CISO Intelligence
Source: Huntress Labs Blog · Category: Threat Actor & Campaign Threat actors actively disable antivirus and EDR using vulnerable drivers, tampering, and firewall rule manipulation. Law firms must harden EDR configurations, patch driver vulnerabilities, audit firewall rules, and validate EDR integrity regularly. → Read the full article
CISO Intelligence
Source: SANS Internet Storm Center · Category: Supply Chain TeamPCP supply chain campaign confirmed Checkmarx Jenkins plugin compromise and Mini Shai-Hulud worm on npm/PyPI. Law firms using Jenkins, npm, or PyPI must verify plugin versions, scan build pipelines, and rotate credentials immediately. → Read the full article
CISO Intelligence
Source: Snyk Security Blog · Category: Supply Chain Mini Shai-Hulud worm compromised npm maintainer account, releasing 300+ malicious package versions across 323 AntV packages. Law firms using JavaScript/Node.js dependencies must audit supply chain, patch immediately, and scan development environments for contamination. → Read the full article
CISO Intelligence
Source: Krebs on Security · Category: Government Advisory CISA contractor left privileged AWS GovCloud credentials and internal system documentation publicly accessible on GitHub until last weekend. This represents critical exposure of federal infrastructure code and authentication—law firms handling government contracts or classified work should audit their own credential management and
CISO Intelligence
Source: Security Affairs · Category: Security News — Technology Chaotic Eclipse discloses MiniPlasma privilege escalation zero-day affecting fully patched Windows 11; likely a missed or incomplete fix to CVE-2020-17103. Escalate to IT security team; if firm standardizes on Windows 11, verify cldflt.sys patching status and whether vulnerability requires Windows servicing update
CISO Intelligence
Source: Help Net Security · Category: AI Security Synack report: AI-driven vulnerability exploitation window shrunk to hours; agentic AI introduces new blind spots in scanning. Critical shift in threat landscape; firm's vulnerability management and patching SLAs must account for faster exploitation cycles. → Read the full article
CISO Intelligence
Source: The Hacker News · Category: Security News — Technology Windows zero-day 'MiniPlasma' (CVE impacts cldflt.sys) enables privilege escalation to SYSTEM on fully patched systems; PoC released. Law firms run Windows extensively; this is a potential risk to endpoints. Flag to IT for patch monitoring and defensive posture review.
CISO Intelligence
Source: The Hacker News · Category: Security News — Technology Ivanti, Fortinet, SAP, VMware, and n8n released patches for RCE, SQL injection, and privilege escalation flaws (top: Ivanti CVE-2026-8043, CVSS 9.6). Law firms may use SAP, Fortinet, or VMware infrastructure; confirm deployment and apply patches per vendor schedules. → Read the full
CISO Intelligence
Source: Help Net Security · Category: AI Security Microsoft and Tokyo Institute research reveals MetaBackdoor attack: LLMs can harbor stealthy backdoors undetectable by input-focused defenses. Critical for any firm deploying LLMs or relying on AI systems for sensitive workflows; current security stacks cannot detect this threat — escalate to CISO and AI
CISO Intelligence
Source: Help Net Security · Category: Ransomware & Breach Threat actor accessed and downloaded Grafana Labs' GitHub codebase. Significant: Grafana widely used in enterprise DevOps and observability. If firm uses Grafana (open-source or Cloud), assess whether code was targeted for vulnerabilities; review access logs for suspicious activity. Client notification not
CISO Intelligence
Source: The Hacker News · Category: Supply Chain Supply chain attackers targeting developer environments and CI/CD pipelines to steal secrets (API keys, cloud credentials, SSH, tokens) across npm, PyPI, and Docker Hub. Law firms with custom development are exposed; implement secret scanning and CI/CD hardening immediately. → Read the full
CISO Intelligence
Source: Hackread · Category: Ransomware & Breach The Gentlemen ransomware gang suffered internal breach exposing victim data, affiliate activity, and operations (May 2026). If the firm or clients were victims of Gentlemen, their negotiation history and ransom communications may be exposed; assess breach notification obligations. → Read the full article