CISO Intelligence

CISO Intelligence

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Source: The Hacker News  ·  Category: Nation-State DPRK threat actors injected malware into npm package '@validate-sdk/v2' used by Anthropic's Claude; campaign uses AI, fake firms, and RATs. If the firm uses Claude AI or any npm dependencies with '@validate-sdk/v2' in supply chain, conduct

CISO Intelligence

Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack

Source: The Register (Security)  ·  Category: Security News — Technology Microsoft's previous 0-day patch failed; Russian actors now exploit new zero-click Windows flaw exposing sensitive information. Law firms using Windows extensively should prioritize patching and monitor for compromise indicators affecting client data. → Read the full article

CISO Intelligence

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

Source: The Hacker News  ·  Category: Security News — Technology cPanel/WHM authentication vulnerability affects all supported versions; vendor released patch. If the firm hosts internal services on cPanel-managed servers, apply patches immediately to prevent unauthorized control panel access. → Read the full article

CISO Intelligence

Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

Source: The Hacker News  ·  Category: Security News — Technology Threat actors now use autonomous AI agents to map Active Directory and steal Domain Admin credentials in minutes. Law firms must assume AI-driven lateral movement; implement continuous exposure validation, MFA, and credential monitoring; traditional defense workflows cannot keep pace. → Read the full

CISO Intelligence

Claude Mythos Has Found 271 Zero-Days in Firefox

Source: Bruce Schneier  ·  Category: AI Security Claude Mythos found 271 zero-days in Firefox via early access collaboration; Firefox 150 patches all. If firm uses Firefox for internal operations or client communication, update immediately; Claude Mythos demonstrates AI can discover vulnerabilities at unprecedented scale and speed. → Read the full article

CISO Intelligence

GoDaddy customer claims registrar transferred 27-year-old domain without any security checks

Source: The Register (Security)  ·  Category: Security News — Technology GoDaddy transferred 27-year-old domain to another customer without authentication or verification. Law firms relying on GoDaddy for domain registration should enable domain lock, two-factor authentication, and audit domain access controls immediately. → Read the full article

CISO Intelligence

"A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages

Source: Snyk Security Blog  ·  Category: Supply Chain Four SAP-ecosystem npm packages compromised by 'Mini Shai-Hulud' stealer on April 29, 2026. Law firms using SAP development tools or dependencies must audit npm package dependencies immediately and rotate credentials; client data exposure possible if SAP systems process sensitive matter information.

CISO Intelligence

AR: Pine Bluff School District loses $3.2 million in business email compromise attack

Source: DataBreaches.net  ·  Category: Ransomware & Breach Pine Bluff School District lost $3.2M in business email compromise (BEC) attack. Critical reminder for firm clients: BEC remains high-risk. Review payment authorization controls and wire fraud prevention protocols across firm and client operations. → Read the full article

CISO Intelligence

All supported cPanel versions hit by critical auth bug, now patched

Source: Security Affairs  ·  Category: Security News — Technology cPanel patched critical authentication vulnerability affecting all supported versions. Law firms using cPanel-hosted services must patch immediately to prevent unauthorized server access and potential client data exposure. → Read the full article

CISO Intelligence

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

Source: Security Affairs  ·  Category: Government Advisory CISA added Windows Shell and ConnectWise ScreenConnect flaws to Known Exploited Vulnerabilities catalog, indicating active exploitation. Professional services must patch both immediately; ScreenConnect is common remote access tool in law firm environments. → Read the full article

CISO Intelligence

The Exchange Online security controls organizations keep getting wrong

Source: Help Net Security  ·  Category: Security News — Technology Microsoft MVP discusses overlooked Exchange Online security controls including legacy protocol restrictions, Conditional Access, and PIM. Directly relevant: law firms using Office 365 should audit SMTP AUTH enablement, audit logging, and identity governance configuration—flag for IT/CISO review against shared responsibility

CISO Intelligence

Cursor AI IDE vulnerability allows code execution via hidden Git hooks

Source: Hackread  ·  Category: Security News — Technology CVE-2026-26268: Cursor AI IDE contains high-severity flaw allowing code execution via malicious Git hooks cloned into development environments. Law firms with developers using Cursor should patch immediately; risk includes unauthorized access to repositories, client code, or attorney communications in version control. → Read the full