyber attacks targeting U.S. infrastructure, urging urgent cybersecurity action.
Council of Europe Marks Cybercrime Milestone Amid Romanian Attack Surge
Europe’s cybercrime experts gathered in Bucharest as Romania battles daily DDoS attacks, highlighting urgent collaboration needs for legal and compliance teams.
Pentagon Reiterates Anthropic Blacklist, Eyes Mythos Cybersecurity Model
Pentagon CTO Emil Michael says Anthropic remains blacklisted, but growing interest in Mythos AI model sparks agency-wide evaluation amid evolving federal AI policy.
Agentic AI Poses Fresh Hallucination Risks for Law Firms
Agentic AI can autonomously act on false or misleading outputs, raising new operational and reputational risks for the legal industry.
CISA and Microsoft flag active Windows zero-click flaw after patch setback
A zero-click Windows vulnerability, actively exploited despite patch efforts, has drawn urgent warnings from CISA and Microsoft over credential theft risks and compliance concerns.
CISA Flags Critical Flaw in NSA’s GrassMarlin OT Discovery Tool
CISA warned of an XML External Entity (XXE) vulnerability in NSA’s GrassMarlin tool, exposing sensitive data for unpatched users and impacting legal and compliance obligations.
FCA Shares 2025 Cyber Coordination Group Insights, Flags New Compliance Rules
The FCA published a 2025 summary from its Cyber Coordination Group, highlighting cyber risks and the need for compliance with upcoming incident-reporting rules for UK financial firms.
UK Cyber Chief Warns: 100+ Countries Have Advanced Spyware
Over 100 countries now own commercial spyware capable of hacking phones, prompting urgent cybersecurity scrutiny for UK legal and corporate sectors.
OpenAI Briefs Governments on GPT-5.4-Cyber Ahead of Launch
OpenAI is briefing U.S. and Five Eyes agencies on its new GPT-5.4-Cyber AI tool, signaling a government-focused launch and raising key legal and regulatory questions.
Unauthorized Group Gains Access to Anthropic's Mythos AI Cyber Tool
Anthropic's Mythos AI, designed to find cybersecurity vulnerabilities, was accessed by unauthorized third parties—raising urgent concerns for legal AI security.
Microsoft Recall Faces Renewed Scrutiny Over AI Privacy Risks
Microsoft's Recall AI feature, reintroduced with new security, faces fresh criticism as researchers expose ongoing privacy and cybersecurity vulnerabilities.
CISA Flags 17-Year-Old Excel Vulnerability Amid Active Exploitation
CISA warns of active attacks using an ancient Microsoft Excel bug, urging legal professionals to prioritize patching to protect sensitive information.
Anthropic's Mythos AI Exposes 1,500+ Software Zero-Days in Weeks
Anthropic's Mythos AI uncovered over 1,500 zero-day vulnerabilities across major operating systems and browsers, escalating legal and compliance risks for enterprises.
OpenAI Launches GPT-5.4-Cyber With Limited Access for Cybersecurity Teams
OpenAI released GPT-5.4-Cyber for vetted cybersecurity professionals, tightening access and shaping how legal teams approach AI in risk management.
Anodot Breach Exposes Rockstar Games, 14 Others to Extortion by ShinyHunters
14 companies, including Rockstar Games, had data exposed in the Anodot breach. Legal teams face new litigation and compliance risks tied to third-party analytics vendors.