CISO Intelligence
Source: Hackread · Category: Threat Actor & Campaign CalPhishing campaign exploits Outlook calendar invites and device code phishing to steal Microsoft 365 session tokens and bypass MFA. High relevance: law firm staff heavily dependent on M365; implement conditional access policies and disable device code auth where possible. → Read the full article
CISO Intelligence
Source: Hackread · Category: Threat Actor & Campaign XWorm RAT v7.4 distributed via PyInstaller to bypass Windows security and enable remote control. Threat targets attorney devices running compiled tools; enforce endpoint AV/EDR and restrict downloaded executables. → Read the full article
CISO Intelligence
Source: BleepingComputer · Category: Threat Actor & Campaign REMUS infostealer now prioritizes browser session and authentication token theft over passwords, marking a shift in credential targeting. This threatens law firm attorneys accessing practice management, document systems, and client portals from infected personal devices. → Read the full article
CISO Intelligence
Source: Malwarebytes Labs · Category: Supply Chain JDownloader's website was compromised; attackers replaced legitimate installer downloads with malware for several days. Law firms using JDownloader for file management face potential endpoint compromise. Immediate action: scan systems for JDownloader installations and verify file integrity. → Read the full article
CISO Intelligence
Source: CyberScoop · Category: Threat Actor & Campaign Persistent threat group actively exploiting Cisco zero-day in firewalls and SD-WAN systems. If the firm uses Cisco network perimeter or SD-WAN, escalate to infrastructure team for patch/workaround application; this is a likely privileged access vector. → Read the full article
CISO Intelligence
Source: NCSC UK Alerts · Category: AI Security UK NCSC advises caution before adopting agentic AI, warning organizations to establish foundational AI governance first. Law firms considering autonomous AI agents for document review, research, or client service should implement strict access controls, audit trails, and oversight mechanisms per NCSC guidance before
CISO Intelligence
Source: Help Net Security · Category: AI Security Deepfake detection tools are failing against newer generative models, with performance dropping sharply in real-world deployment. Law firms must assess exposure to AI-generated evidence, witness statements, and client communications in litigation and due diligence work. Verify authenticity protocols for digital evidence before relying
CISO Intelligence
Source: US-CERT Current Activity · Category: Government Advisory CISA added CVE-2026-20182 (Cisco Catalyst SD-WAN Controller authentication bypass) to its Known Exploited Vulnerabilities catalog, indicating active in-the-wild exploitation. If the firm uses Cisco SD-WAN for office connectivity, patch immediately. Verify with IT whether this vulnerability affects firm infrastructure. → Read the full article
CISO Intelligence
Source: Huntress Labs Blog · Category: Regulatory & Legal CMMC Final Rule requires DoD subcontractors to achieve Level 2 certification by November 2026. If the firm contracts with DoD or serves as a subcontractor, compliance is mandatory; assess current posture and timeline for remediation now. → Read the full article
CISO Intelligence
Source: Cisco Talos · Category: Ransomware & Breach CVE-2026-20182 (Cisco Catalyst SD-WAN authentication bypass) is actively exploited in the wild. If the firm uses Cisco SD-WAN infrastructure, immediate patching is critical to prevent unauthorized network access and potential lateral movement into client data systems. → Read the full article
CISO Intelligence
Source: The Record · Category: Supply Chain TanStack npm supply chain attack impacts macOS users and AI companies; OpenAI is patching. Law firm macOS users and any internal AI tool dependencies on TanStack require immediate update review and vulnerability scanning. → Read the full article
CISO Intelligence
Source: Help Net Security · Category: AI Security Cofense launched AI-powered phishing detection and response tools, recognizing that attackers now use AI to generate polymorphic phishing campaigns. Law firms face escalating phishing risk from AI-generated attacks. Upgrade email security to AI-driven detection and increase user training on polymorphic campaign tactics. → Read