News
Short updates on security, GRC, and AI developments, with enough context to be worth reading.
- Brief
Siemens Industrial Edge Management
Summary: View CSAF Summary Industrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent …Read brief - Brief
Siemens SINEC NMS
Summary: View CSAF Summary SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the …Read brief - Brief
Siemens TPM 2.0
Summary: View CSAF Summary The products listed below contain a vulnerability that could allow an attacker to perform an out-of-bound read, potentially leading to information …Read brief - Brief
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
Summary: CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. Why it matters: This matters if it …Read brief - Brief
EDPB Sharpens Research Guidance and Speeds Up Anonymisation Work
Summary: EDPB used its April plenary to tighten guidance on scientific-research processing, accelerate anonymisation work, and approve a new certification mechanism tied to …Read brief - Brief
NIST Publishes Hardware Security White Paper on Firmware-Based Monitoring
Summary: NIST published Cybersecurity White Paper 52, “Firmware-Based Monitoring for Bus-Based Computer Systems,” on April 15, 2026. The paper describes how component …Read brief - Brief
FTC Targets Noncompete Agreements in Pest Control Enforcement Action
Summary: The FTC ordered Rollins to stop enforcing noncompete agreements against thousands of workers and paired the action with warning letters to other pest-control companies, …Read brief - Brief
NIST Updates NVD Operations to Address Record CVE Growth
Summary: NIST is changing NVD operations to keep up with record CVE volume, signaling that vulnerability teams should expect continued prioritization pressure around enrichment, …Read brief - Brief
FTC Bars Forever Living From Deceptive Earnings Claims
Summary: The FTC settled with Forever Living and its operators, permanently barring deceptive earnings claims and reinforcing that consumer-protection enforcement still reaches …Read brief - Brief
EDPB Annual Report 2025 Highlights the Board's Enforcement Priorities
Summary: EDPB’s 2025 annual report summarizes the board’s guidance, coordination, and enforcement priorities, giving privacy teams a better read on where European …Read brief - Brief
OpenAI Opens Applications for a Safety Fellowship Focused on Alignment Research
Summary: OpenAI announced the OpenAI Safety Fellowship on April 6, 2026, describing it as a pilot program for external researchers, engineers, and practitioners working on safety …Read brief - Brief
EDPB Publishes One-Stop-Shop Digest on Legitimate Interest
Summary: EDPB published a digest of one-stop-shop decisions on legitimate interest, giving privacy teams a clearer signal on how regulators are testing necessity, balancing, and …Read brief - Brief
EDPB conference on cross-regulatory cooperation: what we learned
Summary: EDPB used its March conference to press for deeper coordination between privacy regulators and adjacent EU authorities, signaling that cross-regulatory enforcement is …Read brief - Brief
NIST Releases CSF 2.0 Quick-Start Guides for ERM and Informative References
Summary: NIST announced two Cybersecurity Framework 2.0 quick-start guide updates on March 23, 2026. The agency released the final SP 1308 guide on connecting CSF 2.0 with …Read brief - Brief
NIST Finalizes Revision 3 of Its DNS Deployment Guide
Summary: NIST published the final version of SP 800-81 Revision 3, “Secure Domain Name System (DNS) Deployment Guide,” on March 19, 2026. The guide covers DNS as a …Read brief