CISO Intelligence
Source: BleepingComputer · Category: Threat Actor & Campaign Tycoon2FA phishing kit now supports device-code phishing and abuses Trustifi URLs to hijack Microsoft 365 accounts. Law firms depend on Microsoft 365; this is a direct threat to attorney and staff email accounts. Escalate to security team and user awareness program immediately. → Read
CISO Intelligence
Source: BleepingComputer · Category: Security News — Technology Windows 'MiniPlasma' privilege escalation zero-day (cldflt.sys) grants SYSTEM access on fully patched systems; PoC released. Law firm Windows endpoints are at risk; flag to IT for detection and remediation planning before widespread exploit development. → Read the full article
CISO Intelligence
Source: Security Affairs · Category: Government Advisory CISA added Microsoft Exchange Server CVE-2026-42897 (CVSS 8.1) to its Known Exploited Vulnerabilities catalog after threat actors began exploiting it. Law firms commonly run Exchange Server for email and calendaring; active exploitation creates immediate risk to firm communications and data. Patch immediately and
CISO Intelligence
Source: Wired Security · Category: Ransomware & Breach Instructure's Canvas platform suffered a second ransomware attack by ShinyHunters on May 7; debate ongoing regarding ransom payment. Law firms using Canvas for client/matter management should assess data exposure and client notification obligations under applicable state breach laws and professional
CISO Intelligence
Source: Hackread · Category: AI Security Critical "Claw Chain" vulnerabilities in OpenClaw AI servers expose thousands to data theft and admin-level compromise globally. If the firm uses or evaluates OpenClaw infrastructure, assess deployment scope immediately and apply vendor patches. → Read the full article
CISO Intelligence
Source: DataBreaches.net · Category: Threat Actor & Campaign UNC6671 (BlackFile) operates a sophisticated vishing and SSO-compromise extortion campaign bypassing MFA via adversary-in-the-middle techniques. Law firms are prime targets due to high-value client data; this threat bypasses standard security controls. Immediate escalation for security posture review recommended. → Read the full article
CISO Intelligence
Source: DataBreaches.net · Category: Ransomware & Breach Dalbir Singh & Associates (NY immigration law firm) exposed misconfigured Amazon S3 bucket containing sensitive client data; firm ignored responsible disclosure warnings and re-exposed data after remediation. Extortion attempts underway. Client notification obligations likely triggered under NY GBL §668 and NYDFS; regulatory reporting
CISO Intelligence
Source: The Register (Security) · Category: Supply Chain OpenAI employee devices infected with malware hidden in poisoned TanStack npm packages; limited internal credentials stolen. Supply chain attack affecting major AI vendor. Law firms integrating OpenAI APIs should monitor for suspicious activity and review API access logs. → Read the full article
CISO Intelligence
Source: US-CERT Current Activity · Category: Government Advisory CISA added CVE-2026-42897 (Microsoft Exchange) to its Known Exploited Vulnerabilities catalog, indicating active exploitation. Immediate patch assessment required for all Exchange systems firm-wide; professional services are routine targets. Recommend urgent inventory and remediation status check within 48 hours. → Read the full article
CISO Intelligence
Source: Snyk Security Blog · Category: Supply Chain Popular npm package node-ipc compromised via maintainer account takeover; malicious versions published May 14, 2026. Critical if firm uses node-ipc in internal development or client-facing applications; escalate to development/DevOps teams immediately for inventory and patching. → Read the full article
CISO Intelligence
Source: BleepingComputer · Category: Supply Chain Avada Builder WordPress plugin (1M+ active installations) has two critical vulnerabilities allowing arbitrary file reads and database credential theft. Assess whether the firm uses this plugin on client portals or internal WordPress sites; if compromised, client data and firm credentials are at risk. → Read the
CISO Intelligence
Source: The Record · Category: Government Advisory CISA mandates federal agencies patch critical Cisco SD-WAN authentication bypass by Sunday (CVE details pending). If firm uses Cisco SD-WAN or advises government contractors, patch immediately; verify customer notification obligations for contractor clients. → Read the full article