CISO Intelligence

CISO Intelligence

Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition

Source: Graham Cluley  ·  Category: Threat Actor & Campaign Teenager allegedly tied to Scattered Spider hacker group arrested in Finland; faces US extradition. Scattered Spider targets law firms, financial services, and tech companies for data theft and extortion. Arrest reflects law enforcement progress but signals the group remains active—firms should

CISO Intelligence

Risky Bulletin: DigiCert hacked with a malicious screensaver file

Source: Risky Business News  ·  Category: Supply Chain DigiCert compromised via malicious screensaver file. DigiCert provides digital certificates critical to law firm infrastructure; assess whether firm uses DigiCert services and review certificate integrity. → Read the full article

CISO Intelligence

Five Eyes spook shops warn rapid rollouts of agentic AI are too risky

Source: The Register (Security)  ·  Category: Government Advisory Five Eyes intelligence agencies (CISA, NCSC, Australia, New Zealand, Canada) issue joint guidance warning rapid agentic AI rollouts are too risky; recommend slow adoption prioritizing resilience. Law firm should delay or gate new agentic AI tool deployment pending risk assessment. → Read the full

CISO Intelligence

Your work apps are quietly handing 19 data points to someone

Source: Help Net Security  ·  Category: Security News — Legal Sector Common workplace apps (Gmail, Teams, Zoom, Slack, Notion) transmit 19+ data points to third parties. Law firms using these tools should conduct privacy impact assessments and ensure DLP rules prevent attorney-client privileged communications from exfiltrating via app telemetry. → Read the full

CISO Intelligence

Bluekit phishing kit enables automated phishing with 40+ templates and AI tools

Source: Security Affairs  ·  Category: AI Security Bluekit phishing kit combines AI, voice cloning, and 40+ templates for automated attacks. Law firms must update anti-phishing training and email controls; AI-enhanced phishing increases risk to attorney and staff credentials. → Read the full article

CISO Intelligence

Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly

Source: Hackread  ·  Category: Ransomware & Breach VECT 2.0 ransomware permanently destroys files rather than encrypting them, rendering ransom payment worthless. This variant poses acute data loss risk to law firms; emphasize immutable backups, air-gapped archives, and incident response planning over negotiation assumptions. → Read the full article

CISO Intelligence

U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog

Source: Security Affairs  ·  Category: Government Advisory CISA added cPanel authentication bypass (CVE-2026-41940, CVSS 9.3) to Known Exploited Vulnerabilities catalog. cPanel is widely deployed in web hosting infrastructure used by law firms and service providers. Verify whether the firm's email, client portals, or cloud infrastructure uses cPanel. If

CISO Intelligence

Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses

Source: Security Affairs  ·  Category: Nation-State Salt Typhoon (Chinese state-linked actor) breached Sistemi Informativi (IBM Italy subsidiary) in April 2026, compromising IT infrastructure for Italian public and private institutions. Law firms with European offices or clients handling sensitive government contracts face supply-chain exposure. Assess whether firm operations or client data transited

CISO Intelligence

New Deep#Door RAT uses stealth and persistence to target Windows

Source: Security Affairs  ·  Category: Threat Actor & Campaign Deep#Door RAT campaign hides Python backdoor in batch files, disables Windows defenses, uses multiple persistence methods. Malware targeting Windows endpoints; law firms must ensure endpoint detection/response covers Python-based RATs and batch file execution anomalies. → Read the full article

CISO Intelligence

Brace for the patch tsunami: AI is unearthing decades of buried code debt

Source: The Register (Security)  ·  Category: Government Advisory UK cyber agency warns AI-accelerated vulnerability discovery will flush out decades of buried code flaws, creating patch management surge. Prepare for supply chain patching avalanche; prioritize critical infrastructure and client-facing systems. → Read the full article

CISO Intelligence

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Source: The Hacker News  ·  Category: Threat Actor & Campaign Cordial Spider and Snarky Spider conduct rapid SaaS extortion via vishing and SSO abuse, leaving minimal traces. Law firms' heavy SaaS footprint (document platforms, email, collaboration tools) makes them targets; enforce MFA, SSO hardening, and vishing awareness immediately. → Read the

CISO Intelligence

First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed

Source: The Register (Security)  ·  Category: Ransomware & Breach CISA confirmed active exploitation of critical cPanel vulnerability; at least one victim reported ransomware demand. Millions of websites potentially exposed. If firm uses cPanel, patch immediately and audit for breach indicators. Client notification obligations depend on data exposure scope. → Read the full