AI Intelligence
Source: The Information AI · Category: Enterprise AI Adoption Microsoft has generated over $30 billion in revenue from OpenAI's technology through Azure and licensing. This demonstrates the scale of enterprise AI monetization and validates the cloud-based AI model. Review your own AI revenue capture mechanisms and cloud strategy to
CISO Intelligence
Source: The Hacker News · Category: Supply Chain TeamPCP (Mini Shai-Hulud campaign) compromised npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI with obfuscated JavaScript. Law firms using these packages must immediately audit dependencies and regenerate secrets. → Read the full article
CISO Intelligence
Source: CyberScoop · Category: Supply Chain Mini Shai-Hulud malware compromised hundreds of open-source packages across major registries using forged release signatures. Law firms must immediately audit all open-source dependencies in firm systems and client code for presence of malicious versions; review software bill-of-materials (SBOM) processes. → Read the full article
CISO Intelligence
Source: The Register (Security) · Category: Supply Chain TanStack npm package supply chain compromised; 84 malicious versions injected in six minutes with credential theft and destructive payloads. Law firms using TanStack dependencies or npm packages broadly must audit build pipelines for infection and assess code review practices. → Read the full article
CISO Intelligence
Source: Help Net Security · Category: Government Advisory Two U.S. nationals sentenced to 18 months prison for operating laptop farms enabling North Korean IT workers to infiltrate ~70 American companies, generating $1.2M for Pyongyang. Law firms should audit remote worker access controls and vendor relationships to prevent similar infiltration.
CISO Intelligence
Source: SentinelOne Labs · Category: Threat Actor & Campaign Karakurt and DPRK facilitators sentenced; PCPJack worm steals cloud credentials; PAN-OS zero-day exploited. Law firms face credential theft risk from PCPJack targeting exposed cloud infrastructure. PAN-OS zero-day may affect firm firewall deployments. → Read the full article
CISO Intelligence
Source: BleepingComputer · Category: Security News — Technology New Linux zero-day (Dirty Frag) grants root privileges on major distributions via single command. Law firms using Linux servers or cloud infrastructure must coordinate with IT/ops for patch priority; assess exposure across 40+ offices. → Read the full article
CISO Intelligence
Source: BleepingComputer · Category: Government Advisory CISA ordered federal agencies to patch Ivanti EPMM zero-day RCE within 4 days. Law firms should assume similar urgency for their own Ivanti EPMM deployments. Immediate patch deployment required; coordinate across 40+ offices. → Read the full article
AI Intelligence
Source: Legal IT Insider · Category: AI Tools & Productivity LegalTechTalk launched its first Vibeathon, enabling non-technical attendees to develop legal tech ideas using natural language prompts and on-site tools without coding skills. This democratizes legal tech innovation and could accelerate idea-to-prototype cycles across the firm. Consider piloting similar no-code hackathons
CISO Intelligence
Source: Palo Alto Unit 42 · Category: Security News — Technology CVE-2026-0300: Critical (CVSS 9.3) buffer overflow in Palo Alto PAN-OS captive portal allows unauthenticated remote code execution on exposed firewalls. Law firms relying on PAN-OS firewalls for perimeter security face immediate patching obligations; confirm your infrastructure vendor immediately. → Read the
CISO Intelligence
Source: BleepingComputer · Category: Threat Actor & Campaign PCPJack worm steals credentials from exposed cloud infrastructure while removing TeamPCP infections. Law firms using cloud services (AWS, Azure, GCP) should audit credential exposure and cloud IAM configurations; lateral movement risk across practice areas. → Read the full article
CISO Intelligence
Source: BleepingComputer · Category: Threat Actor & Campaign TCLBanker trojan targets 59 banking/fintech platforms, self-spreads via WhatsApp and Outlook using trojanized Logitech installer. Law firms handling financial clients should alert them; assess whether firm uses Logitech tools and monitor supply chain for similar installer compromise. → Read the full article