DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Illumina, Inc., a publicly-traded biotechnology company, agreed to a $9.8 million settlement with the U.S. Department of Justice (DOJ) in response to alleged violations of the False Claims Act (FCA). DOJ alleged that Illumina...more
The UK Financial Conduct Authority (FCA) published a summary of discussions held throughout 2024 with industry members of the FCA's Cyber Coordination Group programme. The publication is not intended to introduce any...more
The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and international partners issued an updated advisory on July 29, 2025, highlighting the evolving tactics, techniques, and...more
Ransomware group Akira is believed to be behind a large number of attacks that appear to be tied to SonicWall firewalls with SSLVPN enabled. Over the past week, a large number of attacks by the ransomware group Akira have...more
Introduction - On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and that relate to on-premises Microsoft SharePoint instances that are exposed...more
Microsoft has confirmed that vulnerabilities in its on-premises SharePoint Server installations, a network spoofing vulnerability (CVE-202549706), and a remote code execution vulnerability (CVE-2025-49704) are being actively...more
On July 20, 2025, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) issued urgent warnings about new, actively exploited vulnerabilities in Microsoft SharePoint Server. These vulnerabilities, known as...more
Microsoft has just disclosed a serious vulnerability in SharePoint (CVE-2025-53770) that allows unauthenticated attackers to remotely execute code in a SharePoint server hosted on-prem – no user interaction required....more
The European Union Agency for Cybersecurity (ENISA) has launched the European Vulnerability Database (EUVD), a tool designed to enhance digital security across the EU. The EUVD is available here....more
On May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take...more
SAP Netweaver Visual Composer users are urged to patch a critical vulnerability that attackers are actively exploiting. According to ReliaQuest, which detected the vulnerability, the attacks allow full system compromise...more
As technology advances, so do the tactics of scammers. The Federal Trade Commission (FTC) recently released a data spotlight on the top text scams of 2024, revealing a significant increase in financial losses despite a...more
WhatsApp users should update the application for vulnerability CVE-2025-30401, which Meta recently patched when WhatsApp was released for Windows version 2.2450.6....more
On April 8, the Office of the Comptroller of the Currency (OCC) officially notified Congress of a significant information security incident involving its email system. This notification, mandated by the Federal Information...more
In November 2023, the New York Department of Financial Services (NYDFS) issued its second amendment to its "Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500). This was the...more
On March 28, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR) on RESURGE malware, which is associated with the product Ivanti Connect Secure....more
Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the justifications...more
The hospitality industry will need to focus on several key areas to ensure compliance and minimize risk in the year ahead, including data privacy and cybersecurity protections, employment and labor law compliance, and even...more
The “Bad Likert Judge” jailbreaking technique boasts a high attack success rate by using a three-step approach which employs the target LLM’s own understanding of harmful content to bypass the target LLM’s safety guardrails....more
Citing the “alarming growth” of cyberattacks in recent years, the U.S. Department of Health and Human Services (“HHS”) has issued a Notice of Proposed Rulemaking to modify the Health Insurance Portability and Accountability...more
Scammers prey on us when we are most vulnerable. Although some of us are early holiday shoppers, others wait until the last minute to complete their holiday shopping....more
According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang...more
As companies embrace digital transformation, they increasingly depend on proprietary technologies and data that requires robust cybersecurity measures to safeguard intellectual property (IP). Zifino and Foley & Lardner LLP...more
Recognizing the increasing number of successful cyberattacks targeting health care organizations and their valuable patient data, the Office of the Inspector General (OIG) is calling for enhancements to the HIPAA audit...more