Cybersecurity
Data breaches, cybercrime, security law, and cyber incident response
US cracked down on anti-tech extremists amid AI security fears
US agencies intensify surveillance of anti-technology extremist groups amid AI policy, national security concerns, and supply chain risks.
New State Laws Tighten Data Breach Notification Rules by 2026
Proposed and enacted laws in California, Connecticut, and Oklahoma tighten data breach notification deadlines and expand reporting requirements for organizations nationwide.
Microsoft Threatens Legal Action Over Public Windows Exploit Disclosures
Microsoft threatens legal action against 'Nightmare Eclipse' for publicly sharing six zero-day Windows exploits, sparking cybersecurity and legal debates.
FBI Warns Law Firms of Extortionists Posing as IT Support Technicians
The FBI issued a May 2026 warning about criminals posing as IT support to infiltrate law firms, urging enhanced physical security and staff awareness.
Stolen NSA Tools Like EternalBlue Keep Corporate Networks at Risk
Stolen NSA hacking tools from 2016, including EternalBlue, still pose security threats and legal challenges for corporations globally.
ShinyHunters Hack Disrupts Canvas, Exposes Data of 275M Users
Instructure's Canvas platform breached by ShinyHunters, compromising user data and disrupting exams at nearly 9,000 institutions. Legal professionals face rising LMS cyber risks.
CIRCIA Cyber Reporting Deadline Pushed to May 2026 After Industry Pushback
CISA has extended the CIRCIA cyber incident reporting deadline to May 2026, giving critical infrastructure and contractors more time to update compliance protocols and risk plans.
Medtronic Breach: ShinyHunters Claims 9M Records in Attack
Medtronic confirms a major data breach linked to ShinyHunters, highlighting cybersecurity risks for medical device firms and compliance teams across regulated industries.
Cushman & Wakefield Hit by Breach; Client Data Targeted in Twin Cyber Claims
Cushman & Wakefield confirms client data breach after cybercriminals claim access to Salesforce records. Legal teams face immediate risks under global data privacy laws.
Major Instructure Data Breach Exposes Student Information
A cyberattack on EdTech giant Instructure exposed student data from its Canvas platform, affecting millions and prompting urgent data security reviews for education providers.
CISA Flags Surge in Iranian Cyber Attacks on U.S. Critical Infrastructure
CISA and federal agencies warn legal and corporate sectors of a rise in Iranian-backed cyber attacks targeting U.S. infrastructure, urging urgent cybersecurity action.
Council of Europe Marks Cybercrime Milestone Amid Romanian Attack Surge
Europe’s cybercrime experts gathered in Bucharest as Romania battles daily DDoS attacks, highlighting urgent collaboration needs for legal and compliance teams.
Pentagon Reiterates Anthropic Blacklist, Eyes Mythos Cybersecurity Model
Pentagon CTO Emil Michael says Anthropic remains blacklisted, but growing interest in Mythos AI model sparks agency-wide evaluation amid evolving federal AI policy.
Agentic AI Poses Fresh Hallucination Risks for Law Firms
Agentic AI can autonomously act on false or misleading outputs, raising new operational and reputational risks for the legal industry.
CISA and Microsoft flag active Windows zero-click flaw after patch setback
A zero-click Windows vulnerability, actively exploited despite patch efforts, has drawn urgent warnings from CISA and Microsoft over credential theft risks and compliance concerns.
CISA Flags Critical Flaw in NSA’s GrassMarlin OT Discovery Tool
CISA warned of an XML External Entity (XXE) vulnerability in NSA’s GrassMarlin tool, exposing sensitive data for unpatched users and impacting legal and compliance obligations.
FCA Shares 2025 Cyber Coordination Group Insights, Flags New Compliance Rules
The FCA published a 2025 summary from its Cyber Coordination Group, highlighting cyber risks and the need for compliance with upcoming incident-reporting rules for UK financial firms.
UK Cyber Chief Warns: 100+ Countries Have Advanced Spyware
Over 100 countries now own commercial spyware capable of hacking phones, prompting urgent cybersecurity scrutiny for UK legal and corporate sectors.
OpenAI Briefs Governments on GPT-5.4-Cyber Ahead of Launch
OpenAI is briefing U.S. and Five Eyes agencies on its new GPT-5.4-Cyber AI tool, signaling a government-focused launch and raising key legal and regulatory questions.
Unauthorized Group Gains Access to Anthropic's Mythos AI Cyber Tool
Anthropic's Mythos AI, designed to find cybersecurity vulnerabilities, was accessed by unauthorized third parties—raising urgent concerns for legal AI security.