CISO Intelligence
Source: Security Affairs · Category: Government Advisory CISA added CVE-2026-0300 (Palo Alto PAN-OS, CVSS 9.3) to Known Exploited Vulnerabilities catalog — nation-state actors exploiting in the wild. Critical: Law firms using exposed PAN-OS firewalls must patch immediately. Confirm all firewall instances and security posture. → Read the full article
CISO Intelligence
Source: Security Affairs · Category: Nation-State State-sponsored actors exploited PAN-OS CVE-2026-0300 for ~4 weeks, gaining root access, deploying tunneling tools (EarthWorm, ReverseSocks5), and covering tracks. Law firms with exposed firewalls face data exfiltration and persistence risks. Immediate patching and forensics on affected systems required. → Read the full article
CISO Intelligence
Source: Security Affairs · Category: Government Advisory CISA added CVE-2026-6973 (Ivanti Endpoint Manager Mobile, CVSS 7.1) to Known Exploited Vulnerabilities catalog. If firm uses Ivanti EPMM for mobile device management, apply vendor patch immediately. Confirm inventory of Ivanti deployments across all offices. → Read the full article
CISO Intelligence
Source: BleepingComputer · Category: Government Advisory Ivanti EPMM zero-day RCE flaw actively exploited; CISA mandated 4-day patch for federal agencies. Law firms managing mobile endpoints should audit Ivanti EPMM deployment and prioritize patching immediately to prevent lateral movement into client systems. → Read the full article
CISO Intelligence
Source: BleepingComputer · Category: Ransomware & Breach ShinyHunters gang breached Instructure's Canvas again, exploiting vulnerability to deface login portals at hundreds of colleges/universities. Repeated compromise signals persistent threat. Assess whether firm uses Canvas or has university clients requiring breach notification under state laws (likely 30–60 day windows)
CISO Intelligence
Source: BleepingComputer · Category: Nation-State Two Americans sentenced for operating laptop farms facilitating North Korean IT workers' fraudulent remote employment at ~70 U.S. companies. Law firms may be targeted; assess whether any remote contractors lack identity verification. Risk: data access, IP theft, espionage. → Read the full article
CISO Intelligence
Source: Cyble Blog · Category: Threat Actor & Campaign Operation HumanitarianBait uses phishing with malicious LNK files disguised in RAR archives to deliver infostealers targeting corporate systems. Law firms are routine targets for this vector. Brief staff on email threats; deploy email filtering and endpoint detection for LNK/RAR payloads; enforce
CISO Intelligence
Source: The Hacker News · Category: Supply Chain Three PyPI packages deliver ZiChatBot malware while masking malicious functionality. Law firms using Python dependencies for internal tools, document processing, or AI integrations should audit PyPI package sources; likely supply chain contamination vector. → Read the full article
CISO Intelligence
Source: The Hacker News · Category: Supply Chain Dozen critical vulnerabilities in vm2 Node.js library enable sandbox escape and arbitrary code execution. If the firm uses vm2 to execute untrusted code (e.g., in legal automation tools or document processing), immediate patching or replacement required to prevent RCE. → Read the
CISO Intelligence
Source: Graham Cluley · Category: Security News — Technology Meta smart glasses recorded all user data and sent it to workers in Nairobi without consent; Meta subsequently fired 1,108 contractors. If the firm evaluates or deploys Meta hardware for workplace use, assess privacy and confidentiality risks—particularly for client-sensitive environments. Exclude
CISO Intelligence
Source: Hackread · Category: Ransomware & Breach ShinyHunters breached Instructure Canvas LMS and Vimeo, exposing millions of student and user records. Law firms advising edtech or media clients must assess notification timelines (FERPA, state privacy laws) and potential regulatory exposure. Prepare client advisory on incident response obligations. → Read the full article
CISO Intelligence
Source: Cyble Blog · Category: Threat Actor & Campaign Attackers weaponize trust in third-party services and browsers to bypass enterprise defenses without traditional breach signatures. Law firms are attractive targets for this technique—attackers exploit trusted integrations (email, cloud) to gain undetected persistence. Audit third-party access policies and browser security controls